Bill before Congress would create new cybersecurity secretary, while reforming FEMA

Washington (DC) - In the wake of urgent calls since the nation's hurricane disasters to reform federal government response to disasters, a bill introduced in the US House of Representatives last week would effectively separate Internet infrastructure protection from civil infrastructure (sewer, utilities, public services) protection, by elevating cybersecurity to an assistant secretary-level post.

Introduced last Thursday by Rep. Bennie Thompson (D - Mississippi), the Department of Homeland Security Reform Act of 2005 would implement four of six recommendations made last July by DHS Secretary Michael Chertoff, including the creation of the office of the Assistant Secretary for Cybersecurity and Telecommunications. In eliminating the current Information Analysis and Infrastructure Directorate, the Act would instead create the role of Chief Intelligence Officer for DHS who, as described in a speech last July by Sec. Chertoff, "will head a strengthened Intelligence and Analysis division that will report directly to me. This office will ensure that intelligence is coordinated, fused and analyzed within the Department so that we have a common operational picture of what's going on."

The "CIO" would also serve as DHS' liaison to the rest of the intelligence community, perhaps advising the Director of National Intelligence.

Separate from intelligence gathering and information analysis functions, though, the new Asst. Sec. for Cybersecurity post would be created within what the Act is calling the Directorate of Preparedness and Response, whose principal task is to respond with services in case of national emergency. Sec. Chertoff introduced the concept of the "preparedness directorate" back in July; the Act adds the term "Response." In a statement issued by the House, the new directorate would be established "in place of the weak Emergency Preparedness and Response Directorate."

The House statement describes the tasks of the proposed assistant secretary as 1) overseeing the National Communications System; 2) improving information sharing with the private sector; 3) establishing threat reduction and training programs; 4) establishing and managing a national response system for attacks on information resources; 5) helping federal, state, and local governments enhance their cybersecurity programs; and 6) improving international cybersecurity awareness and cooperation. Point 4 is interesting in that it does not refer to the current United States Computer Emergency Readiness Team (US-CERT), so it is unclear at present whether that team would be rolled into the new preparedness directorate, or replaced with a new group.

However, the Federal Emergency Management Agency would be included in the new preparedness directorate, led by an official "who must have an extensive background in emergency or disaster-related management," the House statement describes. Former FEMA Director Michael Brown, who resigned following criticism of his agency's handling of the hurricane disasters, had a background in the private sector.