Senate Homeland Security and Governmental Affairs Federal Financial Management Subcommittee Chairman Thomas Carper, D-Del., is eager to advance an aggressive e-government agenda with the cooperation of an administration that has signaled interest in ramping up transparency and citizen engagement while ensuring the government's IT infrastructure is protected, aides said Thursday.
Carper is set to reintroduce bill he co-sponsored with Homeland Security and Governmental Affairs Chairman Joseph Lieberman to reduce identity theft and risks to national security by requiring agencies to prove they can secure sensitive information.
The two introduced the bill in September after hearings exposed a range of federal data security vulnerabilities. The measure won committee approval but did not make it to the floor. That bill would have standardized federal inspectors general information security audits; created a council to write best practices and guidelines for data security, and strengthened the role of chief information security officers across the government. It also would have given new powers to the Homeland Security Department to conduct "red team" penetration tests against civilian agencies and required the Homeland Security Department to submit annual reports to Congress on the government's ability to safeguard sensitive data.
Carper's new legislation will use the previous proposal as a model, but an aide said the senator wants to work with the new OMB administrator for e-government; a first-ever federal chief technology officer position President Obama wants to create; and the Homeland Security assistant secretary for cybersecurity and communications.
An OMB report to Congress due next month on progress made by agencies under the Federal Information Security Management Act in the final year of the Bush administration will be a key indicator. Last year's report showed 92 percent of agencies operated with complete certification and authentication of systems. However, a GAO analysis found that 20 of 24 major agencies experienced data-security troubles. Most did not implement controls for limiting system access or guarding against intrusion, nor did they regularly configure devices to fix vulnerabilities, GAO stated.
Getting taxpayers the "best bang for their buck" in government IT is important to Carper, an aide said. Last April, OMB placed more than 950 federal IT projects on two watch lists that called for high-level special attention. The lists, which covered major IT investments and "high-risk" initiatives, stem from the 1996 Clinger-Cohen Act, which required agencies to submit plans for IT investments to OMB. Carper may propose changes to streamline Clinger-Cohen as well as the Paperwork Reduction Act and generally "bring U.S. code into the 21st century," the staffer said.
Reauthorizing the expired E-Government Act of 2002 is also a priority. Lieberman and Homeland Security and Governmental Affairs ranking member Susan Collins are expected to reintroduce that bill, which would require that agencies' information can be found by search engines and would create best practices for privacy impact assessments.