Alliance proposes cybersecurity agency

Find opportunities — and win them.

A cybersecurity agency should be created in the proposed Department of Homeland Security, according to the Business Software Alliance.

A cybersecurity agency should be created in the proposed Department of Homeland Security, according to the Business Software Alliance in Washington.


The cybersecurity agency would ensure that significant attention and resources are focused on protecting the nation's public and private information infrastructures, the alliance said in a June 28 letter to Rep. Tom Davis, R-Va., chairman of the House Government Reform subcommittee on technology and procurement policy.


"As you know, strengthening cybersecurity requires analytical and technological capabilities that are related to, but also distinct from, traditional intelligence gathering and physical security functions. For example, federal efforts to strengthen cybersecurity will continue to require the strong participation of private industry, which owns 90 percent of the critical infrastructures in question and which developed the very technologies we are seeking to protect. The unique nature of the cybersecurity challenge, thus, requires that a separate coordinating body exist within DHS," wrote Robert Holleyman, BSA president and chief executive officer.


In its letter to Davis, the alliance also advocated that two bills sponsored by Davis be attached to legislation authorizing the Department of Homeland Security.


H.R. 2435, the Cyber Security Information Act, would make it easier for government and industry to share information about security breaches by allowing an exemption from disclosure under Freedom of Information Act requests. An antitrust exemption would also make it easier for private-sector firms to share information.


H.R. 3844, the Federal Information Security Management Act, would permanently reauthorize the Government Information Security Reform Act of 2000 and beef it up by eliminating waivers to its requirements. GISRA requires agencies to assess the security of their IT systems and include risk assessments and security needs in budget requests.