Lieberman also said White House Cybersecurity Coordinator Howard Schmidt has been invited to testify before the committee several times but always declined, citing executive privilege. The bill would create a permanent cybersecurity office in the White House led by a Senate-confirmed director, but that individual would have a policy and advisory rather than operational role.
Philip Reitinger, deputy under secretary of the National Protection and Programs Directorate at the Department of Homeland Security (DHS), said his agency has no official position on the legislation but disagrees with the bill's proposal to create a separate national cybersecurity center in DHS. Reitinger said the administration believes the best approach is to retain physical and cyber security in one organization rather than creating a new office just to police the nation's networks.
Collins took issue with Reitinger's offer to work with the committee to address the legal issues contained in the legislation, adding that the bill will give DHS the ability to enforce the security recommendations it makes to civilian federal agencies and critical private sector assets.
"We can’t wait, those hackers aren’t waiting, the 1.8 billion attacks per month are occurring now," Collins said."It's evident to me the department needs more teeth in its directives or agencies will feel free to ignore them."
The hearing turned briefly contentious when Sen. John McCain, (R-Ariz.) questioned Reitinger on the nature of denial of service attacks launched against the nations of Estonia and Georgia last year. Reitinger refused to attribute the attacks despite widespread media reports that they originated in Russia, causing McCain to shake his head in disbelief. McCain also expressed doubt that DHS is the ideal choice to take the lead on civilian cybersecurity.
“After DHS’ handling of the Christmas bomber, I am not confident that DHS at this particular time is the proper bureaucracy to work in partnership, particularly with the Department of Defense,” McCain said.
"We’ll continue to try and convince you that DHS is the right place," Lieberman said, adding that the State Department held a greater share of the responsibility for the Christmas Day bombing at an airport in Metro Detroit.
The second panel of industry and cybersecurity experts roundly praised the bill, particularly the aspects that would reduce liability on private sector companies that shut down networks or service on government intructions in order to prevent attacks. Alan Paller, director of research at the SANS Institute, called the bill "phenomenal" and said it had given him new hope that the government would be able to reverse its course on cybersecurity.