A U.S. senate committee has approved a sweeping piece of legislation that creates a new cyber-security office within the White House and expands the authority of the Department of Homeland Security in securing critical infrastructure.
A U.S. Senate committee has given the thumbs up to a controversial cyber-security bill that some claim expands executive powers
too far in the event of a cyber-attack.
The Protecting Cyberspace as a National Asset Act (PDF)
was approved by the Homeland Security and Governmental Affairs
Committee today in a unanimous vote. Critics have accused the bill's
authors of giving the president the authority to shut down parts of the
Internet in the event of an attack, something Lieberman and others say
is exaggerated. The legislation, supporters argue, mandates among other
things that the president use the "least disruptive means feasible" to
respond to a threat.
"Catastrophic cyber-attack is no longer a fantasy or a fiction,"
said Sen. Joe Lieberman (D-CT), co-sponsor of the bill, in a statement.
"It is a clear and present danger. This legislation would fundamentally
reshape the way the federal government defends America's cyberspace."
Among other things, the bill creates a White House Office of Cyberspace Policy to lead federal and private sector efforts
protect the nation's critical infrastructure. The office would be led
by a director approved by the Senate. The bill also creates a new
center within the Department of Homeland Security (DHS) to implement
cyber-security policies for public and private networks.
Matt Olney, senior research engineer at Sourcefire, told eWEEK that
the bill sets up a complicated relationship between DHS and critical
"By positioning the DHS in the role of "dictator of action," it
immediately sets operators on the defensive," he said. "Further it puts
the DHS in a position where they are not fully motivated to share
information they have available on the threats being faced by the
operators and this isn't a way to encourage a two-way communications
channel. If, instead the DHS supplies both a recommendation and
sufficient information to put that recommendation in context, operators
will be more able to develop appropriate, effective and safe responses
as well as allowing them to better understand what information is
important to handover to the DHS."
Mark Bregman, executive vice president and chief technology officer
at Symantec, spoke in favor of the bill, calling it a "very strong
step towards creating a much-needed national policy."
"The bill encompasses key elements for ensuring the protection of
our nation's critical infrastructure by emphasizing the need for early
warning capability, continuous real-time monitoring processes, and
modernizing FISMA (the Federal Information Security Management Act),"
he said in a statement.