recommended reading

House cybersecurity overhaul included in Defense authorization bill

An amendment to the Defense authorization bill, expected to pass in the House on Friday, would push through committee efforts to update information security requirements for agencies and establish a separate cybersecurity office in the White House.

The fiscal 2011 National Defense Authorization Act, which moved to the House floor on Thursday, includes an amendment that would speed passage of existing measures from the Oversight and Government Reform Committee to overhaul federal cybersecurity.

"It was appropriate to attach this amendment to the Defense authorization bill because properly securing our cyber infrastructure is a national security issue," said Joy Fox, spokeswoman for Rep. Jim Langevin, D-R.I., who offered the amendment with Rep. Diane Watson, D-Calif.

The amendment would mandate agency use of automated monitoring to assess cyber threats. It would involve a major overhaul of the 2002 Federal Information Security Management Act, which often is criticized for forcing IT staffs to spend too much time and too many resources reporting about compliance with certain security procedures. Agencies also would be expected to incorporate security requirements into contracts from the start.

Other provisions in the amendment would establish a National Office of Cyberspace in the White House with budget authority over cybersecurity spending and governmentwide coordinating responsibilities, and codify posts of the federal cybersecurity coordinator, held by Howard Schmidt, and chief technology officer, who is Aneesh Chopra.

The amendment is based on H.R. 4900, sponsored byWatson, and H.R. 5247, sponsored by Langevin.

The security community has widely praised the provisions.

"This is an important step forward," said Alan Paller, director of research for the SANS Institute, noting he expects it will accelerate companion measures in the Senate and create "a real chance of major progress quickly."

Threatwatch Alert

Stolen credentials

Hackers Steal $31M from Russian Central Bank

See threatwatch report

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

    Download
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

    Download
  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

    Download
  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

    Download
  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

    Download

When you download a report, your information may be shared with the underwriters of that document.