Avoiding a cyber Pearl Harbor

The House subcommittee in charge of cybersecurity has unanimously approved a bill that would create a more powerful cybersecurity chief at the Homeland Security Department.

A panel of information technology and homeland security executives met with the House Homeland Security Committee’s Economic Security, Infrastructure Protection and Cybersecurity Subcommittee April 20 before a vote on the bill. The executives said the bill would address concerns that the federal government is not doing enough to protect the Internet and the nation’s critical IT infrastructure.

The Homeland Security Cybersecurity Department Enhancement Act of 2005 has bipartisan political support and industry backing. Its timing coincides with talk among current and former DHS officials about giving more authority to the department’s chief information officer. Many feel that DHS' cybersecurity chief also lacks sufficient power and budget authority to carry out DHS' mission.

"The current organizational structure at DHS allows cybersecurity priorities to be marginalized against other physical security activities considered to have higher priority," said Harris Miller, president of the IT Association of America.

Speaking in support of the bill, Ken Silva, chairman of the Internet Security Alliance, criticized DHS for a dangerous lack of progress in protecting the nation's data networks. "A cyber Pearl Harbor is not just a catch phrase, but very much a potential reality," he said.

The bill would create a National Cybersecurity Office in DHS' Information Analysis and Infrastructure Protection Directorate. The department now has a National Cybersecurity Division with limited autonomy and authority.

The bill would replace the division’s director with a new assistant secretary for cybersecurity. That person would lead the new office and coordinate protection of critical IT infrastructures in the public and private sectors.

Change is necessary because a director-level position lacks sufficient stature or program authority to be successful, said Paul Kurtz, executive director of the Cybersecurity Industry Alliance, a policy advocacy group. "A leader in securing the critical infrastructure must have the authority and resources to accomplish this important and complex mission," he said.

The assistant secretary would create and manage programs to respond to and minimize cybersecurity threats. That official would direct and coordinate cybersecurity efforts within DHS and among other federal agencies. The assistant secretary would also be responsible for creating a cybersecurity warning system.

"This bill does not solve the problem," said Rep. Zoe Lofgren (D-Calif.), one of the co-sponsors of the bill, in a statement. "It sets the stage to solve the problem."

The bill represents a second attempt by Lofgren and Rep. Mac Thornberry (R-Texas) to strengthen the cybersecurity chief's position within DHS. Last October, the two introduced similar legislation, which did not make it into the fiscal 2005 appropriations bill.

This year's cybersecurity bill is included in DHS' fiscal 2006 budget bill, which committee members are still drafting, staff members said.