 | |
| |
TechnologyDaily Mobile
The Ins and Outs Of Homeland Security
by William New
The tech sector is pleased with lawmakers' progress on legislation to create a Homeland Security Department, but there are some areas that need work, industry members say.
"I think what we're seeing is two very different approaches" to creating a new department, said David Colton, vice president for strategic initiatives at the Information Technology Association of America. "There is more alignment on the tech issues. The main transcendental issues, above the IT pay grade [such as protections for workers transferred to the new department], might make for an interesting conference."
The House passed its homeland security bill, H.R. 5005, on July 26 by a 295-132 margin. The Senate Governmental Affairs Committee approved its bill, S. 2452, on July 25 and plans to address it in September upon returning from their summer recess. Sources said it is unlikely that the bill would be completed by the one-year anniversary of the terrorist attacks on Sept. 11.
'Indemnification' Issue Hovers At No. 1
The tech industry is focused on certain provisions that differ between the House and Senate bills or were left out altogether. Perhaps the top issue on the tech agenda is ensuring liability protection, or "indemnification" for providers of homeland security technology products and services when these fail.
"This is the No. 1 issue" in the bill, said Colton. "It's where we're wearing out the shoe leather. There is not much of an August recess for anyone working on the indemnification issue. It's been an extremely active time."
The House bill contains a product liability provision that gives Homeland Security secretary the authority to designate technologies that qualify for risk protection. Under the act, tech firms' liability would not exceed the level of mandated insurance coverage.
The Senate bill does not have any language on liability, since Senate Governmental Affairs ranking Republican Fred Thompson of Tennessee withdrew an amendment during the committee vote that would have indemnified tech firms. Under that amendment, which mirrors one passed in the House Government Reform Committee and narrowly rejected on the House floor, the federal government would cover costs above a reasonable insurance level. Before withdrawing it, Thompson coaxed a commitment out of Governmental Affairs Committee Chairman Joseph Lieberman, D-Conn., to discuss the issue later on.
"Senator Lieberman is still looking at the provision," and is working with Thompson, spokeswoman Leslie Phillips said late last week. "He hasn't closed the door, but we want to make sure we're doing the right thing if we are exposing the government to new liability costs."
The White House in a statement of administrative policy issued July 25 "strongly opposed" indemnification for companies selling to all levels of government. "Such an amendment is fiscally irresponsible due to the potential for excessive costs that can be neither reasonably estimated nor controlled," it said.
Until more certainty is reached on the liability issue, company executives are holding back from bidding on homeland security contracts, Colton said. "They're saying, 'Do I want to bet the entire company?'" he said.
Undersecretary Position Garners Great Interest
There are a number of other issues of importance to the tech industry. Both bills establish an undersecretary of science and technology. A structural difference between the two bills is that the House places information analysis and critical infrastructure protection below one undersecretary. The Senate bill splits these two areas.
Both bills contain exemptions from the Freedom of Information Act for those firms that voluntarily provide information critical infrastructure vulnerabilities to the department. The Senate bill is more restrictive, eliminating provisions that would pre-empt state open-record laws, potentially limit corporate civil liability and would require the federal government not to disclose certain information.
Both bills detail procedures for improved sharing of information and intelligence, including formation of a common database. Both call for interoperability with state and local levels as well.
Cyber Security Issue Melds Pieces Of Agencies
To cover cyber-security, both bills transfer portions of several agencies. But the House alone transfers the advanced scientific computing research program of the Lawrence Livermore National Laboratory. Only the Senate bill transfers the Computer Security Division of the National Institute of Science and Technology (NIST), like the administration proposal. Some in the tech industry have prioritized prevention of the transfer, contributing to the House decision to block it.
The House bill creates a federal cyber security program beneath the undersecretary for information analysis and infrastructure protection. The program's tasks would include evaluating use by civilian agencies of tools to protect the nation's critical infrastructure, the vast majority of which is in private hands. The cyber-security program would set up an information system security team to give technical expertise to civilian agencies. Separate measures are provided for non-federal cyber security.
Nearly 40 more pages of the House bill are devoted to information security, recognizing that individual agencies should pick their own hardware and software security solutions, requiring annual audits of agencies security measures, and designating NIST to set information security standards.
Techies Keep Tabs On R&D Initiatives
The House bill provides the secretary the authority to establish or contract with federally funded research centers, and sets out specific criteria that must be met by a university in order to be designated a center. The provision originated with Rep. Joe Barton, R-Texas, and several other Republican members of the Texas delegation supported it, such as Majority Whip Tom DeLay. It has been said by several members and staff to have been written specifically for Texas A&M.
The House bill also creates an independent Homeland Security Institute for research and development on homeland security. Its charter would be to develop methods of analysis to assess alternative approaches to enhancing security, including technologies.
It also establishes a Science and Technology Coordination Council to establish priorities for R&D, testing and evaluation activities under the new department. And in another section, requires the secretary to work with the Energy secretary to establish "a center to serve as the primary location for carrying out research, development, test and evaluation activities of the department." Additional centers could follow.
The House bill creates a program to encourage technological innovation, including an information clearinghouse, issuance of calls for technologies, and provision of technical assistance.
The Senate bill folds these responsibilities into the science and technology directorate. It establishes a science and technology council to recommend priorities and strategies, creates a $200 million "acceleration" fund for new security technologies, and establishes a Security Advanced Research Projects Agency, or SARPA, to carry out R&D and speed up deployment of technologies.
It gives shared responsibility on cyber security to the State Department, and calls for the "necessary organizational structure" for cyber and physical security of critical infrastructure. The directorate also would have an office for technology evaluation and transition to serve as a clearinghouse for new technologies.
The Senate bill allows the department to jointly sponsor R&D at national laboratory programs. It establishes an office of laboratory research and an office for national laboratories. The bill also allows the under secretary to set up an advisory panel.
Both bills designate a privacy officer and a chief information officer. They both add a National Emergency Technology Guard, or NET Guard, of scientists to respond to emergencies. The more detailed Senate version includes the establishment of a database of NET Guard volunteers and orders to prescribe procedures for NET Guard teams.
NEW FEATURE
-Advertisement-
-Advertisement-
-Advertisement-
