Sen. Bond says DHS shouldn't oversee cybersecurity

The Department of Homeland Security is already overburdened and shouldn't be put in charge of protecting the country's computer networks, according to Sen. Kit Bond (R-Mo.).

"Frankly I don't think there are a lot of Senators or House members with confidence that Homeland Security is the proper organization" to oversee federal cybersecurity, Bond told Hillicon Valley.

Bond's words were aimed at the cybersecurity bill approved Thursday by the Senate Committee on Homeland Security and Governmental Affairs and co-sponsored by Sens. Joe Lieberman (I-Conn.), Susan Collins (R-Maine), and Tom Carper (D-Del.). Bond said the bill is flawed because it places DHS is charge of guarding civilian networks and places burdensome mandates on the private sector.

Sen. John McCain (R-Ariz.) expressed a similar viewpoint at Thursday's markup about the bill, which would create a cybersecurity center in DHS with authority over private sector networks deemed critical to national security. McCain said the department's poor response to recent attempted terrorist attacks has shaken his confidence in its ability to oversee cybersecurity.

Bond and Sen. Orrin Hatch (R-Utah) introduced competing cybersecurity legislation on Thursday, an effort Bond characterized as "something clean, neat, simple and quick." The bill creates a single, presidentially appointed, Senate-confirmed cybersecurity coordinator who would be housed in the Department of Defense but report directly to the president. Bond said that individual would have access to all the resources of the intelligence community as well as budget authority to ensure autonomy.

"As we listened to the leading organizations under threat from cyber attacks, this is their crying need," Bond said. "They've got to be able to talk to somebody in government who can tell them what's happening, find out who else is being attacked and what can be done to respond."

Unlike the Homeland Security cyber bill, under the Bond-Hatch bill there would be no White House cybersecurity coordinator. The Senators expressed concern that creating such a position would impede Congressional oversight. According to Lieberman, current White House cyber czar Howard Schmidt has repeatedly refused to testify before Congress, citing executive privilege.

Bond's bill would also create a cybersecurity center housed at the Department of Energy that would allow critical private sector entities like utilities, financial services firms and power companies to meet and share information on cyber attacks and best practices. The center would not be subject to the Freedom of Information Act or antitrust challenges so companies would feel free to discuss the challenges and attacks they are facing.

"They won't come in and open up with each other if they don't have that," Bond said.

Bond acknowledged the existence of more than 20 competing pieces of cybersecurity legislation, but said unlike the other bills, his is not part of a "turf battle." He said senior intelligence officials have expressed concerns to him about some of the other bills and their potential adverse impact on network security in the intelligence community. Bond and Hatch both sit on the Senate Intelligence Committee.

"If there are further things to do, we'll deal with those later," Bond said. "But we need a single point of contact controlling cybersecurity and a forum for the private sector to share information, threat warnings and best practices."