Controversial Cyber-Bill Passes Senate Homeland Security Committee

A U.S. senate committee has approved a sweeping piece of legislation that creates a new cyber-security office within the White House and expands the authority of the Department of Homeland Security in securing critical infrastructure.

A U.S. Senate committee has given the thumbs up to a controversial cyber-security bill that some claim expands executive powers too far in the event of a cyber-attack.

The Protecting Cyberspace as a National Asset Act (PDF) was approved by the Homeland Security and Governmental Affairs Committee today in a unanimous vote. Critics have accused the bill's authors of giving the president the authority to shut down parts of the Internet in the event of an attack, something Lieberman and others say is exaggerated. The legislation, supporters argue, mandates among other things that the president use the "least disruptive means feasible" to respond to a threat.

"Catastrophic cyber-attack is no longer a fantasy or a fiction," said Sen. Joe Lieberman (D-CT), co-sponsor of the bill, in a statement. "It is a clear and present danger. This legislation would fundamentally reshape the way the federal government defends America's cyberspace."

Among other things, the bill creates a White House Office of Cyberspace Policy to lead federal and private sector efforts to protect the nation's critical infrastructure. The office would be led by a director approved by the Senate. The bill also creates a new center within the Department of Homeland Security (DHS) to implement cyber-security policies for public and private networks.

Matt Olney, senior research engineer at Sourcefire, told eWEEK that the bill sets up a complicated relationship between DHS and critical infrastructure operators.

"By positioning the DHS in the role of "dictator of action," it immediately sets operators on the defensive," he said. "Further it puts the DHS in a position where they are not fully motivated to share information they have available on the threats being faced by the operators and this isn't a way to encourage a two-way communications channel. If, instead the DHS supplies both a recommendation and sufficient information to put that recommendation in context, operators will be more able to develop appropriate, effective and safe responses as well as allowing them to better understand what information is important to handover to the DHS."

Mark Bregman, executive vice president and chief technology officer at Symantec, spoke in favor of the bill, calling it a "very strong step towards creating a much-needed national policy."

"The bill encompasses key elements for ensuring the protection of our nation's critical infrastructure by emphasizing the need for early warning capability, continuous real-time monitoring processes, and modernizing FISMA (the Federal Information Security Management Act)," he said in a statement.