Measure would force White House, private sector to collaborate in cyber-crisis

By Ellen Nakashima
Washington Post Staff Writer
Wednesday, March 17, 2010

Key members of Congress are pushing legislation that would require the White House to collaborate with the private sector in any response to a crisis affecting the nation's critical computer networks.

The Cybersecurity Act, drafted by Senate commerce committee Chairman John D. Rockefeller IV (D-W.Va.) and committee member Olympia J. Snowe (R-Maine), is an attempt to prod the Obama administration and Congress to be more aggressive in crafting a coordinated national strategy for dealing with cyberthreats. It is to be unveiled Wednesday.

The senators also sponsored the National Cybersecurity Advisor Act, which would create a Senate-confirmed, Cabinet-level position to lead efforts to protect the nation's computer systems, elevating the role of the cyber coordinator's job that President Obama filled late last year. That bill is pending in the Senate.

Rockefeller and Snowe are members of the intelligence committee, which might draft legislation of its own, and they are privy to classified briefings on cyberthreats.

Despite an effort late in the Bush administration to create a national cybersecurity plan, the Obama administration's effort has been slowed by disputes over what roles the government and the private sector should play in protecting U.S. computer networks.

"Too much is at stake for us to pretend that today's cybersecurity policies meet the challenge of protecting us from tomorrow's cyber attacks -- which are waged on our wallets and our power grids and literally threaten to shut down our way of life," Rockefeller said in an e-mail.

The Cybersecurity Act was introduced last year to jump-start the debate, but it proved so controversial that it was reworked three times. The new version deletes a provision that would have enabled the president to shut down portions of computer networks in an emergency. The so-called "kill switch" was seen by critics as giving the president authority to shut down the Internet.

Instead, the bill would require the White House to work with the private sector in designating which industry networks are considered "critical" and to determine how those networks should be protected.

The Department of Homeland Security is creating an emergency response plan, but the legislation would mandate participation of other agencies with a stake in cybersecurity, such as intelligence agencies and the Pentagon.

The bill would confer no new presidential authority but is an attempt to clarify the government's authority to avoid bureaucratic confusion, a congressional aide said.

Phillip J. Bond, president and chief executive of TechAmerica, an industry group that has commented on drafts of the legislation, said the group is taking a "trust but verify" approach. "We'll want to verify that innovation trumps regulation in terms of the bill's approach, that partnership trumps mandates in terms of working with industry," he said.

Bond and other industry leaders have said that the lack of a similar measure in the House, and the lateness of the session, would make passage of the legislation difficult this year.

© 2010 The Washington Post Company