recommended reading

Administration excoriated for delay in proposing cyber plan

A Senate Democrat blasted the Obama administration for holding up passage of cybersecurity legislation that has been subjected to a more than yearlong interagency review process. At a congressional hearing on Wednesday, Sen. Sheldon Whitehouse, D-R.I., secured a commitment from the Homeland Security Department secretary, under oath, to provide him with a near-term deadline for finishing negotiations.

"We need input from the executive branch to sort out the differences between the different committees," he said at the Senate Judiciary Committee session. "There's no point in sorting it out if we don't know where the executive branch is going to stand. . . . We're kind of on hold now, waiting."

The chairman of the multiple Senate committees with jurisdiction over computer security have signaled they want to pass a comprehensive bill that would address 10 elements of cyberspace, among them the security of government networks; private sector incentives to protect commercial networks; safeguards against online identity theft; and law enforcement authorities to investigate cyber crimes.

Last year, the Senate Commerce and Homeland Security and Governmental Affairs committees proposed two differing measures. The HSGAC panel reintroduced its bill last month. At the same time, Judiciary Chairman Patrick Leahy, D-Vt., has indicated he wants to update digital privacy laws.

"In the legislative branch we are now probably a year into a stall in preparing the legislation that I think we urgently need in order to protect our country from a cyberattack," Whitehouse said.

DHS Secretary Janet Napolitano at first declined to say when the administration would finalize its legislative offer.

"You're the secretary of Homeland Security -- that's the central agency for cybersecurity other than the [National Security Agency], which provides the technical horses to everybody," Whitehouse responded. "You've gotta have a sense of how close this is."

After repeated grilling, Napolitano said: "I think it is fairly close, but I hesitate to give you a deadline because I don't know that there is one. . . . I understand and take your frustration to heart and will take it to the White House, and we will try to generate an answer for you."

Without cyber mandates, the administration has used its existing regulatory powers to create agency roles and responsibilities for protecting the nation's digital infrastructure. For instance, in October 2010, Homeland Security and NSA, which is part of the Defense Department, reached a compromise under which they have collocated equipment and staff at NSA to bolster civilian and military networks. And the Commerce Department in January opened an office to coordinate with the private sector on creating an online identification system that will let consumers, companies and software execute secure, online transactions.

Whitehouse, a former Intelligence Committee member, and Napolitano agreed administrative policies do not go far enough. For instance, Whitehouse noted, legislation would be needed to require secure domains, or Web addresses, for critical infrastructure -- systems that could cause catastrophes if disrupted. "I don't think that shuffling things around within the existing authorities is adequate," Whitehouse said.

For her part, Napolitano said she would like to see cemented into law distinct roles and responsibilities for each agency associated with cyber. "Clarity in terms of authorities and jurisdiction in this new and developing area always facilitates operations," she said. "lf we can work with the Senate and get to a bill that clarifies authorities and jurisdictions, I think that that would be very helpful."

Across the Capitol, House Republican leaders have made it clear they do not want a major package enacted. Rather, Rep. Mac Thornberry, R-Texas, who is coordinating cyber legislation in the House, is pushing committees to approve piecemeal measures. Thornberry, who also serves as the Armed Services vice chairman, said his priority is defending the country against major threats, such as foreign military capabilities in cyberspace.

Threatwatch Alert

Cyber espionage / Spear-phishing

Russia-Linked Hacker Unit Targets French Presidential Election

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.


When you download a report, your information may be shared with the underwriters of that document.