Security News > 2001 > February > Congress to Weigh Web Defense Plan
http://www.computerworld.com/cwi/stories/0,1199,NAV47-68-84-91_STO57603,00.html By DAN VERTON February 12, 2001 A report that proposes sweeping changes in the way the government organizes its cyberdefenses is gaining support on Capitol Hill. Lawmakers are preparing to introduce legislation this week based on the recommendations in the report, which was issued last month by the U.S. Commission on National Security. Rep. Mac Thornberry (R-Texas), a member of the House Armed Services Committee, plans to introduce a bill this week that would create the National Homeland Security Agency (NHSA). If approved, the NHSA will use the Federal Emergency Management Agency (FEMA) as a building block and will possibly replace FEMA in the long run. NHSA would oversee government and private-sector efforts to protect the nation's critical infrastructure from both cyber and physical attacks, as called for by the commission's report. The goal is to create a virtual tripwire that can alert the national security community to significant cyberthreats without violating the privacy of U.S. citizens or compromising the proprietary data of private firms, which own and operate the bulk of the nation's critical infrastructure. Not Everyone's Optimistic However, sources close to the commission, headed by former Sens. Gary Hart and Warren B. Rudman, said they aren't optimistic that the report's recommendations will be turned into action anytime soon. They blame an arthritic federal bureaucracy burdened by Cold War-era policies, interagency funding rivalries and a Bush administration that is still trying to figure out what its priorities will be. "I'm not optimistic at all," said a government source close to the commission. It's unfortunate, the source said, because the commission is offering "a neutral model that is not pro-industry and is not pro-law-enforcement." The bill would also roll up a half-dozen agencies currently involved in cyberdefense into the new structure. Harris Miller, president of the Information Technology Association of America, an Arlington, Va.-based trade group comprised of thousands of private firms, said streamlining the critical infrastructure protection effort in this way would be a welcome development. The current structure "is very confusing, with many points of entry. Having a primary source of contact with industry would make it a lot easier," he said. Still, not everyone is thrilled with the idea. "I think the commission may have done a disservice to infrastructure protection by tying it to the unachievable goal of creating a new agency," said Steven Aftergood, an analyst at the Federation of American Scientists in Washington. "In the absence of an actual crisis, the existing national security bureaucracy is unlikely to permit the establishment of a major new competitor for authority and funds," he added. But Thornberry is committed to ensuring that the three-year study by the bipartisan commission - the first such comprehensive review of national security structures since 1947 - doesn't go ignored, said Kim Kotlar, a member of the Texas Republican's staff. "You have to do more with this report than stick it on a shelf," she said. The proposed critical infrastructure protection (CIP) directorate within the new agency would be responsible for overseeing critical networks and coordinating government and private-sector efforts to address the nation's vulnerability to electronic or physical attacks. That effort is now done through a maze of federal agencies and private partnerships. Kotlar said Thornberry and others are prepared for an onslaught of criticism similar to Aftergood's. She added that the plan is not to build additional agencies but to streamline what is already in place. However, with Congress evenly split by party lines and a profound lack of consensus about a security policy, any attempt at a sweeping reorganization right now seems doomed, said Aftergood. "Infrastructure protection will have to proceed on its own track," he said. ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
News URL
http://www.computerworld.com/cwi/stories/0,1199,NAV47-68-84-91_STO57603,00.html