The position responsible for coordinating cyber security efforts between government agencies and the private sector does not currently have enough authority to be an effective focal point in that role, supporters of the Department of Homeland Security Cybersecurity Enhancement Act of 2005 (HR 285) say.
"A Director-level position does not have the sufficient stature or programmatic authority for accountability, or to reach across sectors," Paul Kurtz, Executive Director of the Cyber Security Industry Alliance testified at a Hous e Subcommittee on Economic Security, Infrastructure Protection and Cyber Security hearing. "A leader in securing the critical infrastructure must have the authority and resources to accomplish this important and complex mission. This leader must be at least at the Assistant Secretary level to have the impact that is needed."
As part of his testimony, Kurtz also highlighted the importance of integrating cyber and physical infrastructure protection. "Cyber and physical infrastructure security will receive greater respective attention with an Assistant Secretary for Cyber Security working alongside the Assistant Secretary for Infrastructure Protection, while remaining integrated under the leadership of the Undersecretary for Infrastructure Protection and Information Analysis," Kurtz said.
The act would create a National Cybersecurity Office headed by an Assistant Secretary for Cybersecurity to work alongside the Assistant Secretary for Physical Infrastructure Protection to promote cybersecurity and protect the nation's critical infrastructure.
The Assistant Secretary for Cyber Security would be responsible for establishing and managing a national cyber security response and information sharing system with the capability to detect and prevent attacks on the nation's cyber security and to help in the restoration of cybersecurity infrastructure in the wake of such attacks.
In order to accomplish this under HR 285, the assistant secretary would establish a national cyber security awareness program and coordinate education efforts within the public and private sectors. The assistant secretary would also consult with federal, state and local government agencies to enhance their cybersecurity strategies.
Under HR 285, the position will also be charged with coordinating with the Under Secretary for Emergency Preparedness the inclusion of provisions for cybersecurity elements the national response plan.
Ever since Amit Yoran, the Department of Homeland Security's first director of cybersecurity, resigned late last year, government officials and members of the private sector have been calling for the post to be elevated to the level of Assistant Secretary. At the time of Yoran's resignation, there was speculation he left in frustration over the lack of importance put on cybersecurity at the DHS.
In March, Homeland Security Secretary Michael Chertoff began conducting a "second stage review" of the department. In the course of this review, Secretary Chertoff could decide to elevate the national director of cybersecurity to the position of Assistant Secretary without the intervention of Congress.
In such a case, the bill could still serve as a guide to the development of a National Cybersecurity Office.
The review is expected to be completed in May.
