Priorities
Last week, following the cyber attack at the Office of Personnel Management (OPM) which compromised the personal information of at least 22 million individuals, Sen. Warner and Sen. Susan Collins (R-ME) were joined by a group of bipartisan colleagues to introduce the FISMA Reform Act of 2015.
Today, the Senate Homeland Security and Governmental Affairs Committee (HSGAC) unanimously approved legislation – the Federal Cybersecurity Enhancement Act – that includes all of the key provisions of the FISMA Reform Act.
“The attack on the Office of Personnel Management was a painful illustration of how much work we have to do to secure the ‘.gov’ domain. Today the Homeland Security and Governmental Affairs Committee took an important step by approving legislation to strengthen cybersecurity across the federal government, including key provisions from the bill Senator Collins and I introduced last week to give DHS the tools it needs to better protect civilian networks,” said Sen. Warner.
Explaining the problem, Sen. Warner noted, “Right now, the Department of Homeland Security does not have the authorities it needs to enforce cybersecurity standards, and agencies’ reliance on DHS to find and neutralize cyber threats is voluntary. That’s a real problem as we face a growing number of these cyber attacks, because our federal networks are only as secure as their weakest link.”
The bhe Federal Cybersecurity Enhancement Act, was authored jointly by Sens. Ron Johnson (R-WI) and Tom Carper (D-DE), the Chairman and Ranking Member of the Senate Homeland Security Committee. The bill initially only included three of the five key provisions from the Collins-Warner bill. For this reason, Sens. Kelly Ayotte (R-NH) and Claire McCaskill (D-MO), who are original cosponsors of the Collins-Warner bill and also members of HSGAC, introduced two critical amendments to today’s HSGAC bill to ensure that this legislation now includes the five key policy provisions that made up the Collins-Warner bill introduced last week.
The provisions approved by HSGAC today would:
- Allow the Secretary of Homeland Security to operate intrusion detection and prevention capabilities on all federal agencies on the .gov domain.
- Direct the Secretary of Homeland Security to conduct risk assessments of any network within the government domain.
- Allow the Secretary of Homeland Security to operate defensive countermeasures on these networks once a cyber threat has been detected.
- Strengthen and streamline the authority Congress gave to DHS last year to issue binding operational directives to federal agencies, especially to respond to substantial cyber security threats in emergency circumstances.
- Require the Office of Management and Budget to report to Congress annually on the extent to which OMB has exercised its existing authority to enforce government wide cyber security standards.
The bill must now be considered by the full Senate and could be considered as an amendment to the Cybersecurity Information Sharing Act.