Draft Cyber Bill Gives DHS Controversial Authorities
January 13, 2012
Federal News Radio
By Jason Miller
The draft version of the comprehensive cybersecurity bill could give the Homeland Security Department the ability to take “any lawful action” against contractors if their systems are under attack.
Bob Dix, a former staff director for the House Oversight and Government Reform Committee and now vice president government affairs and critical infrastructure protection for Juniper Networks, said that could mean taking over a vendor’s system that contains federal data.
“There’s some concern about what would be the criteria about that and how it would be the government has the ability under a provision of lawful action to take over a system used by an agency even if it’s owned by a contractor,” Dix said. “I am worried about the notion that suggests the government would have the authority under law to be able to take over systems of contractors if they view them as having vulnerabilities even if only a small percentage of that is government utilization.”
The provision Dix is talking about is in Section 3553 of the bill’s Federal Information Security Management Act (FISMA) Reform section.
The draft bill, obtained by Federal News Radio, would give the secretary of DHS the ability to “direct officials of agencies that own, operate, lease or otherwise control an information system, including information systems used or operated by another entity, including contractors, on behalf of a federal agency, to take any lawful action with respect to the operation of such information system for the purpose of protecting that information system from or mitigating a cybersecurity threat.”
Dix said FISMA needs to be updated and several of the changes in the draft bill are good, but this provision goes too far.
Not everyone reads the provision the same as Dix.
James Lewis, the director of the Technology and Public Policy Program at the Center for Strategic and International Studies (CSIS), said Dix’s interpretation is a bit extreme.