recommended reading

Rockefeller seeks July action on cybersecurity bill

Senate Commerce Chairman John (Jay) Rockefeller is aiming for a July committee vote on sweeping cybersecurity legislation he introduced in April with Sen. Olympia Snowe, R-Maine, a senior Rockefeller aide said today.

Before the markup, the bill could see significant changes and an additional hearing, according to Rockefeller chief of staff Ellen Doneski. Cybersecurity experts brought up some concerns on how to bolster national defenses against high-tech attacks at a hearing before the bill was introduced and before the White House unveiled its blueprint for a cybersecurity strategy.

One of the bill's most controversial provisions, which high-tech policy watchers say would give the president the power to effectively shut off the Internet during a cyber crisis, is imperfect and needs to be changed, Doneski said.

The bill text states the president "may declare a cybersecurity emergency and order the limitation or shutdown of Internet traffic to and from any compromised federal government or United States critical infrastructure information system or network."

She said drafters did not envision an "on-off switch" that the president could flip in the event of an emergency. Rather, the intent was to provide clear lines of authority to avoid the kind of mass confusion that erupted after 2005's Hurricane Katrina and the Sept. 11, 2001, terrorist attacks, Doneski said.

Rockefeller's team has been meeting with government and industry stakeholders to fine-tune the bill so it will be more warmly received when it goes before the committee, she added. She made her remarks at an event at Google's Washington office.

When asked about the provision, Obama administration officials at the event declined to comment. Philip Reitinger, director of the Homeland Security Department National Cybersecurity Center, and Richard Hale, the Defense Information Systems Agency's chief of information assurance, instead stressed the importance of public-private partnerships.

"If something bad happens, the last thing someone in the private sector is going to do is reach for the 300-page government binder," Reitinger said. Articulating an incident response plan on the heels of the White House's 60-day cybersecurity review is crucial, he added.

Under Rockefeller's bill, the White House would be required to create an Office of the National Cybersecurity Adviser within the Executive Office of the President as well as an advisory panel of experts from industry, academia and nonprofits.

Last month, Obama pledged to personally select a cyber czar who would report to the National Security Council and National Economic Council, but the position remains vacant.

Rockefeller's bill would have the Commerce Department devise a real-time IT monitoring program and require cyber standards for all federal agencies, contractors and grantees.

Threatwatch Alert

Stolen credentials

Hackers Steal $31M from Russian Central Bank

See threatwatch report

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

    Download
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

    Download
  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

    Download
  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

    Download
  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

    Download

When you download a report, your information may be shared with the underwriters of that document.