The call for a new adviser comes at a time when controversy has arisen over the current cybersecurity structure in government.
Two senators on Wednesday introduced sweeping cybersecurity legislation that would significantly overhaul the nation's information security efforts, including the creation of a national cybersecurity adviser who would report directly to the president.
The legislation, wrapped up in two separate bills and introduced by Senate Commerce Committee Chairman John D. Rockefeller IV, D-W.Va., and Sen. Olympia Snowe, R-Maine, would revise cybersecurity processes and oversight in government, facilitate public-private partnerships on keeping computer systems safe, and fund cybersecurity research.
"Congress must bring new high-level governmental attention to develop a fully integrated, thoroughly coordinated, public-private partnership to our cybersecurity efforts," Rockefeller said in a statement.
The bills come at a time when the government is in the middle of a national cybersecurity review being undertaken at the behest of the Obama administration. The report is slated to be out sometime next month. That review follows a 96-page report written last year by the Center for Strategic and International Studies, on which the Rockefeller-Snowe bill is loosely based.
The national cybersecurity adviser would be the top official on every issue related to cybersecurity and would coordinate efforts with the intelligence community and other agencies. The official would have sweeping powers reaching across the federal IT infrastructure, including the power to completely disconnect federal networks that control the nation's critical infrastructure if they're found to have vulnerabilities.
The possible introduction of a new cybersecurity official comes at a time when controversy has arisen over the current cybersecurity structure in government. Rod Beckstrom, former Department of Homeland Security National Cybersecurity Center director and supposed top government cybersecurity official, resigned last month, saying in a letter that the National Security Agency had taken away most of his power during the Bush administration.
The legislation would require the national cybersecurity adviser to conduct a comprehensive cybersecurity review every four years to assess cybersecurity strategy and progress, as well as some sort of overall information security "threat and vulnerability assessment."
The bill would push more collaboration between the private sector and government on cybersecurity than ever before. It would create a "public-private clearinghouse" to share vulnerabilities, a panel of independent cybersecurity experts to advise the president, "measurable and auditable" standards for both the public and private sectors, a licensing requirement for people who want to work in cybersecurity, and a program to help small and medium-sized businesses grapple with cybersecurity requirements.
The bill also intends to spur cybersecurity innovation. It would increase research and development at the National Science Foundation, expand a current program that gives scholarships for students who promise to work in government cybersecurity after studying computer science and information security in college, and create "cybersecurity competitions."
InformationWeek will highlight innovative government IT organizations in an upcoming issue. Nominate your agency by submitting an essay on your most innovative IT initiative completed in the last year. Find out more, and nominate your organization by May 1.
Security Job #1 For FedsThe 2014 InformationWeek Government IT Priorities Survey shows federal IT pros care about security - itís rated as very important by 69% of respondents, 30 percentage points ahead of the No. 2 priority, disaster recovery. Will the upcoming NIST cyber-security framework help manage risk?