A new bill would let agency heads be demoted, fired or punished if a data breach occurs under their purview.
Introduced in the House this week by Rep. Ralph Abraham, R-La., the Cybersecurity Responsibility and Accountability Act of 2016 proposes if a major data breach occurs "in part or in whole" because an agency head "failed to comply sufficiently with the information security requirements, recommendations, or standards," the director of the Office of Management and Budget can recommend his or her removal.
The bill would also allow OMB's director to ensure the agency head doesn't get "any cash or pay awards or bonuses for a period of one year after submission of the explanation" for the incident.
» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.
The bill follows several congressional hearings related to federal data breaches including at the Office of Personnel Management, the Internal Revenue Service, and the Federal Deposit Insurance Corporation, according to a press release from Abraham's office.
The act is designed to increase "accountability so that we can hold agency heads responsible when they fail to correct security vulnerabilities identified by inspectors,” Abraham said in a statement.
The bill also tasks the National Institute of Standards and Technology director with identifying major information security concerns for agencies and supporting agencies in information security training and certification.
NIST, OMB and the Homeland Security Department would also collaborate on a job description for agency chief information security officers within six months of the bill being enacted.