Cybersecurity czar may get a promotion

Department of Homeland Security proposals would bump up the top official, give cash to colleges and notch up response to attacks.

Declan McCullagh Former Senior Writer

Declan McCullagh is the chief political correspondent for CNET. You can e-mail him or follow him on Twitter as declanm. Declan previously was a reporter for Time and the Washington bureau chief for Wired and wrote the Taking Liberties section and Other People's Money column for CBS News' Web site.

See full bio

Declan McCullagh

Sept. 20, 2004 2:09 p.m. PT

2 min read

Congress is returning to computer security topics this fall, with new legislation that proposes a reorganization of the Department of Homeland Security.

A pair of bills introduced last week in the U.S. House of Representatives would hand the department's senior computer security official a higher rank and more authority, as "assistant secretary for cybersecurity." They also put forward a plan to award millions of dollars in grants to colleges and universities for training and education of cybersecurity professionals.

The proposals, sponsored by Mac Thornberry, R-Tex., and Zoe Lofgren, D-Calif., would effectively promote the department's top cybersecurity official--currently Amit Yoran--by permitting him to report directly to Homeland Security Secretary Tom Ridge. Under the current arrangement, Yoran is a relatively low-level official who is two levels of bureaucracy removed from Ridge.

One of the bills would expand Yoran's responsibilities to include the creation of a governmentwide cybersecurity program that would oversee how agencies deal with serious attacks on the Internet infrastructure. The second would permit Yoran to allocate $3.7 million in grants to colleges with "cybersecurity professional development programs" or similar associate degree programs.

"As threats to the cyberinfrastructure increase, it is clear that the United States must pay closer attention and do more to protect our cybersecurity," Thornberry, the chairman of a House cybersecurity subcommittee, said in a statement. Previous efforts to recast Amit's position have failed.

In January, some Democrats on the Homeland Security Committee released a report that blamed the Bush administration for not doing enough regarding computer security. After presidential advisor Richard Clarke left, the report warned, "there is no longer a presidential advisor or senior official with the authority to direct all the agencies responsible for cybersecurity, should a cybercrisis occur."

Lawmakers have been considering other matters to do with computer and Internet security over the past few weeks.

Wayne Abernathy, an assistant Department of the Treasury secretary, warned a House committee this month that U.S. banks were under siege from computer attacks. "These assaults have progressed from computer hackers and pranksters into theft and now, we believe, on to schemes to disrupt the operations of our financial systems," Abernathy said in his prepared testimony. "Some of these attacks have their sources in organized crime. We believe that, increasingly, still more sinister actors are involved."

Sen. Russ Feingold, D-Wisc., has proposed amending the Patriot Act to clarify when police may eavesdrop on Internet users without court orders. Currently, that can go ahead when the owner of a computer system gives permission. Because that wording may allow unchecked surveillance of Internet users at cafes, hotels or airport business lounges, Feingold argued, explicit limits are necessary.

One House subcommittee has signaled that liability protection for computer security vendors may be a possibility in the congressional session that begins in early 2005. That will depend, in part, on the results from the Corporate Information Security Working Group, a collection of trade associations that consult with Congress.