Wired magazine reported today that a new bill from Joe Lieberman and Susan Collins, currently in draft form, would give the government broad powers to take over responsibility for civilian networks in case of an “imminent cyber threat.”
It’s commendable that legislators are thinking about private networks while making contingency plans for a massive cyber attack. Protecting government IT systems isn’t enough — the vast majority of the country’s infrastructure in this area lies in private hands.
From the Wired report:
“These emergency measures are supposed to remain in place for no more than 30 days. But they can be extended indefinitely, a month at a time. Read the rest of this entry »
Wired Magazine’s Danger Room blog has an interesting post today about the McLean, Va.-based consulting behemoth Booz Allen Hamilton. Danger Room’s editor, Noah Shachtman, essentially accuses Booz Allen executive vice president Mike McConnell of over-hyping cybersecurity threats so his firm can win government contracts to combat the dangers that he invented. Shachtman calls Booz “cyberwar Cassandras.”
Now, I can’t speak to the motivations of Mr. McConnell or anyone else at the firm. However, the evidence Shachtman presents on Booz Allen’s supposed recent windfall in government contract spending seems a little thin. Booz Allen has raked in $400 million in deals from the Defense Department in the last six weeks. Yes, that’s a lot, but it’s not far out of line with recent numbers. In fiscal 2009, Booz Allen brought in a total of $3.4 billion in federal contracts. Extrapolate the totals from the last six weeks out ($400M/6*52) and you get just under $3.5 billion. The only caveat would be that the $400M was only from DoD, so we’re comparing apples and oranges, but the military has traditionally been far and away Booz’s biggest government customer, so the numbers probably aren’t too far off.
The Senate Commerce, Science and Technology Committee voted today to send a key cybersecurity bill to the Senate floor.
The bill, S 773,would require the executive branch to work with the private sector to create cybersecurity standards and mandate audits to ensure compliance with those new standards.
An earlier version of the bill would have granted the president authority to shut down the Internet in the case of a major cyber attack, but this new bill doesn’t include that authority. Instead, the government and the private sector would work together to address handling a major cybersecurity attack.
Sens. Jay Rockefeller, D-W.Va., and Olympia Snowe, R-Maine, co-sponsored the bill. Rockefeller, the committee’s chairman, called the legislation essential to securing the nation’s electronic infrastructure.
Our approach is very different from traditional regulation because it gives the private sector unprecedented influence – and responsibility – in determining how our country defends itself. It is better to act now than to wait to act after a cyber-emergency. We need the private sector to meet this challenge with bold and visionary leadership.”
Members approved the bill, S 773, by voice vote.
The White House has declassified much of a cybersecurity initiative developed during the George W. Bush administration.
The release of Comprehensive National Cybersecurity Initiative’s 12 key goals is part of the Obama administration’s quest for transparency, said Cybersecurity Coordinator Howard Schmidt in a March 2 White House blog post announcing the declassification. Bush created the initiative in 2008 and few details were available about it before the March 2 release.
We will not defeat our cyber adversaries because they are weakening, we will defeat them by becoming collectively stronger, through stronger technology, a stronger cadre of security professionals, and stronger partnerships.”
Portions of the initiative outlining cyberwarfare plans remain classified.
To read the 12 initiatives, click here.
A cybersecurity attack will hit the nation’s computer systems at 10 a.m. Tuesday.
That’s the scenario former senior administration officials will operate under Tuesday as they show how the government would respond to a potential cyber crisis.
More than a dozen officials will participate in the exercise Tuesday at the Mandarin Oriental Hotel in Washington, D.C., where they will illustrate tactics and processes government officials may use during a major cyber attack. The event is open to the media, and the Federal Times will cover it.
The event is sponsored by the Bipartisan Policy Center, a Washington-based policy think tank. The center says the drill will be realistic and show the pressures officials would face in the event of an attack.
The participants, whose mission is to advise the president and mount a response to the attack, will not know the scenario in advance. They will react to the threat in real time, as intelligence and news reports drive the simulation, shedding light on how the difficult split-second decisions must be made to respond to an unfolding and often unseen threat.”
President Barack Obama will officially name Howard Schmidt, President Bush’s former cybersecurity chief, as the White House “cyber czar,” the White House has confirmed.
