TOPICS
TOPICS
Senator details plan for cybersecurity director
Senate Homeland Security and Governmental Affairs ranking member Susan Collins, R-Maine, on Monday called for creating a Senate-confirmed director of federal cybersecurity who would be based at the Homeland Security Department rather than the White House.
Collins, who is drafting cybersecurity legislation, is opposed to creating a White House "czar" to manage cybersecurity efforts, putting her at odds with Senate Homeland Security and Governmental Affairs Chairman Joseph Lieberman, I-Conn.
"Some have suggested that this effort can best be led from the White House. I've reached a different conclusion," Collins said told an audience at an event hosted by the George Washington University's Homeland Security Policy Institute.
"In short, effectively managing government cybersecurity is going to require more than a few staff crammed into a cubicle in the depths of the White House," she said.
The director would lead a cybersecurity center within the Homeland Security Department, reporting both to the department's secretary on daily operations and to the president as the nation's principal cybersecurity adviser, Collins said.
"Some will argue that a single federal department or agency is not muscular enough to direct other federal departments and agencies to actively secure their information technology infrastructure," she said. "But Congress has dealt with complex challenges involving the need for interagency coordination in the past."
Collins likened her proposal to the creation of the National Counterterrorism Center, which Congress authorized in legislation enacted in 2004. By law, the center's director reports to both the president and the director of national intelligence.
"These dual roles provide access to the president on strategic, interagency matters, yet provide NCTC with the structural support and the resources of the office of the DNI to complete the day-to-day work of the center," Collins said. "I'm convinced that a similar construct could improve the security of our civilian information systems and our critical cyber infrastructure."
Congress also should consider giving the cybersecurity director authority to review the information technology budgets of federal civilian agencies, Collins added. "I'm not saying the director should micromanage, but what we've seen too often is that security is an afterthought for too many of our civilian agencies," she said.
COMMENTS
- I agree (somewhat) with Lee and Bruce on placing cybersecurity in DHS. They are in NO position to dictate cyber policy for the entire government. Perhaps an Agency-off-shoot corporation from Commerce. NIST is should be in close proximity since it is the federal networks (military & civilian) that must follow established (and future) standards. Lee...Obama is NOT going to fix all the "situations" you expect him to fix. He can start the foundation but this should NOT be a partisan issue. Remember, ALL government systems support ALL party members and the public regardless of affiliation. DoTheRightThing Posted November 4, 2009 9:01 AM
- Cybersecurity needs to have its own department located away from any other federal agency or department. It also needs to have the authority to enforce the law or in regards to federal employees who fail to follow their own regulations to punish them accordingly. Currently, it does not matter who or where you put this Department, if you dont provide the department with the legal authority to fire, demote, lessen a paycheck or to revoke a security clearance; then you have failed to provide the department to enforce the federal laws, directives of the president or even departmental policy. Robert Edwards Posted November 4, 2009 6:56 AM
- I'm not sure where this position should reside but at this point don't think DHS is the ideal place. It's IT security posture is not a shinging star. It would be difficult to give them credibility for managing the rest of governments IT security when they don't seem to be able to manage their own. However the arguement that their focus is just on infrastructure not IT misses the key point that the internet and IT have become its own infrastructure that many public and privite entities rely on. Regardles of who or where, there are in my opinion three things that have to occur for suce a position/office to be successful. 1) Some authority to influence the budgets of at least all civilian departments and agencies. Nothing happens in Federal Government unless you can either influence or control the purse strings. 2) Authority to shut down insucure systems and willingness to do so before not after a compromise. 3) Better measurements of what a secure system is. NIST has done a great job but FISMA annual snapshots do not make a secure system. Current trend to continuous monitoring is encouraging but there needs to be better awareness, commitment, and accountability at mid and upper level managment. The C&A process has become a paper drill and while I'm sure it helps believe too much emphasis is placed on it after systems are up and running and too little on day to day risk management. Bruce Posted November 3, 2009 9:58 AM
PROMO RIGHT: GBC
Advancing the business of government through analysis, insight and the sharing of best practices.
SPONSORED RESEARCH
The State of Green Government: Response to a Mandate Juniper and HP
Achieving a Greener Federal Government IBM
Federal Cybersecurity: Securing the Nation's Information IBM
American Recovery and Reinvestment Act: New Requirements for Tracking and Reporting Federal Workforce Data Kronos
Managing the Stimulus: A Candid Survey of Federal Program Managers Accenture and Microsoft
Improving Collaboration and Productivity in 21st Century Government: The Role of Communication for Government Executives Cisco
