The Senate Homeland Security and Governmental Affairs Committee on Tuesday approved two key pieces of information technology legislation, including a measure that would require agencies to appoint a chief information security officer.
Comment on this article in The Forum.Lawmakers voted out of committee both the 2008 Federal Information Security Management Act (S.3474) as well the 2008 Information Technology Oversight Enhancement and Waste Prevention Act (S.3384).
The FISMA legislation requires agencies to appoint a qualified chief information security officer who would be responsible for monitoring, detecting and responding to cybersecurity threats, and report to the chief information officer. The IT oversight bill seeks to improve agency performance and congressional oversight of major federal IT projects.
"It was extremely sobering to learn how often and how easily agency information networks can be compromised," said Sen. Tom Carper, D-Del., who introduced the FISMA bill. Carper's bill also would require agency inspectors general to measure the effectiveness of information security policies as well as direct the Homeland Security Department to conduct strategic test attacks against agency networks to uncover vulnerabilities and to improve security.
"Recent reports of foreign governments hacking into federal systems remind us that the federal government is not doing enough to guarantee the security of its computer systems and the vast databases within them," said Committee Chairman Joseph Lieberman, I-Conn. "This legislation will help safeguard those systems and standardize information security measures across the government."
The committee rejected an amendment proposed by Sen. Tom Coburn, R-Okla., that would create a chief information security officers council. But Carper said he was open to compromise on the issue. One option discussed included adding a three-year sunset and review provision to such a council.
The committee approved the FISMA bill without any changes, though Carper is expected to offer amendments to address Coburn's concerns as well as some additional privacy issues before sending it to the Senate floor for a vote.
The IT oversight bill also received bipartisan support. The legislation would make it easier for agencies to terminate projects that fail to meet their budget and schedule deadlines, something that industry experts have advocated for a while. Carper said the decision to suspend funding for a project most likely would reside with the agency head.
Carper was cautiously optimistic that both bills would pass the Senate before the end of the current legislative session.