General: Nation needs DHS involved in cybersecurity

ADVERTISEMENT
The role of DHS on cybersecurity has been one of the key stumbling blocks for moving legislation through Congress. Senate Republicans blocked a cybersecurity bill in August, in part, because they believed the department was ill-equipped to take on the new cybersecurity responsibilities outlined in the measure. 

Alexander argued that better information-sharing about malicious source code and other cyber threats is needed to thwart destructive cyber attacks against critical infrastructure. He noted that the string of attacks targeted at the websites of PNC and other U.S. banks last week caused "disruption," but said more information-sharing efforts between the public and private sectors could avert more serious damage in the future.

"What we're asking industry to do is to look and if you see these bad things going on, let us know right away," said Alexander. "Call us and we'll respond. Otherwise, we don't need to know what traffic is transiting." 

Alexander stressed that protecting the nation's critical infrastructure from cyber attacks requires a team effort from the government, including the involvement of DHS. 

"Where I sit, it's our job to help them be successful. I think they're taking the right steps and it's the right thing to do," Alexander said. "Our nation needs them to be in the middle of this." 

The American Civil Liberties Union (ACLU) and other digital privacy groups fought against legislation that would make it easier for companies to share cyber threat information with the National Security Agency (NSA), arguing that a civilian agency should handle the data. This spring, the advocacy groups protested against the House's Cyber Intelligence Sharing and Protection Act because they said it would widen the flow of people's personal information to the military. 

Anthony Romero, the executive director of the ACLU, said Congress would have less oversight over the transfer of data if the military was in charge of it.

"We're not capable of having that level of oversight if it were placed in the Pentagon," said Romero. "It's a very different beast."

Romero said the cybersecurity bill sponsored by Sens. Joe Lieberman (I-Conn.), Susan Collins (R-Maine) and Senate Democrats "strikes the right balance" and warned that other legislative models "are much more worrying."

Collins, who also participated on the panel, said the Cybersecurity Act of 2012 would have mandated the Government Accountability Office, inspector generals of several departments and other government watchdogs deliver reports to Congress on any privacy violations that occurred during the information-sharing process between industry and federal agencies. 

Collins said she hoped Congress would return to its work on cybersecurity legislation after the election. She also called the cybersecurity executive order that the White House is crafting "a big mistake." 

"The executive order cannot grant the liability protections needed to encourage more participation by the private sector," she said. "The executive order cannot accomplish what legislation can." 

- This story was updated at 6:52 p.m. to clarify a comment from Gen. Alexander