“One important area of agreement is the recognition that the Department of Homeland Security must be given the job of protecting the dot gov and dot com domains. In other words, DHS will be the new sheriff in cyber town that we need”, Lieberman said, referring to agreement between the White House proposal and legislation he introduced with Sen. Susan Collins (R-Maine) and Sen. Tom Carper (D-Del.).
Among other things, the Obama administration proposal would shift responsibility for implementation of the Federal Information Security Management Act (FISMA) from the Office of Management and Budget to DHS.
“The administration proposal would update the Federal Information Security Management Act (FISMA) and formalize DHS’ current role in managing cybersecurity for the federal government’s civilian computers and networks, in order to provide departments and agencies with a shared source of expertise. The legislation would also promote the ongoing transformation of FISMA toward increased automation and performance based security measures”, administration officials said in joint testimony submitted to the committee.
Testifying before the committee were Philip Reitinger, deputy under secretary for national protection and programs directorate at DHS; Robert J. Butler, deputy assistant secretary of defense for cyber policy; Ari Schwartz, senior internet policy advisor with National Institute of Standards and Technology; and Jason Chipman, senior counsel to the deputy US Attorney General.
While agreeing with many of the provisions of the White House proposal, Lieberman reiterated his call to establish a White House Office of Cyberspace Policy that would be headed by an official who would require Senate confirmation. Right now, the White House cybersecurity coordinator Howard Schmidt does not require Senate confirmation.
Lieberman also noted that the administration’s proposal does not contain a “kill switch” for the president in a cyber emergency, a provision that a bill he introduced in the last Congress contained but was absent from current legislation.
“Our bill would also clarify the president’s authority to act in the event of a true cyber emergency, while at the same time ensuring that the president cannot take any action that would limit free speech or ‘shut down’ the internet. In its original version this section was misconstrued, and we have tried to reassure everybody about the very, very limited circumstances under which the president could act, and the limited range of his actions. The administration believes that additional statutory authority is unnecessary because the president has the authority that we gave him in this proposal already in existing law”, Lieberman said.