The House Homeland Security Committee passed the new Bill, HR 3107, or the Homeland Security Cybersecurity Boots-on-the-Ground Act, on October 29th. The purpose of this Bill is to increase the capacity of the Cybersecurity work force at the Department of Homeland Security. The Secretary of Homeland Security will establish comprehensive occupation classifications for those DHS employees who are acting in pursuant of the Cybersecurity mission of the DHS within ninety days.
The mission of the Office of Cybersecurity and Communications at DHS is to protect the public and the government from disturbances to critical information infrastructure. The Bill itself further defines the cybersecurity mission as follows: “activities that encompass the full range of threat reduction, vulnerability reduction, deterrence, incident response, resiliency, and recovery activities to foster the security and stability of cyberspace.” The classifications will be used at the DHS and other Federal agencies.
The Bill will also allow the Secretary of DHS to review and assess the capacity of the cybersecurity office in successfully meeting the cybersecurity mission. This assessment will determine which individuals are in cybersecurity positions and will determine the number of individuals hired by Janet Napolitano in 2009 when, as DHS Secretary, she had the authority to hire 1000 cybersecurity employees for a three-year term. The assessment will also determine the number of cybersecurity vacancies in the department and the percentage of cybersecurity employees who received essential training for their jobs.
The Bill also calls for the Secretary to implement a workforce strategy that increases the level of training, recruitment, and retention of cybersecurity employees and strengthens their preparedness and overall capability; this involves a 10-year projection of Federal workforce needs. Lastly, the Bill calls for a new process to verify that contracted individuals who work for the DHS cybersecurity function receive continual information and training to perform their designated roles. The DHS Secretary will provide updates on the progress of the cybersecurity mission and the workforce strategy to Congress.
The Government Accountability Office found in November 2011 that DHS reported it had difficulty filling the vacant cybersecurity positions and that although DHS had guidelines for the roles and responsibilities of its cybersecurity employees, the guidelines were “not consistent” throughout DHS. Furthermore, it had allocated in 2011, $2000 per person for training its cybersecurity personnel.
Bruce McConnell, previously the deputy undersecretary for cybersecurity at DHS, said that DHS tried to create a long-term plan “for the government and for the homeland security enterprise, which includes all the private sector and everyone else showing…. the capabilities that need to be built and the actions that need to be taken…” He believed it was vital for DHS to learn from the private sector who are at the forefront of technology.
The Congress voted on HR 3107, at a time when the Senate has not still decided on new cybersecurity legislation. Last year, the House passed CISPA (Cyber Intelligence Sharing and Protection Act) that provided for information sharing between the intelligence community and cybersecurity entities of cyber threats and cyber intelligence. However, the Senate has still not voted on CISPA. CISPA was met with criticism from Democrats and the White House. In January, Democrats proposed a New Cybersecurity Bill, The Cybersecurity and American Cyber Competitiveness Act, that had three purposes: to increase cooperation between the Federal Government and the private sector, to add more jobs to the American information technology industry and to protect private information and the identities of Americans and American businesses. However, it is still unclear whether the Senate will agree upon and pass new Cybersecurity legislation, especially in light of the recent government shutdown. The Senate has prioritized other issues recently, over Cybersecurity, which has been pushed to the back burner.
Recently, however, the Democrat Senator Dianne Feinstein confirmed that CISPA would be brought before the Senate because of NSA support for the bill to be reintroduced. The earlier version of the Bill drew sharp criticism in April and prompted the creation of a petition over privacy concerns and fears. In response to the opposition, the White House also did not support CISPA, saying that as it stood, the President would veto the Bill.
HR 3107 demonstrates the concern of the government’s, especially DHS, over increasing efforts to combat cybersecurity threats. However, considering CISPA and other cybersecurity bills that have not passed Senate approval in the past couple years, there is still no comprehensive legislation that tackles the core and substance of cybersecurity dangers and interests.