Shows & Panels
Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- American Readiness: Renewable Power and Efficiency Technologies
- Ask the CIO
- Building the Hybrid Cloud
- Connected Government: How to Build and Procure Network Services for the Future
- Continuing Diagnostics and Mitigation: Discussion of Progress and Next Steps
- Federal Executive Forum
- Federal News Radio's National Cyber Security Awareness Month Special Panel Discussion
- Federal Tech Talk
- The Future of Government Data Centers
- The Future of IT: How CIOs Can Enable the Service-Oriented Enterprise
- Government Perspectives on Mobility and the Cloud
- The Intersection: Where Technology Meets Transformation
- Maximizing ROI Through Data Center Consolidation
- Mitigating Insider Threats in Virtual & Cloud Environments
- Modern Mission Critical Series
- The New Generation of Database
- Reimagining the Next Generation of Government
- Targeting Advanced Threats: Proven Methods from Detection through Remediation
- Transformative Technology: Desktop Virtualization in Government
- The Truth About IT Opex and Software Defined Networking
- Air Traffic Management Transformation Report
- Cloud First Report
- General Dynamics IT Enterprise Center
- Gov Cloud Minute
- Government in Technology Series
- Homeland Security Cybersecurity Market Report
- National Cybersecurity Awareness Month
- Technology Insights
- The Cyber Security Report
- The Next Generation Cyber Security Experts
Shows & Panels
Senate begins work on FISMA update
Friday - 12/16/2011, 5:59am EST
An update to the Federal Information Security Management Act is under review by members of Congress.
Sen. Joseph Lieberman (I-Conn.) said Thursday night during a speech before the Homeland Security and Defense Business Council (HSDBC) in Washington that congressional staff is reviewing a draft of the changes to FISMA.
"Majority Leader Harry Reid has promised that the Senate will consider comprehensive cybersecurity legislation early next year, and we are hard at work in advance of that deadline," according to Lieberman's prepared remarks given to the media before the speech. "On Monday, we circulated to stakeholders a staff draft of legislative language that would improve critical infrastructure security. More titles will be circulated in the weeks to come and we are looking forward to meeting with interested parties to discuss these proposals."
Senate lawmakers have been trying to update FISMA for the last three years.
Sen. Tom Carper (D-Del.) introduced a bill to update the 2002 law in 2008 and held out hope each successive year, but couldn't get enough traction. Rep. Diane Watson (D-Calif.) introduced a version of the FISMA update in 2010, but again, it got nowhere.
Watson also tried to add a FISMA update to the 2010 Defense Authorization bill. But the provisions were not included in the final law.
Lieberman's speech didn't offer any specifics about FISMA, but he did go into more details about other parts of the comprehensive cybersecurity legislation.
Sen. Joseph Lieberman (I-Conn.)
"We would start by directing the Department of Homeland Security (DHS) to work with industry to identify and evaluate the risks to the country's most critical cyber-infrastructure, and to develop risk-based performance standards that these crucial systems would have to meet," Lieberman said. "Once this has been done, owners and operators would select security measures to safeguard their systems. These plans would be reviewed by DHS cyber-experts to ensure they improve security. Our legislation would also provide liability protection for owners and operators who are in compliance with their approved security plans."
Lieberman said DHS would help create the development of cybersecurity "best practices" as a model for the private sector. These also would help lead to the development of better security techniques and the creation of industry-wide standards of care would lead commercial networks to install them as a way to keep customers and draw in new ones.
Additionally, DHS would have the statutory responsibility to ensure that the government is sharing threat, vulnerability and mitigation information with the private sector.
Another part of the bill would try to address hardware and software cybersecurity. Lieberman said Congress would encourage agencies to only buy from vendors who "bake" security in from the beginning of development.
"Using the federal government's purchasing power, I believe would help prod technology companies to produce more secure products, which would then be available to businesses and consumers," he said.
Howard Schmidt, the White House cyber coordinator, said in an interview with Federal News Radio the new cybersecurity research and development strategy released last week by the White House tries to address that concern.
"We are using this research to leapfrog ahead so it's not a matter of upgrading to this generation or that generation, but make it so you leap ahead and reduce the vulnerabilities in your system," he said. "In many cases we are finding they are still using old software and systems that are not designed to be resilient and as result have to make critical up grades in a short amount of time."
President Barack Obama shakes hands with White House Cyber Security Chief Howard A. Schmidt at the White House on Dec. 17, 2009. (Official White House Photo by Lawrence Jackson)
The effort to improve cyber through the procurement process is not new, but is part of how DHS is trying to protect civilian networks.
Lieberman said to better protect civilian networks, DHS should continue to rely on the expertise of the Defense Department's National Security Agency.
"In this year's National Defense Authorization Act, we took an important first step in formalizing these relationships when we codified an existing agreement between DHS and NSA to share resources," he said. "This is small step, but it is nonetheless important — and provides an example of how Congress can put aside partisanship to address our nation's pressing cybersecurity needs."
Lieberman, who is retiring at the end of his term in 2012, said his "goal is to pass this bill and get it to the President before I leave the Senate."
Schmidt said the White House has been working with the Hill to get the cyber legislation passed.
"We are very thankful Senator Reid has committed to actually move the debate of the cybersecurity legislation to the first Senate work period of next year," Schmidt said. "We could be moving forward with a lot of these things in January and February. We will continue to work with the leadership in both the Senate and House to help bring these things together and to make sure they stay informed of what we are looking to get of the various programs we are doing, but more importantly what are the things we need specifically legislatively to help."