recommended reading

House panel advances bill to make chief technology officer and cyber czar permanent jobs

A House subcommittee on Wednesday approved legislation that would make permanent the positions of federal chief technology officer and national cybersecurity director. An amendment, offered by Rep. Gerald E. Connolly, D-Va., to codify the CTO position was folded into H.R. 4900 following his year-long effort to pass a standalone CTO bill. President Obama used his regulatory powers to create the U.S. CTO job, filled by Aneesh Chopra, and federal cyber czar position, occupied by Howard Schmidt, but Obama or any other administration can easily eliminate the positions by writing new rules.

"To ensure that the chief technology officer can continue to improve federal use of technology in the future, we need to make this a statutory position," Connolly said on Wednesday.

Under the bill, the CTO would report directly to the president and focus on federal technology -- a departure from Chopra's current responsibilities, which mainly involve fostering private sector innovation. Chopra sits in the Office of Science Technology and Policy, where he reports to OSTP Director John Holdren, but has a direct line to Obama in his capacity as a presidential adviser.

The bill, which now moves to the full House Oversight and Government Reform Committee, is aimed at overhauling the 2002 Federal Information Security Management Act, whose implementation has been criticized for bogging down agencies with reporting requirements at the cost of shoring up systems. Schmidt and Federal Chief Information Officer Vivek Kundra in April rewrote FISMA regulations to lessen the reporting burden by automating the process through a Web portal that will collect live feeds from agency security management systems.

The legislation, sponsored by Rep. Diane Watson, D-Calif., chairwoman of the committee's Government Management, Organization and Procurement Subcommittee, would mandate that agencies use such automated monitoring to assess cyber threats. It also would bake security requirements into contracts to ensure that systems are protected at inception, rather added on later as an afterthought.

Industry group TechAmerica praised the panel for advancing the bill but said it cannot fully support the legislation because of a provision that prescribes the use of specific technologies.

"TechAmerica is concerned about your proposal for a prioritized list of technologies. Such a list can become quickly outdated, thereby risking the continued use of technologies that are obsolete, and it can have the unintentional consequence of hampering innovation," Phil Bond, TechAmerica president and chief executive officer, wrote in a letter to Watson.

Threatwatch Alert

Network intrusion / Spear-phishing

Researchers: Bank-Targeting Malware Sales Rise in Dark Web Markets

See threatwatch report

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

    Download
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

    Download
  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

    Download
  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

    Download
  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

    Download

When you download a report, your information may be shared with the underwriters of that document.