House Panel Pushes Cybersecurity Post

A House subcommittee did something about cybersecurity Wednesday: it issued
a new organizational chart. On it, responsibility for protecting the
nation’s electronic infrastructure gets a promotion at the Department of
Homeland Security (DHS).

The panel also said there wasn’t a lot it could do beyond that.

“The majority of our nation’s critical technology infrastructure is outside
of federal control,” Rep. Dan Lungren (R-Calif.) said, noting in a statement
that 85 percent of the system is in private hands.

What the government can do, he said, is elevate the importance of
cybersecurity by giving it equal billing with physical security at the DHS.
To that end, the panel approved legislation to create an assistant secretary
of cybersecurity post at the DHS.

Under the Cybersecurity Enhancement Act of 2005 (H.R. 285), the assistant
secretary will have authority for all cybersecurity-related critical
infrastructure protection programs of the DHS. The bill now goes to the
House Homeland Security Committee.

Currently, cybersecurity is coordinated at DHS by the director of the
National Cyber Security Division, which resides in the department’s
Infrastructure Protection Directorate.

“America needs an Assistant Secretary leading the cybersecurity charge to
meet the growing public administration, resource and policy challenges
related to cybersecurity, Harris Miller, president of the Information
Technology Association of America, told the panel.

Miller added, “The owners and operators of [networks] must be able to look
to a single senior individual within the government, with effective
influence and budget authority, to coordinate collaborative efforts across
sectors and with state and local governments.”

Lungren, chairman of the Subcommittee on Economic Security, Infrastructure
Protection and Cybersecurity, also said determining the likelihood or
potential costs of hostile digital attacks is difficult.

“There are no standard methodologies for cost measurement,” he said.

Lungren said 2003 loss estimates from worms and viruses reached $13
billion and ranged up to $226 billion for all forms of overt attacks.

“Although accidental, the blackout of August 2003 may have cost about $6 [billion] to $10 billion for the entire U.S. economy alone,” Lungren said. “An attack on the financial services sector or the stock market could have incalculable long-term economic repercussions for our nation’s financial security.”

The Cybersecurity Enhancement Act is the second attempt by the House to
create an assistant secretary position at the DHS. Last year, the House
authorized the same legislation in an intelligence reform bill, but it
failed to make the final cut approved by Congress and signed by President
Bush.