A Senate Democrat blasted the Obama administration for holding up passage of cybersecurity legislation that has been subjected to a more than yearlong interagency review process. At a congressional hearing on Wednesday, Sen. Sheldon Whitehouse, D-R.I., secured a commitment from the Homeland Security Department secretary, under oath, to provide him with a near-term deadline for finishing negotiations.
"We need input from the executive branch to sort out the differences between the different committees," he said at the Senate Judiciary Committee session. "There's no point in sorting it out if we don't know where the executive branch is going to stand. . . . We're kind of on hold now, waiting."
The chairman of the multiple Senate committees with jurisdiction over computer security have signaled they want to pass a comprehensive bill that would address 10 elements of cyberspace, among them the security of government networks; private sector incentives to protect commercial networks; safeguards against online identity theft; and law enforcement authorities to investigate cyber crimes.
Last year, the Senate Commerce and Homeland Security and Governmental Affairs committees proposed two differing measures. The HSGAC panel reintroduced its bill last month. At the same time, Judiciary Chairman Patrick Leahy, D-Vt., has indicated he wants to update digital privacy laws.
"In the legislative branch we are now probably a year into a stall in preparing the legislation that I think we urgently need in order to protect our country from a cyberattack," Whitehouse said.
DHS Secretary Janet Napolitano at first declined to say when the administration would finalize its legislative offer.
"You're the secretary of Homeland Security -- that's the central agency for cybersecurity other than the [National Security Agency], which provides the technical horses to everybody," Whitehouse responded. "You've gotta have a sense of how close this is."
After repeated grilling, Napolitano said: "I think it is fairly close, but I hesitate to give you a deadline because I don't know that there is one. . . . I understand and take your frustration to heart and will take it to the White House, and we will try to generate an answer for you."
Without cyber mandates, the administration has used its existing regulatory powers to create agency roles and responsibilities for protecting the nation's digital infrastructure. For instance, in October 2010, Homeland Security and NSA, which is part of the Defense Department, reached a compromise under which they have collocated equipment and staff at NSA to bolster civilian and military networks. And the Commerce Department in January opened an office to coordinate with the private sector on creating an online identification system that will let consumers, companies and software execute secure, online transactions.
Whitehouse, a former Intelligence Committee member, and Napolitano agreed administrative policies do not go far enough. For instance, Whitehouse noted, legislation would be needed to require secure domains, or Web addresses, for critical infrastructure -- systems that could cause catastrophes if disrupted. "I don't think that shuffling things around within the existing authorities is adequate," Whitehouse said.
For her part, Napolitano said she would like to see cemented into law distinct roles and responsibilities for each agency associated with cyber. "Clarity in terms of authorities and jurisdiction in this new and developing area always facilitates operations," she said. "lf we can work with the Senate and get to a bill that clarifies authorities and jurisdictions, I think that that would be very helpful."
Across the Capitol, House Republican leaders have made it clear they do not want a major package enacted. Rather, Rep. Mac Thornberry, R-Texas, who is coordinating cyber legislation in the House, is pushing committees to approve piecemeal measures. Thornberry, who also serves as the Armed Services vice chairman, said his priority is defending the country against major threats, such as foreign military capabilities in cyberspace.