Senate Approves Bill to Address Cyber Attacks on Federal Agencies

Bill updates 12-year-old law to meet government’s current cybersecurity needs, establishes real-time system monitoring, and enhances oversight of federal data breaches

WASHINGTON- Last evening, the Senate approved critical legislation that would help federal agencies thwart cyber attacks.

The Federal Information Security Modernization Act of 2014, introduced by Senate Homeland Security and Governmental Affairs Committee Chairman Tom Carper (D-Del.) and Ranking Member Tom Coburn (R-Okla.), would update the Federal Information Security Management Act of 2002 to better protect federal agencies from cyber attacks.  The bill would better delineate the roles and responsibilities assigned to agencies charged with securing the “.gov” domain, move agencies away from the current paperwork-heavy security review processes, and put greater management and oversight attention on data breaches at federal agencies. The bill is more than overdue: cyber attacks reported by federal agencies have increased by nearly 680 percent over the past six years, according to a recent study by the Government Accountability Office

“Cybersecurity is one of our nation’s biggest challenges,” said Chairman Carper. “Recently, several federal agencies, from the Postal Service to the Office of Personnel Management to the State Department to the White House have been hit with serious cyber attacks.  It is more than clear that the federal government needs to address this 21st century threat with a 21st century response. This bill will modernize our outdated federal network security laws, provide the tools and authorities needed to improve security at our federal agencies, and increase transparency and accountability for data breaches at federal agencies. On top of that, it allows taxpayer dollars to be better spent on improving network security by reducing unnecessary and burdensome paper-based reporting.  But Senate passage of this bill only gets us part of the way there. We now need our colleagues in the House to bring this critical bill across the finish line and to the President’s desk. With the clock ticking on the 113th Congress, we can’t afford to wait. Our nation’s cybersecurity is counting on it.”

“For too long, the federal government has struggled with poor cybersecurity practices, which puts the American people’s sensitive information at risk,” said Dr. Coburn.  “This bipartisan reform bill is a small but significant step to address the problem.  It requires agencies to be accountable to Congress and the public for data breaches and other incidents to protect the public’s information.”

In September, the Senate passed the DHS Cybersecurity Workforce Recruitment and Retention Act of 2014, which would help address critical challenges that the Department of Homeland Security (DHS) faces in hiring and retaining cybersecurity professionals by providing the Secretary of Homeland Security hiring and compensation authorities for cybersecurity experts like those of the Secretary of Defense.

In June, the Homeland Security and Governmental Affairs Committee approved the National Cybersecurity and Communications Integration Center Act of 2014. The bill would codify the existing cybersecurity and communications operations center at the Department of Homeland Security (DHS), known as the National Cybersecurity and Communications Integration Center. The bill authorizes the Center’s current activities to share cybersecurity information and analysis with the private sector, provide incident response and technical assistance to companies and federal agencies, and recommend security measures to enhance cybersecurity.