Two key senators announced on Wednesday a sweeping bill to reorganize the government’s approach to cybersecurity operations, calling for a more effective partnership with private industry to protect the nation’s digital infrastructure.
John Rockefeller, a West Virginia Democrat who chairs the Senate Commerce Committee, joined with Olympia Snowe, R-Maine, to bring forward legislation that aims to consolidate and strengthen the government’s much-maligned approach to defending against cyberattacks.
“We must protect our critical infrastructure at all costs — from our water to our electricity, to banking, traffic lights and electronic health records — the list goes on,” Rockefeller said in a statement announcing the bill. “It’s an understatement to say that cybersecurity is one of the most important issues we face. The increasingly connected nature of our lives only amplifies our vulnerability to cyberattacks and we must act now.”
The outline of the bill closely resembles the recommendations of the Center for Strategic and International Studies (CSIS), a think tank focused on security policy which late last year issued a report calling on the incoming administration to establishing an office responsible for cybersecurity within the White House, headed by someone with the president’s ear.
Obama has sent signals that he might do just that, saying in his policy agenda that he planned to create a new federal position to oversee the government’s digital defenses. The Rockefeller-Snowe bill would write that job into law, installing a National Cybersecurity Advisor in the Executive Office of the White House who would report directly to the president.
In February, Obama commissioned a thorough review of the government’s cybersecurity operations, tapping Melissa Hathaway, a former intelligence official in the Bush administration, to head the process. Hathaway’s review is due to be completed in about a week.
The new legislation adopts another key recommendation of the CSIS report in calling for more effective partnerships between government and the private sector.
Among other things, it would create a clearinghouse where government agencies and private firms could share information about cyberthreats and vulnerabilities.
It would also direct the National Institute of Standards and Technology, a division of the Commerce Department, to establish baseline, enforceable cybersecurity standards that would be applicable to both businesses and government entities. The bill would create a licensing program for cybersecurity professionals, as well as an advisory panel comprised of experts in all areas of the field to advise the president.
In an attempt to cultivate talent in the field, the legislation calls for a university-level cybersecurity scholarship program, with graduates to be placed in jobs at government agencies. The bill would also boost funding for cybersecurity research at the National Science Foundation.
It would also require a comprehensive review of the existing legal structures underpinning cyberdefenses, with an eye toward balancing security with civil liberties.
Ultimately, the bill aims to lay the groundwork for a coordinated national cybersecurity strategy, which would include an ambitious program to educate the public about the threats.
The bill would require the National Cybersecurity Advisor to conduct a thorough review every four years to examine the government’s strategies, policies and budget requirements.