Shows & Panels
- AFCEA Answers
- Ask the CIO
- The Big Data Dilemma
- Carrying On with Continuity of Operations
- Connected Government
- Constituent Servicing
- Continuous Monitoring: Tools and Techniques for Trustworthy Government IT
- The Cyber Imperative
- Cyber Solutions for 2013 and Beyond
- Expert Voices
- Federal Executive Forum
- Federal IT Challenge
- Federal Tech Talk
- Mission-critical Apps in the Cloud
- The Path from Legacy Systems
- The Real Deal on Digital Government
- The Reality of Continuous Monitoring... Is Your Agency Secure?
- Veterans in Private Sector: Making the Transition
Shows & Panels
Senate begins work on FISMA update
Friday - 12/16/2011, 5:59am EST
Sen. Joseph Lieberman (I-Conn.) said Thursday night during a speech before the Homeland Security and Defense Business Council (HSDBC) in Washington that congressional staff is reviewing a draft of the changes to FISMA.
"Majority Leader Harry Reid has promised that the Senate will consider comprehensive cybersecurity legislation early next year, and we are hard at work in advance of that deadline," according to Lieberman's prepared remarks given to the media before the speech. "On Monday, we circulated to stakeholders a staff draft of legislative language that would improve critical infrastructure security. More titles will be circulated in the weeks to come and we are looking forward to meeting with interested parties to discuss these proposals."
Senate lawmakers have been trying to update FISMA for the last three years.
Sen. Tom Carper (D-Del.) introduced a bill to update the 2002 law in 2008 and held out hope each successive year, but couldn't get enough traction. Rep. Diane Watson (D-Calif.) introduced a version of the FISMA update in 2010, but again, it got nowhere.
Watson also tried to add a FISMA update to the 2010 Defense Authorization bill. But the provisions were not included in the final law.
Lieberman's speech didn't offer any specifics about FISMA, but he did go into more details about other parts of the comprehensive cybersecurity legislation.
Sen. Joseph Lieberman (I-Conn.)
Lieberman said DHS would help create the development of cybersecurity "best practices" as a model for the private sector. These also would help lead to the development of better security techniques and the creation of industry-wide standards of care would lead commercial networks to install them as a way to keep customers and draw in new ones.
Additionally, DHS would have the statutory responsibility to ensure that the government is sharing threat, vulnerability and mitigation information with the private sector.
Another part of the bill would try to address hardware and software cybersecurity. Lieberman said Congress would encourage agencies to only buy from vendors who "bake" security in from the beginning of development.
"Using the federal government's purchasing power, I believe would help prod technology companies to produce more secure products, which would then be available to businesses and consumers," he said.
Howard Schmidt, the White House cyber coordinator, said in an interview with Federal News Radio the new cybersecurity research and development strategy released last week by the White House tries to address that concern.
"We are using this research to leapfrog ahead so it's not a matter of upgrading to this generation or that generation, but make it so you leap ahead and reduce the vulnerabilities in your system," he said. "In many cases we are finding they are still using old software and systems that are not designed to be resilient and as result have to make critical up grades in a short amount of time."
President Barack Obama shakes hands with White House Cyber Security Chief Howard A. Schmidt at the White House on Dec. 17, 2009. (Official White House Photo by Lawrence Jackson)
Lieberman said to better protect civilian networks, DHS should continue to rely on the expertise of the Defense Department's National Security Agency.
"In this year's National Defense Authorization Act, we took an important first step in formalizing these relationships when we codified an existing agreement between DHS and NSA to share resources," he said. "This is small step, but it is nonetheless important — and provides an example of how Congress can put aside partisanship to address our nation's pressing cybersecurity needs."
Lieberman, who is retiring at the end of his term in 2012, said his "goal is to pass this bill and get it to the President before I leave the Senate."
Schmidt said the White House has been working with the Hill to get the cyber legislation passed.
"We are very thankful Senator Reid has committed to actually move the debate of the cybersecurity legislation to the first Senate work period of next year," Schmidt said. "We could be moving forward with a lot of these things in January and February. We will continue to work with the leadership in both the Senate and House to help bring these things together and to make sure they stay informed of what we are looking to get of the various programs we are doing, but more importantly what are the things we need specifically legislatively to help."