Department of Homeland Security (DHS) Under Secretary Philip Reitinger's testimony from earlier this year indicates the administration also believes it already has the authority to intervene in private-sector networks.
The Homeland Security bill would actually limit the president's ability to intervene to protect private-sector networks, giving the office that power only in the case of events that could cause either billions of dollars in damage or significant loss of life.
Another factor complicating the push for cybersecurity legislation is the long-standing turf battle over who should be in charge of protecting private-sector networks. The aide argued DHS is the natural choice because of its role coordinating the nation's physical security. The aide also noted that if intelligence agencies are placed in charge of civilian cybersecurity, much of the data on threats would stay highly classified.
However, members of the Senate Commerce Committee have argued for a more hands-off approach involving recommendations from the National Institute of Standards and Technology. Both sides have also clashed over the regulatory mechanism that would enforce any cybersecurity requirements imposed by the government.
Republicans have argued the military and intelligence community should be left in charge of cybersecurity, with Sen. John McCainJohn McCainTrump names McMaster new national security adviser How does placing sanctions on Russia help America? THE MEMO: Trump's wild first month MORE (R-Ariz.) a particularly vocal critic of giving DHS the additional responsibility.
Because of the contentious nature of the debate, it's likely aspects of the legislation will be broken up and incorporated into spending bills and other legislation by Senate Majority Leader Harry ReidHarry ReidHopes rise for law to expand access to experimental drugs If Gorsuch pick leads to 'crisis,' Dems should look in mirror first Senate confirms Mulvaney to be Trump’s budget chief MORE (D-Nev.).
Reid is already in possession of a set of principles and legislative language agreed upon by lawmakers, which address many of the reforms that have been widely agreed upon but fail to resolve the issue of who should be put in charge of civilian cybersecurity.