Davis: FISMA could prevent 'cyber Pearl Harbor'

Rep. Tom Davis (R-Va.) predicted a “cyber Pearl Harbor,” an attack in the future that would penetrate the federal government in some way. He said such an attack could cause deaths or a financial breakdown.

That is why the Federal Information Security Management Act’s standards are necessary as preventive measures, despite needing tweaks and improvements, he said at an Industry Advisory Council and American Council for Technology luncheon in Washington, D.C.

“It’s difficult, I think, for managers out there when you get so much thrown at you,” Davis said. “You’ve got a lot of boxes to check.”

However, the standards will be forced through appropriations as lawmakers start to cooperate, he said. Davis said he is open to feedback on FISMA requirements.

The House Government Reform Committee, which Davis heads, releases a FISMA report card annually, grading each agency on its compliance with FISMA standards. It released its 2005 report card March 16.

This year, the federal government as a whole had a D-plus for computer security.

Karen Evans, administrator of e-government and information technology at the Office of Management and Budget, said after the luncheon that officials are discussing the controversy over whether the security certification and accreditation standards meet the legislation’s intended goals or whether FISMA is seen simply as a requirement.

She said she believes that meeting standards is beneficial, “if you do it in the spirit in which it was intended.”

Evans directed questions about possible upcoming changes to FISMA to Davis’ committee.

According to the latest assessment of federal agencies’ FISMA compliance, weaknesses and inconsistencies in agencies’ security management practices left dangerous holes in critical infrastructures.

Notably, agencies whose missions include homeland security received failing grades in 2005. Grades for the Defense, Homeland Security, Justice and State departments remained below average or dropped. Of those four departments, DHS remained level with its 2004 grade of an F, according to the committee’s rating. The other departments’ grades fell from the previous year. DOD went from a D to an F, Justice dropped from a B-minus to a D and State fell from a D-plus to an F.

“FISMA is still viewed by some federal agencies as a paperwork exercise,” Davis said at a congressional hearing in March, when the committee released the grades. “But these are shortsighted observations.”