If the U.S. House has its way, cybersecurity offices will be removed from the Department of Homeland Security back to the White House, in draft legislation said to reflect frustration among some lawmakers that the DHS has paid too little attention to cybersecurity.
According to the Associated Press, which obtained a draft of the proposal earlier this week, at least one major Internet player – Internet security and domain registrar VeriSign – had reservations about the proposal. Homeland Security, said VeriSign vice president Tom Galvin, “deserves the opportunity to demonstrate its effectiveness before taking this step.” But he also said he understood the frustration other industry leaders shares with Congress.
If the bill ultimately passes and President Bush signs it, it would move cybersecurity to the purview of the White House budget office. "The fact that this is even being discussed reveals an incredible level of unhappiness and frustration over how DHS has handled cybersecurity," former White House cybersecurity advisor Roger Cressey told the AP.
The new proposal would create a new Office of Critical Infrastructure Information, said Cressey, with its administrator responsible for analyzing threats from hackers and cyberterrorists against “vital networks,” issuing verifiable attack warnings, cutting information infrastructure weaknesses, and coordinating between government and private businesses and organizations.
A number of top tech companies have pressed President Bush’s administration to take cybersecurity more seriously, arguing that a shutdown of vital information networks could provoke sustained power outages and other very serious disruptions.
Homeland Security got the original Protected Critical Infrastructure Information Program under a mandate in the Critical Infrastructure Information Act of 2002. The PCII was meant to build a framework to help private business and organizations “voluntarily submit sensitive information regarding the nation’s critical infrastructure” to Homeland Security, which would guarantee against public disclosure if it met the CIIA’s requirements.
