Cybersecurity legislation looks likely to pass this year

Lawmakers on the Senate Homeland Security and Governmental Affairs Committee appear confident their recently unveiled comprehensive cybersecurity legislation will pass the Senate this year, despite the administration's refusal to endorse the bill at a hearing on Tuesday.

At a hearing to discuss the Protecting Cyberspace as a National Asset Act of 2010 on Tuesday, experts testified that the bill would significantly upgrade the federal government's approach to protecting its networks. Sen. Joe Lieberman (I-Conn.), who sponsored the bill with Sens. Susan Collins (R-Maine) and Tom Carper (D-Del.), said he has scheduled the bill for a markup next week and he anticipates reporting it to the Senate floor before the July 4 recess.

"[Senate Majority leader Harry] Reid (D-Nev.) had been very clear at least to me that he really wants to pass the cybersecurity act this year," Lieberman said, adding that he anticipates combining the committee's bill with several other pending cybersecurity bills currently under consideration by Congress.

Lieberman also said White House Cybersecurity Coordinator Howard Schmidt has been invited to testify before the committee several times but always declined, citing executive privilege. The bill would create a permanent cybersecurity office in the White House led by a Senate-confirmed director, but that individual would have a policy and advisory rather than operational role.

Philip Reitinger, deputy under secretary of the National Protection and Programs Directorate at the Department of Homeland Security (DHS), said his agency has no official position on the legislation but disagrees with the bill's proposal to create a separate national cybersecurity center in DHS. Reitinger said the administration believes the best approach is to retain physical and cyber security in one organization rather than creating a new office just to police the nation's networks.

Collins took issue with Reitinger's offer to work with the committee to address the legal issues contained in the legislation, adding that the bill will give DHS the ability to enforce the security recommendations it makes to civilian federal agencies and critical private sector assets.

"We can’t wait, those hackers aren’t waiting, the 1.8 billion attacks per month are occurring now," Collins said."It's evident to me the department needs more teeth in its directives or agencies will feel free to ignore them."

The hearing turned briefly contentious when Sen. John McCain, (R-Ariz.) questioned Reitinger on the nature of denial of service attacks launched against the nations of Estonia and Georgia last year. Reitinger refused to attribute the attacks despite widespread media reports that they originated in Russia, causing McCain to shake his head in disbelief. McCain also expressed doubt that DHS is the ideal choice to take the lead on civilian cybersecurity.

“After DHS’ handling of the Christmas bomber, I am not confident that DHS at this particular time is the proper bureaucracy to work in partnership, particularly with the Department of Defense,” McCain said.

"We’ll continue to try and convince you that DHS is the right place," Lieberman said, adding that the State Department held a greater share of the responsibility for the Christmas Day bombing at an airport in Metro Detroit.

The second panel of industry and cybersecurity experts roundly praised the bill, particularly the aspects that would reduce liability on private sector companies that shut down networks or service on government intructions in order to prevent attacks. Alan Paller, director of research at the SANS Institute, called the bill "phenomenal" and said it had given him new hope that the government would be able to reverse its course on cybersecurity.