House DHS Cyber Bill Unveiled

Several House Democrats on Wednesday evening announced they have introduced legislation that would expand the Homeland Security Department's cybersecurity powers, adding to the growing pile of competing bills aimed at protecting the Internet from criminals and foreign enemies.

Rep. Bennie Thompson, D-Miss., the outgoing chairman of the Homeland Security Committee, proposed the 2010 Homeland Security Cyber and Physical Infrastructure Protection Act, along with co-sponsors Jane Harman, D-Calif., and Yvette D. Clarke, D-N.Y. Unlike S.3480, the 2010 Protecting Cyberspace as a National Asset Act, which the Senate Homeland Security and Governmental Affairs Committee passed in June, the House committee's bill would not create new White House positions or make systemic changes governmentwide.

Instead, the new legislation would fortify DHS' cyber capacity by creating a new cybersecurity compliance division within the department to oversee performance-based standards for .gov websites and separate standards for critical infrastructure networks. Thompson stressed that, since 2003, Homeland Security has been designated a focal point for the security of cyberspace, under a presidential directive, but has lacked the authority to fulfill its mission.

Like other bills, the House measure would require DHS to partner with the private sector on developing tailored security plans for critical networks.

Specifically, the Thompson legislation would authorize DHS to:

• Establish and enforce performance-based standards for agencies.
• Alert the Office of Management and Budget when agencies violate standards.
• Decide which commercial networks should be designated "covered critical infrastructure" and provide a way for private firms to challenge such a designation.
• Develop performance-based standards for private networks determined to be critical and enforce such standards.
• Recommend liability protection for firms that comply with the standards and issue civil penalties of up to $100,000 per violation.
• Share and protect relevant threat information with other federal agencies and applicable companies.
• Conduct research and development.
• Develop a strategic cybersecurity workforce plan.
• Hire an additional 500 cybersecurity professionals and grant retention bonuses for personnel that would otherwise leave DHS.

"From a security and good-government standpoint, the way to deliver better cybersecurity is to leverage, modify and enhance existing structures and efforts, rather than make wholesale bureaucratic changes," Thompson said in a statement.

Harman added, "Cyberattacks, whether originated by other countries or sub-national groups, are a grave and growing threat to our government and the private sector. This bill provides new tools to DHS to confront them effectively and make certain that civil liberties are protected." In June, Harman introduced a House version, H.R.5548, of the Senate committee's bill that is still pending in Thompson's committee.

Clarke noted, "This bill will protect our country from a growing risk of 'hacks' and better allow the department to fulfill its duties of protecting our nation."