The Executive Cyberspace Authorities Act of 2010, introduced last week by U.S. Reps. Jim Langevin, D-R.I. and Michael McCaul, R-Texas, would create a National Cyberspace Office within the executive branch that would “serve as the principal office for coordinating issues relating to achieving an assured, reliable, secure and survivable information infrastructure and related capabilities for the federal government.”
The office would be headed up by a cyberspace director who would be appointed by the president and confirmed by the Senate. The cyberspace director would have a seat on the National Security Council and would be responsible for coordinating and overseeing agency information security policies and practices. Additionally, the cyberspace director would be required to review and approve all federal agency cybersecurity budgets and report to Congress annually on agency progress in developing and implementing IT security policies.
“This legislation is long overdue and will help fill a critical void in our cybersecurity infrastructure,” Langevin said in a statement. “While the president's establishment of a cybersecurity coordinator was an encouraging step, the position was not given the proper authorities to adequately secure our networks and coordinate IT policy across government. Our legislation aims to enhance this position, giving it more authority.”
James Lewis, director of technology and public policy at the Center for Strategic International Studies, told SCMagazineUS.com in an email on Friday that the cybersecurity coordinator should be given more power.
“My impression is that Congress doesn't think cyber is a high enough priority for the White House and that the coordinator position is too low,” he said. “I like the bill because it gets the government to think about how policy, strategy and budget should fit together for cyberspace.”When submitting annual budgets, the legislation would require agencies to demonstrate that they have complied with the Federal Information Security Management Act (FISMA).The cyberspace director would be able to recommend that the presidentwithhold awards and bonuses for agencies that fail to adequately securetheir IT infrastructure.
“Every day our government and private networks are breached, and often sensitive, proprietary information is stolen by individuals and rogue nations,” McCaul said in a statement. “We know these groups intend to inflict harm on the United States. This legislation will finally establish the necessary coordination to protect our networks and infrastructure from sabotage.”
The bill was referred to several House committees for consideration, including the Committee on Oversight and Government Reform, the Armed Services Committee and the Permanent Select Committee on Intelligence.