The Obama administration's cybersecurity legislative proposal gives the Department of Homeland Security more power than ever to protect federal networks against cyberthreats and breaks down the department's communication barriers with the Department of Defense to do so, officials told a Senate panel this week.
White House officials testified Monday before the Senate Committee on Homeland Security and Governmental Affairs about the comprehensive plan laid out by the administration nearly two weeks ago to create legislation to protect U.S. critical infrastructure and networks. A video of the hearing is available online.
One key aspect of the plan is to put the DHS's mission to protect U.S. federal civilian networks on par with the DOD's mission to protect U.S. military networks, giving the DHS more autonomy to act against cyberthreats on behalf of the government than before.
While the DHS has certainly been at the forefront of federal cybersecurity initiatives, working with the private sector and other agencies such as the DOD and the National Security Agency to share information and make policy, the administration's plan would solidify this role through legislation, officials said.
"[The proposal] strengthens DHS's role to deploy more rapidly intrusion protection, intrusion prevention, and other mechanisms for the federal government," said Philip R. Reitinger, deputy undersecretary for the DHS National Protection and Programs Directorate, in what was likely his last appearance before the committee. Reitinger resigned his post last week and will leave the department June 3.
"It gives the DHS--recognizing our similar role to DOD with regard to federal civilian networks--similar authority with regard to personnel so we can bring them on board rapidly," he said. After Reitinger's departure, Greg Schaffer, assistant secretary of the DHS Office of Cybersecurity and Communications, will become acting deputy undersecretary.
The plan also gives DHS "much clearer authority and responsibility to work in a voluntary way" with the private sector, something it already has been doing, he added.
Robert Butler, deputy assistant secretary of defense for cyber policy, also testified about the new relationship the plan would create between his department and DHS, and acknowledged the new cybersecurity authority of the DHS that the plan would bring.
The proposal "breaks down barriers to information sharing" that exist between the DHS and DOD "so that stakeholders can really communicate effectively," he said, adding that it also "really strengthens the ability of the DHS to lead the executive branch" in cybersecurity activity.
The administration's cybersecurity plan is a broad legislative proposal to overhaul the nation's cybersecurity laws with new provisions to solidify privacy protection, data breach reporting, critical infrastructure protection, and the security of federal government systems.
It's an attempt by the Obama administration to get comprehensive cybersecurity legislation through Congress, an effort that--although there are numerous bills before both chambers--has so far been unsuccessful.
White House officials, including two more from the DHS, are scheduled to continue testimony about the cybersecurity proposal before the same committee Wednesday.
Join InformationWeek Government for a virtual event on cybersecurity best practices and government IT. It happens May 25. Download it here. (Free with registration.)
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.