Still no cybersecurity czar

Absent from a sweeping intelligence reform bill overwhelmingly approved by Congress last week was the creation of an assistant secretary for cybersecurity position within the Homeland Security Department.

Despite support from lawmakers, industry officials and others, members of the House and Senate stripped language from the bill at DHS officials' insistence, said Harris Miller, president of the Information Technology Association of America.

DHS officials, who are opposed to the creation of such a position, do not give cybersecurity the visibility and clout it deserves, Miller said. The lack of protection against cyberattacks could lead to disastrous consequences at critical infrastructures, such as water and power plants, which rely on automated computer systems.

"Everybody's sounding the chorus, and there just seems to be a bit of a tin ear there over at DHS," he said.

But Jim Lewis, senior fellow and director of technology policy at the Center for Strategic and International Studies, attributed opposition to the cybersecurity position to bureaucratic infighting. He said the proposed position would have invaded someone else's turf within the department. "But for me, it's not the most important thing," he said. "Actually having a plan is the most important thing."

He said federal officials have not developed and implemented a cybersecurity strategy to strengthen the country's infrastructure and networks. Although an assistant secretary position may sound beneficial, it doesn't address the underlying problem, he added.

Lewis said legislation creating an assistant secretary position likely will be introduced in the 109th Congress. "It has become a Holy Grail for the industry," he said.

DHS officials did not respond to requests for comment.

The landmark bill adopts most of the 9-11 Commission's 41 recommendations to restructure the nation's intelligence community and improve information sharing within the federal government and among state and local governments.

The bill would create a national intelligence director to oversee 15 intelligence agencies, most of which are located at the Defense Department, and a $40 billion budget. It also would create a counterterrorism center built on the Terrorism Threat Integration Center, where analysts from different agencies could tap into two-dozen networks.

The bill also contains numerous

technology-related provisions designed to improve security at borders, ports and transportation facilities.

Among the provisions, an amendment to the Clinger-Cohen Act was adopted that would require agency officials to consider information security during the initial stages of a system's planning and procurement.

"The Clinger-Cohen Act amendment would explicitly require federal agencies to emphasize information security from the earliest possible stages of the IT capital planning and investment decision-making process for new systems," wrote Rep. Adam Putnam (R-Fla.), who proposed the amendment, in a statement.

Miller said cybersecurity should be "baked in, not bolted on," and it should never be an afterthought in anyone's IT system.

***

Technology-driven intelligence

These are the major technology-related provisions of the Intelligence Reform and Terrorism Prevention Act of 2004.

Establishes a director of national intelligence to oversee 15 intelligence agencies and a $40 billion budget.

Forms the National Counterterrorism Center, built on the Terrorist Threat Integration Center.

Creates the Information Sharing Environment program for exchanging counterterrorism data across all governmental levels.

Establishes a Privacy and Civil Liberties Oversight Board to advise and oversee information-sharing guidelines.

Designates a single entity to manage the security clearance process and creates a national database to track clearances.

Mandates enhancements to explosives-detection equipment, baggage screening, biometric technology and countermeasures to shoulder-fired missiles.

Requires testing of advanced sensor and surveillance technologies along the Canadian border and plans for use of unmanned aerial

vehicles along the Mexican border.

Requires technology and training improvements to help border, consular and immigration officers detect and combat terrorists trying to enter the country.

Calls for accelerated deployment of a biometric entry and exit system.

Establishes minimum federal standards for birth certificates, driver's licenses, identification cards and Social Security cards.

Calls for a new system to notify the public in the event of a terrorist attack, similar to the Amber Alert network.

Amends the Clinger-Cohen Act to require federal agencies to stress information security in the beginning of a new system's information technology capital planning process.

Requires FBI officials to maintain and update their IT infrastructure so that it complies with an up-to-date enterprise architecture.

— Dibya Sarkar