High tech group: Cybersecurity efforts gaining steam

Bills intended to help secure U.S. computer networks, the power grid and other critical infrastructure are expected in the coming weeks, a high-tech watchdog group said today.

While Senate Commerce Chairman John (Jay) Rockefeller and Sen. Olympia Snowe, R-Maine, were first out of the gate with legislation this month, multiple committees share jurisdiction over the issue and are expected to offer ideas on how to improve the nation's cybersecurity. Center for Democracy and Technology CEO Leslie Harris said the Rockefeller-Snowe bill, which among other things would establish a White House cybersecurity czar reporting to the president, is "an opening salvo" in the congressional debate.

House and Senate committees covering commerce, homeland security, intelligence, judiciary and government reform have all introduced legislation, but jurisdictional divisions have kept those bills from moving forward. This year's activity will dovetail with the execution of recommendations from a 60-day cybersecurity review ordered by President Obama. The results of the audit will be conveyed to Obama Friday, but it is unknown whether the findings will be made public that day, said CDT senior counsel Greg Nojeim. Melissa Hathaway, a top adviser to Director of National Intelligence Dennis Blair, is leading the audit, and she is consulting with CDT as well as other nongovernmental entities for the review.

"We'll have two playing fields here," Harris said. "The administration setting the frame will be the most important." Her group has encouraged Hathaway and lawmakers pursuing legislative proposals to avoid putting "critical infrastructure in one big box," because the Internet, unlike water and electricity suppliers, has thrived unshackled from government ownership and heavy regulation.

CDT contends privacy and civil liberties considerations should factor prominently in any discussion of statutory changes that would impact public and private sector cybersecurity regimes. Appropriate leadership, information sharing, and transparency in administration activities will also be vital, Nojeim said.

He said the White House should take the lead on policy while the Homeland Security Department, with some improvements, can adequately bolster IT networks and fight high-tech attacks. Cybersecurity failings identified at Homeland Security by GAO -- like lack of consistent leadership, funding, and insufficient attention to the issue by top management -- are fixable in the new administration, he added. But he warned that ceding control to the National Security Agency, as some have suggested, "would be a big mistake" because of its role in breaking into foreign government systems to exploit vulnerabilities.

"Cybersecurity is about plugging weaknesses," he said.