Panel seeks cybersecurity records, cites privacy concerns

The Senate Intelligence Committee has ordered the Obama administration to turn over legal justifications and other critical documents governing cybersecurity operations or risk losing funding for those efforts, according to members of the panel.

"During the next three years, the executive branch will begin new and unprecedented cybersecurity programs with new technology and new legal and privacy challenges," the committee said in a report that accompanies the FY10 intelligence authorization bill.

The panel made the report public Wednesday in advance of Senate floor action on the bill, which has not been scheduled.

According to the report, the administration must provide Congress with five types of documents for cybersecurity programs, including their legal justification, any concept of operations, any privacy-impact assessments and any plans for independent audits.

"The notification requirements ... are designed to ensure that Congress is aware of significant legal, privacy and operational issues with respect to each new cybersecurity program," the panel wrote.

Sen. Russell Feingold, D-Wis., who serves on the committee, wrote in a separate section of the report that funding for key elements of the Comprehensive National Cybersecurity Initiative would be limited until documents were submitted related to the privacy of Americans and the legal basis for the initiative, including any analysis done by the Justice Department's Office of Legal Counsel.

The 263-page bill and accompanying 80-page report include other far-reaching provisions, such as requiring declassification of the overall annual budget for the National Intelligence Program and authority for the director of national intelligence to create an inspector general for the "intelligence community."

Notably, the report says a subcommittee should be created within the Senate Appropriations Committee that would be responsible for appropriating intelligence funding. Such appropriations are made by the Defense Appropriations Subcommittee, which has been criticized for not paying enough attention to intelligence matters.

Addressing cybersecurity, the committee called for the national intelligence director and Homeland Security Department to submit by Jan. 1 a comprehensive cybersecurity assessment detailing threats and vulnerabilities. "The country's electric power grid, communications systems, and financial infrastructure are all critical to our way of life yet [are] unacceptably vulnerable to cyber attack," the panel wrote.

The administration also should create "a survivable government communications network to sustain critical national security functions under and following [a] major cyber attack," the committee said.

Additionally, the administration should give the intelligence director primary authority to manage all aspects of cybersecurity within the intelligence community, the panel said.

In other matters, the committee ordered the release of four documents describing information the CIA obtained by using harsh interrogation methods on detainees.

The bill approved by the panel would establish a commission to provide recommendations on improving foreign intelligence and information collection and analysis.