On the Heels of Yesterday’s Introduction of Bipartisan Cybersecurity Legislation
WASHINGTON, D.C.—On the heels of yesterday’s introduction of bipartisan legislation that would strengthen the cybersecurity of our federal agencies, a cybersecurity amendment authored by U.S. Senator and Appropriator, Susan Collins, cleared an important Senate hurdle this afternoon.
In the wake of the cyber attack at OPM that compromised the personal information of at least 21.5 million current and former government employees, this bipartisan amendment would increase accountability by requiring the Office of Management and Budget (OMB) to report to Congress annually on the extent to which OMB has exercised its existing authority to enforce government-wide cybersecurity standards. The amendment was included as part of the final Senate Appropriations Financial Services and General Government (FSGG) annual funding bill that passed out of Committee this afternoon. The bill must now be considered by the full Senate.
“The recent cyber attack at OPM was a glaring exposure of the current vulnerabilities to our federal cybersecurity system and a reminder that we are in the midst of a cyber-war. Our adversaries—including state actors, terrorists and hacktivists alike—are increasingly turning to the cyber realm and we must ensure that all of our federal agencies are in compliance with current cybersecurity standards and that their databases and networks are properly protected and secured,” said Senator Collins. “This bipartisan amendment sends an important message to the Administration, to the American people, and to the millions of former, current, and retired federal employees that Congress expects strict adherence to cyber security standards on all .gov networks.”
Of note, the bipartisan cybersecurity bill, that Senator Collins introduced yesterday along with Senators Mark R. Warner (D-VA), Dan Coats (R-IN), Barbara Mikulski (D-MD) Kelly Ayotte (R-NH) and Claire McCaskill (D-MO), takes five important steps to strengthen the security of the networks of our federal civilian agencies. This amendment codifies the 5th step the bipartisan bill would require as part of the FSGG Appropriations bill that will likely receive floor time this year, bringing the effort to increase protection for federal civilian networks one step closer to fruition. Senator Collins and Senator Mikulski both serve on the Appropriations Committee.
Why an annual report from OMB is necessary: At present, OMB has broad authority to enforce federal cybersecurity standards under the Federal Information Security Management Act (FISMA), the law that Congress passed in 2002 to protect .gov networks. Despite this authority, efforts to secure the .gov networks have faltered. Alarmingly, information security instances in the federal government have increased more than twelvefold, from 5,500 in fiscal year 2006 to more than 67,000 in fiscal year 2014—according the Government Accountability Office (GAO). In addition, federal agencies have failed to adopt or implement hundreds of recommendations form the GAO and the Inspectors General that could enhance the security of their networks and 19 of 24 major agencies have declared cybersecurity as a significant deficiency or material weakness.