Cybersecurity legislation creates position with budgetary authority

New legislation introduced in the House of Representatives could bolster the authority of the new White House cybersecurity coordinator.

The Executive Cyberspace Authorities Act of 2010, introduced by Reps. Jim Langevin, (D-R.I.) and Michael McCaul, (R-Texas), creates a National Cyberspace Office led by a White House appointed cyberspace director that would be confirmed by the Senate and have a seat on the National Security Council. The bill would give the cyberspace director budgetary authority over civilian federal agencies relating to the protection of IT infrastructure.

"This legislation is long overdue and will help fill a critical void in our cybersecurity infrastructure," Langevin, co-chair of the House Cybersecurity Caucus, said in a statement. "While the president's establishment of a cybersecurity coordinator was an encouraging step, the position was not given the proper authorities to adequately secure our networks and coordinate IT policy across government. Our legislation aims to enhance this position, giving it more authority."

Federal cybersecurity issues: Federal CISOs worry they can't effectively secure cloud computing: An (ISC)2 survey finds federal CISOs pleased with the government's efforts to improve network security, but lack support for hiring skilled security pros. Security industry praises Schmidt but sees challenges ahead: President Obama's choice for cybersecurity coordinator is being widely praised, but experts say he has major hurdles to overcome. White House declassifies CNCI summary, lifts veil on security initiatives: Summary document outlines ongoing initiatives to improve cybersecurity at the federal level as well as the security of the supply chain and private networks of critical infrastructure facilities

Under the new bill, the cyberspace director can recommend that the president withhold awards and bonuses for specific agencies that fail to adequately address cybersecurity in their budgets. The director would also provide Congress with an annual assessment on the progress made on cybersecurity initiatives and any remedial action taken.

The legislation also directs civilian agencies to provide a review of threats to its information security systems in its annual budget. It also directs agencies to secure IT infrastructure using National Institute of Standards and Technology (NIST) guidelines and recommendations and to comply with the Federal Information Security Management Act (FISMA).

The bill lays out that the cyberspace director would have no authority over national security systems, nor any systems maintained by the Department of Defense and Central Intelligence Agency and their contractors. "Every day our government and private networks are breached and often sensitive; proprietary information is stolen by individuals and rogue nations," McCaul said in a statement. "We know these groups intend to inflict harm on the United States. This legislation will finally establish the necessary coordination to protect our networks and infrastructure from sabotage."