Schmidt spent about 18 months in the Bush administration, from December 2001 to May 2003, before returning to the private sector. He has also worked as Microsoft’s chief security officer, and eBay’s chief information officer; the White House says Schmidt’s close ties with industry were a factor in his appointment.
The Washington Post first reported the news of Schmidt’s nomination last night. Schmidt was long considered one of the two front-runners for the job, which Obama announced he would create during a White House speech on cybersecurity in May.
We’ll have more details about the announcement, including reactions from the cybersecurity community, throughout the day.
I spent the morning in a Senate Commerce committee hearing on transportation security challenges. I’ve got a story on the hearing going up on the homepage soon: DHS secretary Janet Napolitano was the lone witness, and she spent a while talking about collective bargaining rights for Transportation Security Administration employees.
One other item of note that didn’t quite fit into the TSA story: Sen. Jay Rockefeller, D-W.Va., offered a bit of insight into his thinking on cybersecurity. Rockefeller said he was worried about President Barack Obama’s plan to name a “cyber czar” — but, unlike other legislators, he’s not concerned that the czar will be unaccountable to the Senate. Rather, he’s worried that the new cyber coordinator, who will report to the National Economic Council and the National Security Council, will have too many bosses:
We say there ought to be somebody who reports only to the president. If that’s another “czar,” then that’s the kind of czar you want to have, because that [cybersecurity] is the number-one national security threat to the United States. I feel there ought to be somebody who reports directly to the president… otherwise we’re going to drift away from cybersecurity being the top priority.
Rockefeller and Sen. Olympia Snowe, R-Maine (they’re the “we” in that quote) have introduced legislation that would create a “czar” accountable directly to the president.
The president has been accused of “dithering” on his Afghanistan strategy review. (Personally, I think he’s right to take his time: Escalating the war is not an easy decision, and when tens of thousands of soldiers are being sent into combat, better to take some extra time to get it right.)
But that’s not the only important decision on which Obama has delayed. There’s also the question of appointing a “cyber czar,” a White House official to coordinate cybersecurity policy. Obama announced the new position in May, during a White House speech on cybersecurity, but the position has remained vacant for more than five months.
The delay is starting to attract criticism. Rep. Jim Langevin, D-R.I., said last week that he was frustrated with the delay. TechAmerica, an IT industry group, put out a press release this afternoon calling on Obama to appoint a czar “at the earliest possible opportunity.”
The House Appropriations Committee approved the Homeland Security and Legislative Branch fiscal year 2010 appropriations draft bills at a markup Friday.
The Homeland Security bill provides $42.63 billion for the agency, compared to President Barack Obama’s $42.83 billion request for fiscal year 2010. In 2009, the agency received $39.98 billion.
The bill cuts $135 million requested for agency operations due to “staffing vacancies, redundant policy initiatives and poorly justified request to consolidate DHS headquarters for those agencies not moving to St. Elizabeths,” according to a committee news release.
The bill includes:
- $10 billion for Customs and Border Protection, $82 million less than Obama requested, due to slight cuts in funding requests for multiple programs. This is $147 million more than the 2009 funding.
- $5.4 billion for Immigration and Customs Enforcement, $30 million less than the president’s request but $439 million more than 2009.
- $382 million for cybersecurity, $19 million less than the president requested and $68 million more than 2009.
The committee also approved the $3.7 billion draft bill to fund the Legislative Branch, $300 million than requested but $600 million more than 2009.
The bill includes:
- $559 million for the Government Accountability Office, $9 million less than the president’s request and $28 million more than 2009.
- $45 million for the Congressional Budget Office, $1.2 million less than Obama requested and $1 million more than 2009.
The House plans to take up the Homeland Security bill Friday and the Legislative Branch bill June 24.
Deputy Defense Secretary William Lynn gave a speech at the Center for Strategic and International Studies this morning. He didn’t make any big announcement about the possible Pentagon “cyber command,” as some people had been speculating.
He did, however, rattle off a few interesting statistics about the cost of cybersecurity:
Cyber attacks on our military networks have not cost any lives, not yet. But in a six-month period, the Defense Department spent more than $100 million defending its networks… and we spend billions annually in a proactive effort to protect and defend our networks.
$200 million annually on cybersecurity â€” and just at one department. (The largest department, I know, but still…)