A government anti-hacking bill slated for a House vote this week would cost an additional $710 million to implement, according to an independent federal agency.
The nonpartisan Congressional Budget Office estimates that H.R. 4257, bipartisan legislation to automate many requirements under the 2002 Federal Information Security Management Act, would not violate House pay-go rules requiring offsets for mandatory spending. Much of the money doled out between 2013 and 2017 would cover salaries, expenses and equipment.
For the past two years, the White House and both political parties have pushed to replace the paperwork-heavy FISMA with a law that would computerize much of the compliance reporting, as well as threat monitoring, so that human specialists can counter intrusions in real time. But modernization repeatedly has become entangled in more controversial elements of cybersecurity reform -- namely, the question of the government regulating critical private networks that control electricity and other vital operations.
In 2011, the federal government spent more than $13 billion to secure computer systems -- amounting to 18 percent of the federal information technology budget, according to the Office of Management and Budget. Fewer than half of agencies have installed sufficient continuous monitoring programs under current White House regulations. The new bill would expand on those rules, adding about 2 percent, or $200 million a year, to the cost of compliance.
The House Oversight and Government Reform Committee on April 18 approved the bill by a unanimous voice vote, sending it to the full chamber for a final vote. The committee's legislation is similar to a more comprehensive Senate cybersecurity package that has hit resistance from some businesses over its separate critical infrastructure items.