Modernizing Authentication — What It Takes to Transform Secure Access
As it moves to bolster cybersecurity operations across the military and civilian branches of the federal government, the White House is heading up a review of the current legal framework for protecting critical digital infrastructure with the goal of presenting recommendations to Congress for overhauling the relevant statutes, the head of the Pentagon's Cyber Command unit told members of the House Armed Services Committee this week.
"Right now the White House is leading a discussion on what are the authorities needed and how do we do this," Gen. Keith Alexander told the panel, noting that Cyber Command is actively involved in the discussions.
"What they will look at across that is what are the authorities, what do we have legally, and then given that, what do we have to come back to Congress and reshape or mold for authorities to operate in cyber space."
President Obama signaled early on in his administration that he would push to streamline federal cybersecurity operations, but those efforts have been slowed by the far-flung activities across the agencies that have kindled turf wars over the details of where specific authorities should reside.https://o1.qnsr.com/log/p.gif?;n=203;c=204634421;s=15939;x=7936;f=201702151714490;u=j;z=TIMESTAMP;a=20304455;e=i
The Pentagon established Cyber Command in May, consolidating existing information security units into a single entity that will take the lead in safeguarding Department of Defense networks and systems and provide digital support for U.S. military operations, which could entail launching offensive operations against foreign combatants.
Cyber Command is based in Fort Meade, Md., where it works closely with the National Security Agency, which Alexander also directs.
Alexander stressed the enormity of the threat facing the Pentagon's digital infrastructure, telling the committee that military systems are subject to roughly a quarter of a million probes and scans each hour.
In the meantime, Cyber Command is nearing its full operating capacity under its authorizing mandate, though Alexander emphasized that it is still in its early development. In his prepared testimony, he likened the Command's preliminary operations to "swapping out the engine of a race car at high speed," and explained to the panel that the Pentagon, like other departments and agencies, is in sore need of additional cyberexperts.
"This is a work in progress, what we're doing at Cyber Command," Alexander said. "If you were to ask me what is the biggest challenge that we currently face, it's generating the people that we need to do this mission."
But beyond the personnel needs, Alexander indicated that the administration is still very much in the midst of developing its legislative recommendations for how Congress should proceed with cybersecurity.
In Congress, as with the agencies, turf wars complicate efforts at reform, with numerous committees asserting jurisdiction over at least a portion of the issues under debate.
Currently, a staff-level draft of legislation that merged two comprehensive cybersecurity bills from the Commerce and Homeland Security committee is circulating among other committees with an interest in the issue, including the panels on Intelligence, Foreign Relations and Judiciary.
Senate Majority Leader Harry Reid had asked the authors of the bills, Sens. John Rockefeller (D-W.V.) and Olympia Snowe (R-Maine) of Commerce, and Joe Lieberman (I-Ct.) and Susan Collins (R-Maine) of Homeland Security, to merge their legislation and circulate the combined draft around the Hill last month.
But in the time since, the draft bill has languished, according to a Senate aide who spoke on condition of anonymity because the aide is not authorized to discuss the process publicly.
Rather than introduce the merged bill as a standalone piece of legislation, members had envisioned the clearest path to enacting cybersecurity reform this session would be to attach the provisions as an amendment to the Defense authorization bill currently under debate, though amid a sluggish response from the committees and radio silence from the White House, that prospect is fading.
Follow eSecurityPlanet on Twitter @eSecurityP.