Congress urged to move one cybersecurity bill

So many pieces of cybersecurity legislation are moving through Congress that House and Senate leaders should consolidate them to ensure meaningful action can be taken soon, President Obama's former cybersecurity adviser said this week.

Melissa Hathaway, who led the administration's review of cybersecurity last year, said she is tracking at least 35 bills dealing with the security of government and private computer networks, which is "too many pieces of legislation."

"The House and Senate leadership need to get to agreement on what it is -- I think in working with the administration -- that we really need to drive forward and get it consolidated," Hathaway said during an event hosted by the Internet Security Alliance Tuesday.

"If you start to look at them, there's a lot of commonality. So you could start to collapse them into a broader omnibus [bill] if you really wanted to," she added. "I believe that the leadership has already begun that conversation."

Trying to consolidate cybersecurity bills would pose a major challenge for congressional leaders, as powerful committee chairmen and other key lawmakers have entrenched, conflicting interests.

For example, Senate Commerce Committee Chairman John (Jay) Rockefeller, D-W.V., and Sen. Olympia Snowe, R-Maine, a senior member of the Commerce Committee, have drafted a bill that creates an office within the White House to coordinate cybersecurity policy.

That approach is consistent with one taken by Obama, who recently appointed Howard Schmidt as the nation's cybersecurity coordinator. He reports to the White House.

But Senate Homeland Security and Governmental Affairs ranking member Susan Collins believes federal departments should be in charge of cybersecurity activities, not the White House "czar."

Collins has been trying for months to reach an agreement with Senate Homeland Security and Governmental Affairs Committee Chairman Joe Lieberman, I-Conn., on a bill amid apparent differences over whether the White House or departments should oversee cybersecurity efforts. For Collins, the Homeland Security Department should be in charge of security for .gov networks, and the Defense Department for .mil networks.

A Lieberman spokeswoman said Thursday negotiations are moving forward.

But it remains unclear what will be needed to spur Senate and House leaders to consolidate all the bills and get an omnibus measure moving.

Director of National Intelligence Dennis Blair gave one of the strongest signs that cybersecurity threats and vulnerabilities are in need of urgent attention last week. He opened his annual testimony to Congress on national security threats by talking about the issue.

"We often find persistent, unauthorized, and at times, unattributable presences on exploited networks, the hallmark of an unknown adversary intending to do far more than merely demonstrate skill or mock a vulnerability," he said.

"We cannot be certain that our cyberspace infrastructure will remain available and reliable during a time of crisis."

Blair added that Congress did not provide full funding last year for the administration's comprehensive cybersecurity initiative.

Some critics argue that the new White House cybersecurity coordinator does not have sufficient authority to affect the budgets of federal agencies and departments, an effective way to force them to take action.

Hathaway acknowledged the concern and said the coordinator should take special steps to help shape agency budgets.

"The strongest ally that that position needs or should have is within the Office of Management and Budget," she said. "I found that when I was in the White House and when I was [with] the [director of national intelligence] that was really an important partnership to have because that really is where all things kind of begin and end, is with the budget."