House Republican leaders backed away Thursday from a proposal to move important cybersecurity functions from the Homeland Security Department to the White House budget office.
They substantially revised the proposal, which drew complaints from the technology industry and some key lawmakers after it was added to the broad U.S. intelligence reorganization that could be introduced as early as Friday. The scaled-back proposal would still give the Office of Management and Budget new responsibilities for coordinating U.S. policies to improve the security of vital government computer networks.
The legislation as originally planned would have created a new Office of Critical Infrastructure Information Protection at the budget office. The new group’s administrator would have been responsible for the analysis of threats from hackers and terrorists against vital networks, warnings about attacks, reduction of network weaknesses and coordination with private companies and organizations.
Those are primarily the responsibilities of the National Cyber Security Division (NCSD) inside the Homeland Security Department, run by the government’s cybersecurity chief, Amit Yoran.
The Associated Press obtained drafts of both proposals.
“The private sector has worked hand in hand with the NCSD and Amit, and he understands our needs,” said Dexter Ingram, director of information security policy at the Business Software Alliance, whose members include Microsoft Corp., IBM and Intel Corp. “We understand the growing pains that DHS is going through, but we’ve put a lot of blood, sweat and tears into this.”
The technology industry has made a concerted push in recent months to elevate Yoran’s role inside Homeland Security one notch to that of an assistant secretary, which could mean broader authority and more money for cybersecurity issues.
“This was rather sudden,” said Greg Garcia, a vice president at the Information Technology Association of America, a leading trade group. “There were plenty of folks who had put a lot of work into working with DHS, and we want to see that work. A second agency with a second set of responsibilities — it would make our job harder.”
Both OMB proposals were drafted by Rep. Tom Davis, R-Va., chairman of the House Government Reform Committee, which would probably have jurisdiction over cybersecurity efforts inside the White House budget office. A committee spokesman, David Marin, said that under the original Davis plan, the budget office would have established cybersecurity policies that Homeland Security would still have been responsible for carrying out.
Bill Connor, the chief executive at Entrust Inc., said he was less concerned about the placement of government cybersecurity efforts within the administration than what he described as inadequate attention paid to the issue. Connor described the OMB proposals as “rearranging deck chairs on the Titanic,” and complained that “cybersecurity is just a footnote in overall DHS plans.”
Yoran works at least three steps beneath Homeland Security Secretary Tom Ridge. He effectively replaced a position in the National Security Council of the White House once held by Richard Clarke, a special adviser to President Bush.