H.R. 285, also known as the DHS Cybersecurity Enhancement Act of 2005, was proposed earlier this year by U.S. Reps. Zoe Lofgren (D-Calif.) and Mac Thorberry (R-Texas).
Lawmakers and industry groups have said the current cybersecurity post is buried too deep in DHS to be effective.
H.R. 285 would create the assistant cybersecurity secretary post within the DHS Information Analysis and Infrastructures Protection Directorate. The secretary would have primary authority in DHS for all cybersecurity-related critical infrastructure programs.
The new higher-level cybersecurity position will be better able to coordinate with other assistant secretaries within the DHS Directorate, "as well as officials throughout the department, other federal agencies, and the private sector," Lofgren said in a statement.
"This bill will help make sure our government is devoting the proper amount of attention to cybersecurity," Thornberry said.
With the passage of H.R. 285 by the House Homeland Security subcommittee on economic security, infrastructure protection and cybersecurity, the legislation now awaits consideration by the full committee.
In testimony to the subcommittee, Cyber Security Industry Alliance Executive Director Paul Kurtz supported the creation of the new post.
"We are seeing increased threats and vulnerabilities associated with our information infrastructure. We rely upon our information infrastructure, yet there is not one clearly in charge of coordinating its security and reliability," he said.
"The Department's responsibilities to identify critical information infrastructure, develop emergency communications, contingency and reconsititution plans are compelling, yet the leadership is not," he said.
Logren and Thornberry's bill revives the legislation they initially proposed last year, which wound up being excluded from a final intelligence reform bill approved by Congress and signed by the President.
Last week the Cyber Security Industry Alliance told Congress it should should take a comprehensive approach to cybersecurity instead of its current way of dealing with spyware, phishing, and data warehouse security on a piecemeal basis.