Skip to content

Following Cyber Attack At OPM, U.S. Senators Collins, Warner, Mikulski, Coats, Ayotte, McCaskill Introduce Bipartisan Cybersecurity Bill

The FISMA Reform Act of 2015 would Strengthen
DHS Authority to Prevent and Block Cyber Attacks on .gov

Click HERE for the text of the bill

     WASHINGTON, D.C.—Following the recent cyber-attack at the Office of Personnel Management (OPM) which compromised the personal information of at least 21.5 million individuals, U.S. Senators Susan Collins (R-ME), Mark R. Warner (D-VA), Barbara Mikulski (D-MD), and Dan Coats (R-IN), members of the Senate Intelligence Committee, and Kelly Ayotte (R-NH) and Claire McCaskill (D-MO), members of the Senate Homeland Security and Governmental Affairs Committee, introduced bipartisan legislation that would bolster the Department of Homeland Security’s (DHS) authority to protect federal civilian networks.
 
      While the Department of Homeland Security (DHS) has the mandate to protect the .gov domain, it only has limited authorities to do so. At present, DHS does not have the authority to monitor the networks of government agencies unless they have permission from that agency.  DHS also cannot regularly deploy countermeasures to block malware without permission from the agency. 
 
      This limited authority hinders the security of .gov information systems which — as evidenced by the recent OPM attack — contain highly sensitive personal data such as Social Security numbers, home addresses, dates of birth, and in some cases, extensive background information of federal employees, retirees, and contractors.
 
      To fix this problem, the bipartisan Federal Information Security Management Reform Act of 2015 (FISMA Reform) takes five important steps to strengthen the security of the networks of our federal civilian agencies:

  • This legislation would allow the Secretary of Homeland Security to operate intrusion detection and prevention capabilities on all federal agencies on the .gov domain.
  • The bipartisan bill would also direct the Secretary of Homeland Security to conduct risk assessments of any network within the government domain.
  • The bill would allow the Secretary of Homeland Security to operate defensive countermeasures on these networks once a cyber threat has been detected.
  • The legislation would strengthen and streamline the authority Congress gave to DHS last year to issue binding operational directives to federal agencies, especially to respond to substantial cyber security threats in emergency circumstances.
  • The bill would require the Office of Management and Budget to report to Congress annually on the extent to which OMB has exercised its existing authority to enforce government wide cyber security standards.
  •       By enacting this legislation, DHS will be in a stronger position to detect and reduce the likelihood of other cyberattacks like the ones we saw at OPM.
     

          “The recent cyber attack at OPM affected a staggering number of Americans and exposed a tremendous vulnerability with the status quo in the defense of federal civilian networks.  Like millions of Americans, I received a letter that my personal data had been compromised,” said Senator Collins. “This attack was a stark reminder that our adversaries are increasingly turning to the cyber realm and we must make certain that the Department of Homeland Security is empowered to deploy effective tools in the .gov domain to ensure that government agencies are properly protected. This bipartisan legislation is crucial to securing our government systems and helping to prevent future, potentially devastating cyber attacks against our nation.”
     
          “Both the private and public sector need to do a better job of investing in infrastructure and talent to combat an increasing number of cyberattacks,” said Senator Warner. “The attack on OPM has been a painful illustration of just how behind the curve some of our federal agencies have been when it comes to cybersecurity. Those breaches allowed cyber attackers to get ahold of the personal information of more than 22 million people – what the FBI Director has described as ‘a huge deal’ and a ‘treasure trove of information’ for potential adversaries. If we want to be better prepared to meet this threat in the future, we have to make sure that the Department of Homeland Security has the tools it needs to adequately secure our federal civilian networks.”
     
          “The announcement that OPM’s data breaches compromised the personal data of at least 22 million federal employees, retirees, contractors, and their families is as outrageous and unacceptable as it is devastating,” said Senator Mikulski. “It’s also a reminder that we are in a new kind of war – a cyber-war – against those who would attack and steal from our government and our people. We must act immediately, not only to ensure that the federal government gives the best protection possible to every American whose personal data could be compromised, but also to make sure the Department of Homeland Security has the tools and resources it needs to keep our cyber shields up and working.”
     
          “In recent years, cyber intrusions have grown in scope and scale, and the damage is alarming,” said Senator Coats. “The breach of over 21 million Office of Personnel Management records is the clearest indication yet that the federal government’s cyber defenses are wholly inadequate for today’s threat environment. This legislation would enable the federal government to get its own house in order by fulfilling the Department of Homeland Security’s mandate to protect the government’s networks. Today’s threats are too great to rely on each department and agency to protect their own networks, and recent evidence demonstrates that the status quo is unacceptable. It’s time for DHS to earn its title.”
     
          “The recent security breaches of sensitive government databases pose a serious risk not only to the personal information of those affected, but also to our national security,” said Senator Ayotte.  “There is currently a disconnect in our federal cybersecurity system when it comes to the responsibility, capability, and authority to protect federal agency networks, resulting in serious security vulnerabilities. The reforms in our legislation are major steps in the right direction, allowing the Department of Homeland Security a more direct role and responsibility to guard sensitive data housed in multiple places.”
     
          “In the wake of the alarming news that the personal information of millions of Americans has been compromised by a federal agency, we’ve got to employ every tool at our disposal to ensure this data can be protected, and that such a staggering security breach never happens again,” said Senator McCaskill. This bipartisan legislation helps provide those tools by streamlining the Department of Homeland Security’s ability to deploy technology across government to help detect and prevent future cyberattacks.”