From: Lawfare
By Paul Rosenzweig
The House Homeland Security Committee has now released its own updated version of a cybersecurity bill. The text is (Lungren Substitute April 2012). This bill stands in pretty significant contrast to the Rogers-Ruppersberger bill which (in its amended form) has come under some criticism from the privacy and civil liberties community. Regarding this new offering from Congressman Lungren, I am told that the “cyber threat information” definition could still change and that FISMA language is still to come.
My assessment of the new version is that
- The new language in section 226 giving DHS the lead on cyber is arguably vaguer than before and, potentially, broader. Much of what is offered here will depend on how it is implemented if passed;
- In section 242 the bill moves away from the formal public-private partnership that had earlier been proposed. Instead it substitutes a government-managed Cybersecurity and Communications Integration Center, with a Board of Advisors from the private sector to help guide it. That seems to me an unusual construct. I wonder how it will interact with open-meeting and FACA type rules.
This bill, putting DHS at the center of cybersecurity, comes from the House Homeland Security Committee. That is no surprise. What is particularly welcome, then, is Congressional recognition that, at this point DHS, does not have as deep a talent pool as it needs to do the mission assigned. The provisions of section 227 of the bill, authoring higher pay, benefits and retention bonuses is a welcome step. If we are going to have a civilian agency managing the government’s interaction with the cyber domain, we are wise to make sure it has the requisite intellectual capabilities.
Leave a Reply