Rep. Ro Khanna plans to introduce a bill that would require feds to learn basic cyber hygiene, including how to securely navigate the internet of things.
Silicon Valley’s lawmaker wants to make sure every federal employee knows how to securely interact with technology, including the internet-connected devices that are proliferating throughout the government.
On Monday, Rep. Ro Khanna, D-Calif., will introduce legislation that would mandate that all federal employees receive training in basic cybersecurity practices. The training, overseen by the Office of Management and Budget, would also teach feds to identify and mitigate security risks associated with the internet of things.
Specifically, the bill would revise title 44 section 3554 of U.S. Code, which outlines federal agencies’ various responsibilities for protecting their information security. While the amendment is only 17 words long, it could go a long way in elevating the importance of cyber hygiene across the federal government, especially as more of its physical infrastructure connects to the internet, according to Khanna.
“The internet of things is very exciting. It’s going to help connect so many of ... the gadgets we use into one system, but that also makes them vulnerable to [threats],” Khanna said in a conversation with Nextgov. “It certainly makes our federal government and our federal agencies vulnerable, so I wanted to make sure every federal employee has that basic training so they understand how to protect very sensitive systems in agencies.”
Many federal employees already receive some form of cybersecurity training as part of their jobs, but Khanna said the scope and quality of instruction varies across organizations. Through the bill, he intends to provide all feds with a baseline understanding of cyber hygiene, especially in relation to the internet of things.
Specifically, the training programs should teach every employee to avoid behavior that could allow intrusions into federal networks, like connecting network-enabled devices to systems containing sensitive data. If a breach does occur, Khanna said, it’s also important that employees know what they should do to minimize the damage.
“The stakes are very high,” he said.
Still, Khanna noted he doesn’t want the training to take a one-size-fits-all approach to cybersecurity. While all programs should cover a set of “core basics,” he said, government leaders would be able to tailor their efforts to address the security risks that are most relevant to their organizations’ line of work.
Khanna has yet to recruit any co-sponsors for the bill, though he expects more lawmakers to sign on in the near future. He said leaders at the White House’s Office of American Innovation have previously expressed their support for mandatory cyber training for federal employees.
Khanna isn’t the first lawmaker to take a stab at improving security for the government’s internet of things. Earlier this year, members of both the House and Senate introduced legislation that would set minimum security standards for internet-connected devices purchased by federal agencies, though neither bill has been put to a vote.