House cybersecurity overhaul included in Defense authorization bill

An amendment to the Defense authorization bill, expected to pass in the House on Friday, would push through committee efforts to update information security requirements for agencies and establish a separate cybersecurity office in the White House.

The fiscal 2011 National Defense Authorization Act, which moved to the House floor on Thursday, includes an amendment that would speed passage of existing measures from the Oversight and Government Reform Committee to overhaul federal cybersecurity.

"It was appropriate to attach this amendment to the Defense authorization bill because properly securing our cyber infrastructure is a national security issue," said Joy Fox, spokeswoman for Rep. Jim Langevin, D-R.I., who offered the amendment with Rep. Diane Watson, D-Calif.

The amendment would mandate agency use of automated monitoring to assess cyber threats. It would involve a major overhaul of the 2002 Federal Information Security Management Act, which often is criticized for forcing IT staffs to spend too much time and too many resources reporting about compliance with certain security procedures. Agencies also would be expected to incorporate security requirements into contracts from the start.

Other provisions in the amendment would establish a National Office of Cyberspace in the White House with budget authority over cybersecurity spending and governmentwide coordinating responsibilities, and codify posts of the federal cybersecurity coordinator, held by Howard Schmidt, and chief technology officer, who is Aneesh Chopra.

The amendment is based on H.R. 4900, sponsored byWatson, and H.R. 5247, sponsored by Langevin.

The security community has widely praised the provisions.

"This is an important step forward," said Alan Paller, director of research for the SANS Institute, noting he expects it will accelerate companion measures in the Senate and create "a real chance of major progress quickly."