Cybersecurity

By Ben Bain

Blog archive

Senate moves to bolster cybersecurity oversight

The 2010 Intelligence Authorization Act, which the Senate passed today, includes a provision that would increase oversight for intelligence-related multiagency cybersecurity programs that involve the use of personally identifiable information.

Section 337 of the bill (S. 3611) “sets forth a preliminary framework for executive and congressional oversight to ensure that the government’s national cybersecurity mission is consistent with legal authorities and preserves reasonable expectations of privacy,” according to a report from Senate Select Intelligence Committee that cleared the bill last month. The legislation that the Senate cleared today included one amendment, but it didn’t alter the focus of the bill’s cybersecurity provisions.

The report said the definition of cybersecurity programs in the section “intentionally excludes firewalls, anti-virus programs and other routine programs.” It also excludes individual cyber operations or cyber information-sharing conducted in a non-programmatic fashion, such as the sharing of a piece of information for a particular investigation.

The section “instead focuses on multiagency cybersecurity programs in which large amounts of information are characterized, screened, or inspected for the purpose of protecting government networks,” the report said. “These types of programs pose challenging new legal and privacy questions that make congressional and Executive branch oversight particularly important.”

Specifically, the bill would require the White House to notify Congress about cybersecurity programs and provide lawmakers with information on a program’s legal basis, certifications of the program’s legality, concepts of operations privacy impact statements and plans for independent audit or review of the program.

For existing programs, the notification and documentation would need to be provided with 30 days of the enactment of the bill. The notification and documents for new programs would be required within 30 days of the commencement of the program, assuming the bill became law.

The notification requirements are intended to ensure that Congress knows of significant legal, privacy and operational aspects of each new cybersecurity program, the report submitted by the committee chairwoman, Sen. Dianne Feinstein, said.

The committee report said a certification of a cybersecurity program as described by the bill would have to address the legality of the program as a whole and would have the potential to authorize providers of wire or electronic communication to provide significant assistance to the government, without fear of litigation.

“Given the potential impact of any certification, the committee believes that significant congressional oversight is warranted,” the report said.

In addition, heads of agencies with responsibility for a cybersecurity program would have to work with their inspectors general to prepare a report describing the results of any audit or review under the audit plan and assess whether the cybersecurity program is in compliance with and adequately described by the documents submitted to Congress.

“This subsection is designed to provide an independent check that the agencies are conducting cyber operations in a manner consistent with executive branch guidance and to supply Congress more information about the operation of those programs,” the report stated.

In addition, according to the report, the bill would:

  • Require inspectors general to prepare a report on the sharing of cyber threat information inside the government and with those responsible for critical infrastructure one year after the bill would be enacted.
  • Allow intelligence community experts to be made available to the Homeland Security Department through a detail program.
  • Require the Director of National Intelligence to have a plan for recruiting, retaining and training an adequate cybersecurity workforce and to assess the capabilities of the current workforce.
  • Have the DNI work with the attorney general, the head of the National Security Agency, the White House Cybersecurity Coordinator, and any other officials the DNI considers appropriate to submit three annual reports containing guidelines or legislative proposals to improve the cybersecurity capabilities of intelligence and law enforcement agencies.

Posted by Ben Bain on Aug 05, 2010 at 7:22 PM


Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here
close
SEARCH
contracts DB

Trending

  • Dive into our Contract Award database

    In an exclusive for WT Insider members, we are collecting all of the contract awards we cover into a database that you can sort by contractor, agency, value and other parameters. You can also download it into a spreadsheet. Read More

  • Is SBA MIA on contractor fraud? Nick Wakeman

    Editor Nick Wakeman explores the puzzle of why SBA has been so silent on the latest contractor fraud scandal when it has been so quick to act in other cases. Read More

Webcasts

  • How Do You Support the Project Lifecycle?

    How do best-in-class project-based companies create and actively mature successful organizations? They find the right mix of people, processes and tools that enable them to effectively manage the project lifecycle. REGISTER for this webinar to hear how properly managing the cycle of capture, bid, accounting, execution, IPM and analysis will allow you to better manage your programs to stay on scope, schedule and budget. Learn More!

  • Sequestration, LPTA and the Top 100

    Join Washington Technology’s Editor-in-Chief Nick Wakeman as he analyzes the annual Top 100 list and reveals critical insights into how market trends have impacted its composition. You'll learn what movements of individual companies means and how the market overall is being impacted by the current budget environment, how the Top 100 rankings reflect the major trends in the market today and how the biggest companies in the market are adapting to today’s competitive environment. Learn More!