WASHINGTON, D.C. – Congressmen Jim Langevin (D-RI) and Michael McCaul (R-TX) today introduced a bill that will establish strong, centralized oversight to protect our nation’s critical information infrastructure and design a comprehensive policy for operating in cyberspace. The Executive Cyberspace Authorities Act of 2010 closely follows recommendations developed by the CSIS Commission on Cybersecurity for the 44th Presidency, which the two Congressmen co-chaired, by establishing a National Cyberspace Office in the Executive Office of the President that includes strong authorities over agency information security policies.

“This legislation is long overdue and will help fill a critical void in our cybersecurity infrastructure,” said Langevin, co-chair of the House Cybersecurity Caucus. “While the President’s establishment of a Cybersecurity Coordinator was an encouraging step, the position was not given the proper authorities to adequately secure our networks and coordinate IT policy across government. Our legislation aims to enhance this position, giving it more authority.”

“Every day our government and private networks are breached and often sensitive, proprietary information is stolen by individuals and rogue nations,” said McCaul.  “We know these groups intend to inflict harm on the United States. This legislation will finally establish the necessary coordination to protect our networks and infrastructure from sabotage.”

Under the bill, the National Cyberspace Office (NCO) will be led by a Cyberspace Director, who will be appointed by the President subject to confirmation by the Senate and have a seat on the National Security Council. Along with coordinating the security of our federal information infrastructure policies and practices, the Cyberspace Director would also review and approve each civilian federal agency budget relating to the protection of information technology (IT) infrastructure.  

The legislation further directs that each civilian agency include with its annual budget:

A review of threats faced by the agency to its information security systems
A plan to secure the agency’s IT infrastructure, based upon National Institute of Standards and Technology guidelines and recommendations
Agency compliance with its established IT practices, including compliance with the Federal Information Security Management Act
A report on development of secure identity and authentification processes

Also, under the bill, the Cyberspace Director may recommend that the President withhold awards and bonuses for specific agencies that fail to make adequate efforts to secure their IT infrastructure in their budgets.  The Cyberspace Director will also be responsible for annually providing to Congress an assessment of agency progress in developing and implementing IT policies, significant agency deficiencies and planned remedial action.