This piece of draft legislation will also give DHS authority over networks with the .gov designation, which is similar to the authority exercised by the Defense Department over military networks, according to the report.
The bill would bring together legislative proposals by Sens. Joseph Lieberman (I-Conn.), Susan Collins (R-Maine) and Tom Carper (D-Del.), as well as Office of Management and Budget’s memo from July 2010.
The combined Lieberman, Collins and Carper proposals would establish a National Center for Cybersecurity and Communications within DHS.
Collins said the legislation would make DHS a strong partner in the process of securing agency networks, but the White House will be the central point for all cyber security across the government, according to the Federal News Radio report.
But is it necessary to expand DHS’s authority over civilian networks?
“I think that somebody needs to coordinate the government’s response, and I think DHS is the only person who can do it,” said Paul Rosenzweig, former deputy assistant secretary for policy in the Department of Homeland Security and a Carnegie visiting fellow with Medill’s national security journalism initiative.
“If you don’t do this, essentially all of our civilian agencies will remain very vulnerable and that’s not a good thing,” he added.
The National Center for Cybersecurity and Communications would use the resources of the DHS for day-to-day operations, according to the Federal News Radio report.
This raises another question: whether the DHS has the resources and the capability to maintain far-reaching oversight over civilian networks and government domains?
“Clearly if they get more authority they are going to need more budget as well, they are also going to need more staff,” said Rosenzweig. “I don’t think it’s a problem for them to have authority over the .gov domain in fact I think it is better that a civilian agency do that than any military agency.”
Michelle Richardson, legislative counsel for the American Civil Liberties Union, said the primary legislation drafted by Senator Lieberman and Collins gives the government too much authority.
The proposals by Senator Lieberman and Collins have been criticized for giving the President a “kill switch” that would shut down the Internet in an emergency.
Richardson hopes the final bill approved by the White House would be more “measured”. She also stressed the need to ensure civil liberties and privacy protection under the bill.
“There is nothing per se hairy about DHS getting involved with civilian cyber security efforts; the question is how they will do this,” said Richardson. “The goal is to minimize the government’s intrusion into everyday and innocent activities. We want them to focus on actual cyber security threats; we don’t want them to use their authority to collect information on people who aren’t doing anything wrong or to interfere with people’s access to the information or using the internet to communicate.”
Richardson will be keeping a close eye on the details of the draft legislation.
“We would be looking for a couple of things: one does it give the government any new authority to interfere with the internet and people’s communication; two does it allow the government to collect information on people using the internet; and three what is the use of the information it collects,” she said.
Though the details of the draft bill are sketchy right now, Rosenzweig hopes a comprehensive cyber security bill would “create a formal corporate structure public-private partnership, sort of like the American Red Cross.”
“We have been waiting with great anticipation for the White House to weigh in on the best way to protect the American people from catastrophic cyber attacks. If the White House is on the same path we’re on, the Senate should be able to approve comprehensive cyber security legislation this year,” Lieberman said in a statement to the Federal News Radio.
