The call for a new adviser comes at a time when controversy has arisen over the current cybersecurity structure in government.
Two senators on Wednesday introduced sweeping cybersecurity legislation that would significantly overhaul the nation's information security efforts, including the creation of a national cybersecurity adviser who would report directly to the president.
The legislation, wrapped up in two separate bills and introduced by Senate Commerce Committee Chairman John D. Rockefeller IV, D-W.Va., and Sen. Olympia Snowe, R-Maine, would revise cybersecurity processes and oversight in government, facilitate public-private partnerships on keeping computer systems safe, and fund cybersecurity research.
"Congress must bring new high-level governmental attention to develop a fully integrated, thoroughly coordinated, public-private partnership to our cybersecurity efforts," Rockefeller said in a statement.
The bills come at a time when the government is in the middle of a national cybersecurity review being undertaken at the behest of the Obama administration. The report is slated to be out sometime next month. That review follows a 96-page report written last year by the Center for Strategic and International Studies, on which the Rockefeller-Snowe bill is loosely based.
The national cybersecurity adviser would be the top official on every issue related to cybersecurity and would coordinate efforts with the intelligence community and other agencies. The official would have sweeping powers reaching across the federal IT infrastructure, including the power to completely disconnect federal networks that control the nation's critical infrastructure if they're found to have vulnerabilities.
The possible introduction of a new cybersecurity official comes at a time when controversy has arisen over the current cybersecurity structure in government. Rod Beckstrom, former Department of Homeland Security National Cybersecurity Center director and supposed top government cybersecurity official, resigned last month, saying in a letter that the National Security Agency had taken away most of his power during the Bush administration.
The legislation would require the national cybersecurity adviser to conduct a comprehensive cybersecurity review every four years to assess cybersecurity strategy and progress, as well as some sort of overall information security "threat and vulnerability assessment."
The bill would push more collaboration between the private sector and government on cybersecurity than ever before. It would create a "public-private clearinghouse" to share vulnerabilities, a panel of independent cybersecurity experts to advise the president, "measurable and auditable" standards for both the public and private sectors, a licensing requirement for people who want to work in cybersecurity, and a program to help small and medium-sized businesses grapple with cybersecurity requirements.
The bill also intends to spur cybersecurity innovation. It would increase research and development at the National Science Foundation, expand a current program that gives scholarships for students who promise to work in government cybersecurity after studying computer science and information security in college, and create "cybersecurity competitions."
InformationWeek will highlight innovative government IT organizations in an upcoming issue. Nominate your agency by submitting an essay on your most innovative IT initiative completed in the last year. Find out more, and nominate your organization by May 1.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.