recommended reading

CBO: House cyber e-gov bill would cost $710 million

Ambient Ideas /

A government anti-hacking bill slated for a House vote this week would cost an additional $710 million to implement, according to an independent federal agency.

The nonpartisan Congressional Budget Office estimates that H.R. 4257, bipartisan legislation to automate many requirements under the 2002 Federal Information Security Management Act, would not violate House pay-go rules requiring offsets for mandatory spending. Much of the money doled out between 2013 and 2017 would cover salaries, expenses and equipment.

For the past two years, the White House and both political parties have pushed to replace the paperwork-heavy FISMA with a law that would computerize much of the compliance reporting, as well as threat monitoring, so that human specialists can counter intrusions in real time. But modernization repeatedly has become entangled in more controversial elements of cybersecurity reform -- namely, the question of the government regulating critical private networks that control electricity and other vital operations.

In 2011, the federal government spent more than $13 billion to secure computer systems -- amounting to 18 percent of the federal information technology budget, according to the Office of Management and Budget. Fewer than half of agencies have installed sufficient continuous monitoring programs under current White House regulations. The new bill would expand on those rules, adding about 2 percent, or $200 million a year, to the cost of compliance.

The House Oversight and Government Reform Committee on April 18 approved the bill by a unanimous voice vote, sending it to the full chamber for a final vote. The committee's legislation is similar to a more comprehensive Senate cybersecurity package that has hit resistance from some businesses over its separate critical infrastructure items.

(Image via Ambient Ideas /

Threatwatch Alert

Stolen credentials

Hackers Steal $31M from Russian Central Bank

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.