Collins, Warner Bow DHS-Centric FISMA Reform Act
Sens. Susan Collins, R-Maine, and Mark Warner, D-Va., led a bipartisan group of senators Wednesday in introducing the Federal Information Security Management Act (FISMA) Reform Act, which they said would formalize and increase the Department of Homeland Security's power to protect federal networks and websites against cyberattacks. The bill, which Collins and other supporters told reporters is a legislative response to the recent Office of Personnel Management (OPM) data breach, is needed to formalize DHS' authority to protect federal networks and move beyond the “status quo,” in which individual agencies are allowed to voluntarily seek DHS assistance, they said. “This voluntary system has resulted in an inconsistent patchwork of security across the whole federal government,” Warner said during a news conference. The bill's other co-sponsors are Sens. Kelly Ayotte, R-N.H., Dan Coats, R-Ind., Claire McCaskill, D-Mo., and Barbara Mikulski, D-Md.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
The FISMA Reform Act would allow DHS to operate intrusion detection and prevention capabilities on all federal networks within the .gov domain without waiting for an agency request. The bill also would allow DHS to do risk assessments of all .gov federal networks and use defensive countermeasures against hackers once a cyberthreat is detected. The FISMA Reform Act would increase and streamline DHS' authority to issue binding directives to federal agencies, especially in emergency situations involving cyberthreats. The bill also would require the White House Office of Management and Budget to report to Congress annually on its enforcement of governmentwide cybersecurity standards. The FISMA Reform Act would build on advances in DHS' cybersecurity authority that Congress enacted at the end of the 113th Congress -- the National Cybersecurity and Critical Infrastructure Protection Act and the Federal Information Security Modernization Act.
Collins and Warner said they may attach the FISMA Reform Act's language as an amendment to the controversial Cybersecurity Information Sharing Act (S-754), which Senate Republican leaders have pledged to bring up for a floor vote before the start of Congress's August recess (see 1507130058). Collins said she expects the Senate will vote on S-754 in early September if it doesn't take up the bill before the August recess. The FISMA Reform Act's language “would dovetail very nicely” with S-754, which deals with improving liability protections for cybersecurity information sharing, Collins said. S-754, like previous cybersecurity information sharing bills, has been criticized by privacy advocates for not including adequate privacy and civil liberties protections. Collins told reporters after the news conference that she believes including the FISMA Reform Act's language as an amendment to S-754 would strengthen that bill's privacy protections by adequately securing federal databases. The FISMA Reform Act also might improve S-754's passage prospects because it's “legitimate” for citizens to ask the federal government to “clean up our own house” cybersecurity, Collins said.
Collins and Ayotte also urged the White House Wednesday to publicly name China as the culprit behind the OPM data breach, after media reports that the White House has decided against publicly blaming anyone for the attack. Government officials previously called China the “leading suspect” behind the attack. “If there is no penalty -- not even public identification -- of the perpetrator of a cyberattack, it seems to me that it only encourages future cyberattacks from the same actors,” Collins said. President Barack Obama should be “very direct with the Chinese publicly about this,” particularly given Chinese President Xi Jinping's planned visit to Washington later this year, Ayotte said. Warner said the federal government's investigation of the OPM breach is ongoing and expressed “faith in the quality of the investigation.”