What's Next for Cybersecurity After White House Order?
Senators renew work on cybersecurity legislation in wake of Obama's executive order. Department of Homeland Secretary reiterates administration's position that a comprehensive bill is needed to expand White House directive.
Fri, March 08, 2013
CIO — As lawmakers resume efforts to overhaul federal defenses against attacks against critical digital infrastructure, several senators at a joint committee hearing on Thursday expressed grave concerns about the severity and magnitude of the threats.
Over the past several years, members of Congress have made significant progress in identifying the challenges of the cyber threat and coordinating with industry to develop a response, according to John Rockefeller (D-W.V.), the chairman of the Senate commerce committee.
Homeland Security Secretary
At the same time, Rockefeller did not mask his frustration that the comprehensive cybersecurity bills that he and others have drafted have stalled, prompting the White House to issue an executive order in February calling for, among other things, an improved system for sharing information about threats and attacks.
[Related: Obama Signs Cybersecurity Order]
"We've also wasted an awful lot of time by turning an urgent national security issue into a partisan political fight," Rockefeller says. "The Obama administration got tired of waiting for us. I can't blame them."
While House Wants Comprehensive Cybersecurity BillPresident Obama issued the executive order as an admittedly modest first step, and the administration continues to support a comprehensive cybersecurity reform bill.
At Thursday's hearing, Homeland Security Secretary Janet Napolitano offered a blunt assessment of the threats facing government agencies and the operators of critical infrastructure in the private sector.
"This is critical, time-sensitive work, because we confront a dangerous combination of known and unknown cyber vulnerabilities, and adversaries with strong and rapidly expanding capabilities," Napolitano says. "Threats range from denial-of-service attacks to theft of valuable intellectual property to intrusions against government networks and systems that control our nation's critical infrastructure. These attacks come from every part of the globe. They come every minute of every day. They are continually increasing in seriousness and sophistication."
Obama's executive order directed DHS to develop a voluntary, incentive-based program for private-sector firms to partner with the agency in a bid to improve their cybersecurity posture.
That directive also tasked the Commerce Department's National Institute of Standards and Technology with developing a so-called "cybersecurity framework" to reduce vulnerabilities to critical infrastructure through a year-long, standards-driven process that Patrick Gallagher, the agency's director, said is already underway, with a series of public workshops planned.