The Obama administration's cybersecurity legislative proposal gives the Department of Homeland Security more power than ever to protect federal networks against cyberthreats and breaks down the department's communication barriers with the Department of Defense to do so, officials told a Senate panel this week.
White House officials testified Monday before the Senate Committee on Homeland Security and Governmental Affairs about the comprehensive plan laid out by the administration nearly two weeks ago to create legislation to protect U.S. critical infrastructure and networks. A video of the hearing is available online.
One key aspect of the plan is to put the DHS's mission to protect U.S. federal civilian networks on par with the DOD's mission to protect U.S. military networks, giving the DHS more autonomy to act against cyberthreats on behalf of the government than before.
While the DHS has certainly been at the forefront of federal cybersecurity initiatives, working with the private sector and other agencies such as the DOD and the National Security Agency to share information and make policy, the administration's plan would solidify this role through legislation, officials said.
"[The proposal] strengthens DHS's role to deploy more rapidly intrusion protection, intrusion prevention, and other mechanisms for the federal government," said Philip R. Reitinger, deputy undersecretary for the DHS National Protection and Programs Directorate, in what was likely his last appearance before the committee. Reitinger resigned his post last week and will leave the department June 3.
"It gives the DHS--recognizing our similar role to DOD with regard to federal civilian networks--similar authority with regard to personnel so we can bring them on board rapidly," he said. After Reitinger's departure, Greg Schaffer, assistant secretary of the DHS Office of Cybersecurity and Communications, will become acting deputy undersecretary.
The plan also gives DHS "much clearer authority and responsibility to work in a voluntary way" with the private sector, something it already has been doing, he added.
Robert Butler, deputy assistant secretary of defense for cyber policy, also testified about the new relationship the plan would create between his department and DHS, and acknowledged the new cybersecurity authority of the DHS that the plan would bring.
The proposal "breaks down barriers to information sharing" that exist between the DHS and DOD "so that stakeholders can really communicate effectively," he said, adding that it also "really strengthens the ability of the DHS to lead the executive branch" in cybersecurity activity.
The administration's cybersecurity plan is a broad legislative proposal to overhaul the nation's cybersecurity laws with new provisions to solidify privacy protection, data breach reporting, critical infrastructure protection, and the security of federal government systems.
It's an attempt by the Obama administration to get comprehensive cybersecurity legislation through Congress, an effort that--although there are numerous bills before both chambers--has so far been unsuccessful.
White House officials, including two more from the DHS, are scheduled to continue testimony about the cybersecurity proposal before the same committee Wednesday.
Join InformationWeek Government for a virtual event on cybersecurity best practices and government IT. It happens May 25. Download it here. (Free with registration.)
Time to Reconsider Enterprise Email StrategyCost, time, and risk. It's the demand trifecta vying for the attention of both technology professionals and attorneys charged with balancing the expectations of their clients and business units with the hard reality of the current financial and regulatory climate. Sometimes, organizations assume high levels of risk as a result of their inability to meet the costs involved in data protection. In other instances, it's time that's of the essence, as with a data breach.
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.