House subcommittee elevates cybersecurity position

WASHINGTON - A bill that would create a high-level cybersecurity official in the U.S. Department of Homeland Security (DHS) was approved Wednesday by a House of Representatives subcommittee.

Free IT resource Virtualization Insights from Top Experts - Learn how virtualization gets real! Sponsored by Dell Free IT resource TechNet: More ways to know it, share it, and keep it running. Sponsored by Microsoft

The Department of Homeland Security Cybersecurity Enhancement Act, approved by the House Subcommittee on Economic Security, Infrastructure Protection and Cybersecurity, would create the position of assistant secretary for cybersecurity at DHS. The bill, sponsored by Representatives Mac Thornberry, a Texas Republican, and Zoe Lofgren, a California Democrat, would also make the assistant secretary responsible for establishing a national cybersecurity threat reduction program and a national cybersecurity training program.

Thornberry and Lofgren, both members of the House Committee on Homeland Security, praised the subcommittee's action. "All of us in our daily lives depend on the reliability of hundreds of computer networks, and we must protect those networks from attacks by criminals or terrorists," Thornberry said in a statement. "This bill will help make sure our government is devoting the proper amount of attention to cybersecurity."

The top cybersecurity official at DHS has been the director of the agency's National Cyber Security Division, a lower-level position, and technology trade groups for several months have been calling for a higher-level position that could make cybersecurity a higher priority at DHS.

This month, the Cyber Security Industry Alliance (CSIA), a vendor trade group, repeated its calls for an assistant secretary for cybersecurity, and Information Technology Association of America (ITAA) President Harris Miller testified at Wednesday's hearing in support of the bill.

"It is clear that all of the nation's critical infrastructures rely significantly on computer networks to deliver the services that maintain our safety and national economy," Harris said in a statement. "The owners and operators of those infrastructures must be able to look to a single senior individual within the government, with effective influence and budget authority, to coordinate collaborative efforts across sectors and with state and local governments."

ITAA also called for Congress to increase cybersecurity funding, to consider limits on liability from cybersecurity breaches for companies that implement industry-agreed practices, and to ratify the Council of Europe Convention on Cyber Crime, which allows nations to work together to hunt and prosecute cyber criminals.

CSIA, in a report titled "Policy Considerations for Securing Electronic Data" released Wednesday, called for some of the same actions, as well as a national law requiring companies to notify customers when personal data has been breached. CSIA supports one national breach notification law instead of several state laws now being considered. CSIA also called on Congress to investigate incentives, such as tax benefits, to encourage businesses to better focus on cybersecurity.

The subcommittee passage of the DHS bill is the first step in it becoming law. The bill would have to pass through the full Homeland Security Committee and the full House, and go through a similar process in the Senate, before it would be sent to President George Bush to be signed into law.