A bipartisan group of senators looking to strengthen the Department of Homeland Security's ability to intercede at agencies with weak cybersecurity introduced the Federal Information Security Management Reform Act (FISMA Reform) on Wednesday.
Senators introduced the new legislation in response to two massive breaches of Office of Personnel Management networks reported this year, asserting that more involvement from DHS — the government agency in charge of guarding federal networks — could have stopped the hackers.
OPM Data Breach: What You Need to Know
"The attack on OPM has been a painful illustration of just how behind-the-curve some of our federal agencies have been when it comes to cybersecurity," said Sen. Mark Warner, D-Va., one of six co-sponsors on the bill. "If we want to be better prepared to meet this threat in the future, we have to make sure that the Department of Homeland Security has the tools it needs to adequately secure our federal civilian networks."
The Office of Management and Budget gave DHS the authority to scan civilian agency networks back in October but the new legislation takes it much further. The FISMA Reform legislation would codify some of that authority, as well as enabling DHS to take more proactive measures when appropriate.
More: New policy requires DHS to scan civilian systems
The new bill would give DHS the authority to do regular scans of agency networks, deploy countermeasures against cyber threats and generally take over cybersecurity efforts at an agency without asking for express permission.
Moreover, the legislation includes five major initiatives designed to improve the overall security posture of federal networks:
- Grant DHS authority to operate intrusion detection and prevention software across the .gov domain;
- Authorize DHS to conduct regular risk assessments on federal networks;
- Require DHS to enact defensive countermeasures in the event an intrusion is detected;
- Strengthen and streamline authority Congress gave to DHS last year to issue binding operational directives to federal agencies, especially to respond to substantial cybersecurity threats in emergency situations; and
- Mandate annual OMB reports on enforcement of governmentwide cybersecurity standards.
Related: 2014 FISMA reduces paperwork, codifies management structure
"This attack [on OPM] was a stark reminder that our adversaries are increasingly turning to the cyber realm and we must make certain that the Department of Homeland Security is empowered to deploy effective tools in the .gov domain," said Sen. Susan Collins, R-Maine. "This bipartisan legislation is crucial to securing our government systems and helping to prevent future, potentially devastating cyberattacks against our nation."
Along with Warner and Collins, the bill is co-sponsored by Sens. Dan Coats, R-Ind., Barbara Mikulski, D-Md., Kelly Ayotte, R-N.H., and Claire McCaskill, D-Mo.
Aaron Boyd is an awarding-winning journalist currently serving as editor of Federal Times — a Washington, D.C. institution covering federal workforce and contracting for more than 50 years — and Fifth Domain — a news and information hub focused on cybersecurity and cyberwar from a civilian, military and international perspective.
