House action on DHS cyber oversight conflicts with Senate proposal

The House Homeland Security Subcommittee on Cybersecurity approved a bipartisan bill that would make the Homeland Security Department responsible for gauging the security of private networks.

In a concession to industry, the measure would not give DHS permission to penalize companies or network operators who fail to comply with the department's protection guidelines. A forthcoming Senate package appears to have more teeth than the one the House panel passed. Rep. Dan Lungren (R-CA), the author of the House measure, called his legislation, H.R. 3674, the "least intrusive" of the cyber bills under consideration. The White House last spring presented Congress with a legislative proposal that calls for propping up "an auditing regime to ensure compliance with their cyber standards," Rep Lungren said.

Under the committee's bill, DHS would not have the power to fine or otherwise punish covered critical infrastructure companies that fail to follow the standards, according to a committee aide. The House committee's legislation also would set up a nonprofit organization to mediate the sharing of cyber threat information between federal agencies and critical U.S. industries, such as the power, banking and health-care sectors. The proposed National Information Sharing Organization strives to address privacy concerns about Internet service providers being forced to share customer communications with the government.