The bipartisan legislation seeks to protect federal data centers from physical and digital threats by establishing minimum requirements to enhance the security of these critical facilities.
A bipartisan group of senators have reintroduced legislation to shore up the physical and digital security of federal data centers from a range of potential threats as agencies continue to consolidate their information repositories.
The Federal Data Center Enhancement Act—introduced on March 22 by Sens. Jacky Rosen, D-Nev., Gary Peters, D-Mich., and John Cornyn, R-Texas—would require the Office of Management and Budget to work with federal agencies to develop minimum requirements for new federal data centers “that meet high standards for cybersecurity, resiliency, availability and sustainability.”
According to the bill, these minimum requirements include, in part, standards related to data center uptime percentages—or the amount of time a data center is guaranteed to be available per year—information security protections and protections against power failures, physical intrusions and natural disasters.
“At a time of increasing cyberattacks, ransomware demands and threats from natural disasters, we must bolster the physical and digital infrastructure of federal data centers,” Rosen said in a statement to Nextgov. “My bipartisan legislation would establish a consistent set of safety requirements to help increase resiliency, prevent unwanted intrusion and protect America’s critical data.”
All three senators previously introduced the same legislation in July 2022. While that bill made it out of the Senate Homeland Security and Governmental Affairs Committee—which is chaired by Peters—it did not receive a vote in the full Senate before the end of the 117th Congress.
The current bill seeks to expand upon the success of a more than decade-long governmentwide effort to consolidate the number of federal data centers, which began in 2010 with the Federal Data Center Consolidation Initiative and was expanded by OMB following passage of the Federal Information Technology Acquisition Reform Act in 2014.
In a joint press release issued last year, the senators said that “since 2010, more than 6,000 federal data centers have been consolidated with a resulting cost savings and cost avoidance of $5.8 billion” as a result of these initiatives.
The bill’s supporters believe that, given the success of these consolidation and optimization efforts, the government now needs to focus on safeguarding the remaining data facilities.
In a favorable report issued by the Senate Homeland Security Committee in November 2022, the panel said that the legislation builds upon federally-mandated performance metrics to ensure that new data facilities comply “with additional requirements, to be set by OMB, for cybersecurity and resilience, while also urging agencies to update their current data centers to meet the OMB requirements when those facilities, or the contracts that manage them, come up for review or contract renewal.”
“The federal government is responsible for storing considerable amounts of sensitive and personal information—including credit card and social security numbers,” Peters said in a statement to Nextgov. “We must ensure this data is stored securely and used in a way that does not violate civil rights and liberties. I’m grateful to Senator Rosen for leading this important, bipartisan legislation that will ensure new and existing federal data centers are protected from cyberattacks, catastrophic weather events and other potential disasters.”
Cornyn’s office pointed to a statement the senator released last July, when the previous version of the bill was introduced.
“This legislation would help secure federal data and encourage optimization, which will save taxpayer dollars and protect Americans who entrust their information to the federal government,” Cornyn said at the time.