House member suggests regular network security reports

Federal agencies may soon be required to submit regular reports to Congress on the security status of their networks, much as they now report their Year 2000 compliance.

At a House Technology Subcommittee meeting today covering reasons why federal World Wide Web sites and systems are vulnerable to cyberattacks, Rep. Connie Morella (R-Md.) said that in her revision of the Computer Security Act of 1987 she plans to include a requirement for agencies to report to Congress regularly the steps they are taking to secure their sites and systems.

All three witnesses at the hearing supported Morella's suggestion as a way to spur agencies to move beyond planning security measures and into implementing them. Testifying at the hearing were Keith Rhodes, director of the Office of Computer and Information Technology Assessment at the Accounting and Information Management Division of the General Accounting Office; Michael Jacobs, deputy director of information systems security at the National Security Agency; and National Institutes of Standards and Technology director Ray Kammer.

"Security needs to stop being an afterthought," Rhodes said. "The value of reporting would be in a standardization of agencies' ability to report," he said.

If agencies know the questions Congress will ask, they will better understand the fundamental IT implementation steps they must take, he said.

Many agencies in the national security community already submit such reports and have found it helpful to undergo regular security assessments, Jacobs said.

Rhodes, Jacobs and Kammer also suggested that the new computer security bill require federal agencies to use security expertise developed by NIST and NSA instead of "recommending" such steps, as the current act does.

Featured

  • Workforce
    coronavirus molecule (creativeneko/Shutterstock.com)

    OMB urges 'maximum telework flexibilities' for DC-area feds

    A Sunday evening memo ahead of a potentially chaotic commute urges agency heads to pivot to telework as much as possible.

  • Acquisition
    Shutterstock ID: 1993681 By Jurgen Ziewe

    Spinning up telework presents procurement challenges

    As concerns over the coronavirus outbreak drives more agencies towards expanding employee telework, federal acquisition contracts can help ease some of the pain.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.