[ISN] Cybersecurity measures not likely in intelligence reform

[InfoSec News]

Forwarded from: William Knowles <wk at c4i.org>

http://www.govexec.com/story_page.cfm?articleid=29593

By William New
National Journal's Technology Daily
September 28, 2004

After a week of at times acrimonious turf fighting about 
cybersecurity, it appears there will be only a small mention of the 
issue in a larger bill to reform the government's intelligence 
structure, congressional and private-sector sources said Tuesday. 
The bill being considered by various committees contains a provision 
that requires agencies to include cybersecurity in their planning, but 
two larger cyber-security measures will not be included. 

Over the past week or so, GOP leaders gave consideration to inclusion 
of a House Homeland Security Committee bill to elevate the status of 
cybersecurity within the Homeland Security Department two levels, from 
a director to an assistant secretary, and to strengthen the agency's 
responsibilities. At the same time, the House Government Reform 
Committee introduced legislation that would clarify and enhance the 
cyber-security oversight of the White House Office of Management and 
Budget. 

The Homeland Security bill does not have the clear support of the 
department and was seen by some critics as a move by the committee to 
strengthen its case for being made permanent next year. The Government 
Reform bill ruffled feathers as some interpreted it as moving too much 
oversight to OMB, though committee staff argue the agency already has 
the policy oversight and Homeland Security would be left with 
operational oversight. 

Both bills have been put off to next year to get agreement, aides 
said. Government Reform does not plan to attach its cybersecurity bill 
when it votes on the intelligence reform bill on Wednesday. 

The House Science Committee, which has jurisdiction loosely over 
cybersecurity research and development and standards, does not support 
either bill in their current forms but will continue negotiating on 
the language of the Homeland Security Committee bill, according to 
committee Chief of Staff David Goldston. 

Industry generally supports elevating cybersecurity within Homeland 
Security. Dexter Ingram, director of information security policy at 
the Business Software Alliance (BSA), said the group "looks forward to 
working with the Government Reform Committee on strengthening OMB's 
information-sharing coordination capacity within the federal 
government, as well as working with the House Select Homeland Security 
Committee on strengthening cyber security within the Department of 
Homeland Security." 

One of the main reasons the new department was created was because 
security operations cannot be done out of the White House, said Frank 
Cilluffo, former special assistant to the president for homeland 
security. 

In addition, policymakers didn't want to separate physical and cyber 
security and instead sought to "marry up" these two issues, he added. 
Elevation of cybersecurity within Homeland Security would separate 
them and should not be pursued, he said. Cilluffo noted that there is 
a senior director for cyber security on the White House Homeland 
Security Council who "rides shepherd" on cybersecurity policy within 
the White House. 

Cilluffo said OMB always "gets a bite at the apple" through managing 
agency budgets. He said Homeland Security should have more flexibility 
in its budget to address the rapid pace of technological advances. 



*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
----------------------------------------------------------------
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*