Sen. Collins says DHS should lead cybersecurity, not White House

The Senate Homeland Security and Governmental Affairs ranking member is preparing cybersecurity legislation that would give the Homeland Security Department -- and not what she calls a "White House czar" -- primary authority to protect federal civilian and private computer networks from attacks.

"We need more rigorous and aggressive cybersecurity standards, both for the federal government and in helping the private sector improve cybersecurity practices," Sen. Susan Collins, R-Maine, said in an interview.

"I also think we need to clarify who is in charge of cybersecurity across the federal government and make sure that the officials and agencies involved have the authority that they need."

She added: "I expect we will have a bill to introduce within the month."

Her measure will add to an increasingly jumbled landscape of cybersecurity legislation and stakes out a different approach from a bill introduced this year by Senate Commerce Chairman John (Jay) Rockefeller, D-W.Va., a former Senate Intelligence Committee chairman, and Collins' Republican colleague from Maine, Sen. Olympia Snowe.

Additionally, Senate Homeland Security and Governmental Affairs Chairman Joseph Lieberman plans to introduce a cybersecurity bill -- although Collins and Lieberman, who often co-sponsor security legislation, are likely to work out a compromise

"Sen. Lieberman fully expects one bill to emerge from committee," his spokeswoman said.

A closely-held draft of the Collins bill is being vetted by industry experts, sources said.

Collins declined to discuss details, but said the bill would counter the Rockefeller-Snowe measure by codifying and strengthening cybersecurity responsibilities of the Homeland Security Department.

Rockefeller and Snowe want to create a White House office and national cybersecurity adviser to lead efforts to defend against assaults on the nation's public and private computer networks.

"They want a White House czar and I definitely think that would be a mistake," Collins said. "I believe that we need to clearly define and designate the Department of Homeland Security as being the lead agency for civilian government computers and to assist the private sector."

"The department has a division that is in charge of looking at the private sector infrastructure and identifying threats, vulnerabilities and risks. I see no reason for them not to include cybersecurity."

Collins added that the Defense Department and National Security Agency would be responsible for protecting defense networks.

She indicated that her bill also would call on the federal government to help private companies adopt best practices, particularly through its purchasing power.

The senator said she met this week with the president of a home heating oil business in Maine whose business had lost $125,000 due to cyberattacks.

"He was telling me, and this is something I've long felt, that the private sector needs more help from government in knowing what the best standards are, what they should look for when they're purchasing hardware and software," Collins said.

"The government can do a lot to improve cybersecurity simply by using its purchasing power," she added.

"If it starts establishing minimum security standards for the computer hardware and software that it buys, because it is such a large purchaser, it will encourage computer manufacturers and software writers to incorporate better security into their products."