Sen. Carper’s Legislation OK’d by Homeland Security Committee

WASHINGTON – The Senate Homeland Security and Government Affairs Committee this evening approved two security bills introduced by Sen. Tom Carper (D-Del.), and agreed to an additional Carper amendment to provide guidance to the National Archives and the Founding Fathers Project.

The bipartisan Federal Information Security Management Act of 2008 (S. 3474), written by Sen. Carper as chairman of the Subcommittee on Federal Financial Management, Government Information, Federal Services and International Security, will dramatically improve the way agencies guard sensitive information and thwart cyber attacks received overwhelming committee approval today.

After recently calling a congressional oversight hearing to examine the vulnerability of government information systems, Sen. Carper introduced FISMA, as it is commonly called, to amend the nation’s security laws to respond to serious concerns that compliance with the current information security regulations has largely become a paperwork exercise.

According to expert testimony given at the Carper hearing, officials responsible for information security may be writing reports and checking boxes rather than effectively monitoring, detecting, and responding to real security intrusions.

“It was extremely sobering to learn how often and how easily agency information networks can be compromised,” said Sen. Carper. “We are open to attack not only from countries like Russia and China, but to criminal syndicates and terrorists. It is frightening to learn that the most powerful government in the world has essentially been helpless until now in preventing these information technology attacks.”

To improve government information security, Sen. Carper’s FISMA legislation will:

 – Require Inspector Generals to measure the effectiveness of information security policies and procedures;

 – Increase the authority and capability of Chief Information Security Officers to monitor, detect and respond to security breaches;

 – Breakdown artificial barriers and increase collaboration by establishing a Chief Information Security Council directed by the National Cyber Security Center and attended by civilian, military, and intelligence incident response centers; and

 – Require the Department of Homeland Security to conduct regular mock attacks against agency networks to discover vulnerabilities and recommend ways to fix them.

Sen. Carper’s second bill which won bipartisan approval by the Homeland Security and Government Affairs Committee today would radically improve both federal agencies’ and Congress’ ability to monitor risky information technology (IT) investments.

After holding three congressional oversight hearings on the dismal state of planning and management of IT systems, Sen. Carper introduced the IT Investment Oversight and Waste Prevention Act of 2008 (S.3384) in July to get these investments under control.

“IT investments contain an inherent risk that the system may cost more than expected or not perform the way it was planned,” said Sen. Carper. “But I believe it is simply unacceptable that $21 billion dollars, or nearly a third of our IT budget, may be wasted this year because so many projects are poorly planned or managed.”

Sen. Carper’s bill would address many of the problems that have plagued government IT projects in the past, by:

 – Requiring quarterly reporting to Chief Information Officers on a project’s cost, schedule and performance, and notifying Congress of any significant deviations;

 – Annually providing Congress with each agency’s most critical and high risk projects with an independent cost estimate and reports on any changes to the original plan;

 – Making it easier for agencies to terminate a project if the costs are spiraling out of control; and

 – Requiring the Office of Management and Budget to assemble a team of highly-qualified IT who can work with agencies to improve troubled projects before they spiral out of control.

Finally, Sen. Carper introduced an amendment to Sen. John Warner’s (R-Va.) Presidential Historical Records Preservation Act of 2008 (S.3477) that addresses a number of issues that were brought to light in an oversight hearing he chaired in May. Carper’s amendment will break down the barriers that prevent the average American from learning more about our nation’s history. Instead of having to purchase expensive publications or travel far distances to libraries, families will be able to read the founding fathers’ papers online at their leisure.

“The key to a free society is the free flow of information,” said Sen. Carper. “This legislation is yet another step towards insuring that the National Archives through important efforts like the Founding Fathers Project, which aims to preserve historically significant documents, can continue to be easily-accessible to scholars, students and the general public for many years to come.”

The legislation would also improve the preservation of historical documents held in presidential libraries by requiring the Archives to develop a capital improvement plan and to provide Congress viable alternative models for presidential libraries that would reduce the financial burden on the government and reduce the delay in public access to documents.