Cybersecurity bill would penalize agencies for noncompliance

The Executive Cyberspace Authorities Act would require a review of cyber threats and proof of adherence to FISMA when submitting annual budgets.

A House bill introduced on Thursday would give the government more authority to enforce cybersecurity measures in federal agencies, but it also contains elements that could be contentious.

The 2010 Executive Cyberspace Authorities Act would establish a national cyberspace office, create a cyberspace director subject to Senate confirmation and penalize agencies that fail to secure networks.

"While the president's establishment of a cybersecurity coordinator was an encouraging step, the position was not given the proper authorities to adequately secure our networks and coordinate [information technology] policy across government," said Rep. Jim Langevin, D-RI., who introduced the bill with Rep. Michael McCaul, R-Texas. Both members are co-chairmen of the House Cybersecurity Caucus.

The highest ranking cyber official at this time is White House Cybersecurity Coordinator Howard Schmidt. Schmidt was appointed by President Obama, however, since his post was not subject to Senate approval, it could be eliminated by a future administration.

The bill directs civilian agencies to review cyber threats they face and show they have complied with the 2002 Federal Information Security Management Act when submitting annual budgets.

FISMA, which sets statutory requirements for information security for agencies, has been criticized by critics, who argue it requires agencies to follow security processes and does not address fixing security weaknesses and monitoring of systems.

Under the bill, the cyberspace director can recommend the president withhold awards and bonuses for agencies that fail to prove they have secured networks.

The bill has been referred to the House Committee on Oversight and Government Reform, the Armed Services Committee and the Permanent Select Committee on Intelligence.

Another cybersecurity bill that also would establish a national cyberspace office and make permanent the national cybersecurity director was passed out of the Oversight and Government Reform committee on Wednesday. That bill would make permanent the chief technology officer position in the White House, now held by Aneesh Chopra.