Shows & Panels
- AFCEA Answers
- Ask the CIO
- The Big Data Dilemma
- Carrying On with Continuity of Operations
- Connected Government
- Constituent Servicing
- Continuous Monitoring: Tools and Techniques for Trustworthy Government IT
- The Cyber Imperative
- Cyber Solutions for 2013 and Beyond
- The Data Privacy Imperative: Safeguarding Sensitive Data
- Expert Voices
- Federal Executive Forum
- Federal IT Challenge
- Federal Tech Talk
- Mission-critical Apps in the Cloud
- The Modern Federal Threat Landscape
- The Path from Legacy Systems
- The Real Deal on Digital Government
- The Reality of Continuous Monitoring... Is Your Agency Secure?
- Veterans in Private Sector: Making the Transition
Shows & Panels
Senators introduce long-awaited cyber bill
Tuesday - 2/14/2012, 6:57pm EST
Three senior senators today finally introduced the long-awaited comprehensive cybersecurity bill.
The three-year effort, now known as the Cybersecurity Act of 2012 (S. 2105) is an attempt to secure federal systems by updating the Federal Information Security Management Act (FISMA) and expanding the role of the Homeland Security Department in securing critical infrastructure, such as the power grid, water systems and other sectors that are vital to the nation.
The bill comes on the heels of President Barack Obama asking for a major upgrade of $751 million at DHS alone in the fiscal 2013 budget request sent to Congress Monday. In addition to money for DHS, the administration is making cybersecurity one of 14 governmentwide initiatives.
All of these efforts signal one of the strongest pushes by both Congress and the administration to address cyber vulnerabilities in the government and in the private sector in the last three years.
"Consider the warning signs, hackers now seem to be able to routinely crack the codes of our government agencies, including the most sensitive ones," said Sen. Jay Rockefeller (D-W.Va.) in a floor statement introducing the bill Tuesday. "Our Fortune 500 companies, they do routinely, and then everything in between. Adm. Mike Mullen, former Joint Chiefs chairman, said the cybersecurity threat is the only other threat that is on the same level as Russia's stockpile of nuclear weapons. Loose nukes, if you will. FBI Director Robert Mueller testified to Congress very recently that the cyber threat will soon overcome terrorism as the top national security focus of the FBI."
Part of an evolutionary process
The latest bill also follows closely the administration's cybersecurity proposal sent to Capitol Hill in May.
The Senate bill, which also is sponsored by Sens. Joseph Lieberman (I-Conn.) and Susan Collins (R-Maine), is part of an evolutionary process that has been vetted wide and far, said a Senate staff member during a press briefing on the bill Tuesday.
Within hours, seven Senate Republicans wrote to Majority Leader Harry Reid (D-Nev.) and minority leader Mitch McConnell (R-Ky.) asking for other committees to have input in the cyber legislation process.
"The chair and ranking member of the Committee on Homeland Security and Governmental Affairs have recently introduced their latest legislative proposal, which as drafted, does not satisfy our substantial concerns," the lawmakers wrote. "If we are serious about enacting effective legislation into law, we must provide all members of the Senate an opportunity to become adequately informed by regular order. This is not the kind of legislation that can result in a carefully balanced solution unless the full process is afforded."
Sens. Kay Bailey Hutchison (R-Texas), John McCain (R-Ariz.), Chuck Grassley (R-Iowa), Saxby Chambliss (R-Ga.), Lisa Murkowski (R-Alaska), Jeff Sessions (R-Ala.) and Mike Enzi (R-Wyo.) want more hearings with the jurisdictional committees so the members can learn about the bill.
But other Senate staff members said they've conducted more than 150 meetings over the last three years with lawmakers, companies, industry associations, agencies, cybersecurity, privacy and civil liberties experts and many others and those conversations have led to several significant changes.
In the final version, senators stripped out the Senate-confirmed White House cyber policy director and office. A staff member said there wasn't a lot of support for it and it wasn't worth the holding up the bill for it.
The bill also clarifies language in the FISMA section detailing the actions agencies can take if a vendor's system holding government data is under cyber attack or considered vulnerable.
The second staff member said the committees heard the vendors' concerns.
Includes provisions to improve cyber acquisition
The bill now defines any lawful action as one to "require the remediation of or protect against identified information security risks with respect to information collected or maintained by or on behalf of an agency; or that portion of an information system used or operated by an agency or by a contractor of an agency or other organization on behalf of an agency."
The bill also includes new provisions to improve federal acquisition of technology products and services:
- The Office of Federal Procurement Policy will work with the Chief Information Officer's Council and the Federal Acquisition Institute shall ensure contracting officers have training in information security requirements.
- The Office of Management and Budget also must write a report on possible impediments in the acquisition process that slow agency use of the newest, most secure technologies.
- The General Services Administration shall develop a special item number under the IT schedule and consolidate under that SIN all information-security products and services.