Legislation to elevate cybersecurity post may die in Senate

Legislation that would promote cybersecurity efforts within the Homeland Security Department could wither on the vine again this year, despite agreement among lawmakers, the private sector and government officials that the department must do more to prevent cyber attacks.

The House in May overwhelmingly approved a measure, H.R. 1817, to tweak programs at the department. It includes a provision to elevate the cybersecurity mission by promoting the director of the department's cybersecurity division to the assistant secretary level.

"The cybersecurity mission is too important too handle at this relatively low level," read a summary of the legislation authored by the House Homeland Security Committee.

While similar legislation has been introduced in the Senate, it is unlikely the chamber would vote on a bill this year. It has been bogged down with fights over President Bush's nominees and legislative work is expected to slow further as senators will debate Bush's nomination to the Supreme Court.

Industry representatives have applauded the House language, which was introduced last year as a stand-alone bill. However, that measure was never sent to the House floor for a vote.

Industry groups repeatedly have urged the government to do more to protect against debilitating cyber attacks on critical infrastructure -- a majority of which is owned by the private sector.

"This can come up and bite us in a number of ways," said Paul Kurtz, executive director of the Cyber Security Industry Alliance. "I hope Secretary [Homeland Security Secretary Michael] Chertoff and the administration will see fit to give [the position] more attention. A deputy secretary will not do."

Tech industry executives said Homeland Security is nearly wholly focused on physical security issues -- not electronic ones. Chertoff is currently reviewing department staffing, and some hope he will act to name a high-level cyber-security secretary soon.

"I have a sense Secretary Chertoff understands something is rotten in the state of Denmark," said Harris Miller, president of the Information Technology Association of America. "How can it be a critical issue when the U.S. government has buried the position five levels down?"

A government report in late May reinforced supporters' arguments for the elevated position. A study conducted by the Government Accountability Office, the investigative wing of Congress, found that the department had not fully addressed 13 responsibilities, including drafting a plan to protect critical infrastructure and identifying cyber threats and vulnerabilities.

The department agreed at the time that officials had much more to do on the cyber-security front but disagreed with GAO that it has not made significant progress on that mission since the department's inception nearly three years ago.

Despite the sense of urgency, the department has yet to name a new director of the cybersecurity division. The former chief, Amit Yoran, resigned late last year. Andy Purdy, the acting director, has been running the division temporarily.