House member suggests regular network security reports

Federal agencies may soon be required to submit regular reports to Congress on the security status of their networks, much as they now report their Year 2000 compliance.

At a House Technology Subcommittee meeting today covering reasons why federal World Wide Web sites and systems are vulnerable to cyberattacks, Rep. Connie Morella (R-Md.) said that in her revision of the Computer Security Act of 1987 she plans to include a requirement for agencies to report to Congress regularly the steps they are taking to secure their sites and systems.

All three witnesses at the hearing supported Morella's suggestion as a way to spur agencies to move beyond planning security measures and into implementing them. Testifying at the hearing were Keith Rhodes, director of the Office of Computer and Information Technology Assessment at the Accounting and Information Management Division of the General Accounting Office; Michael Jacobs, deputy director of information systems security at the National Security Agency; and National Institutes of Standards and Technology director Ray Kammer.

"Security needs to stop being an afterthought," Rhodes said. "The value of reporting would be in a standardization of agencies' ability to report," he said.

If agencies know the questions Congress will ask, they will better understand the fundamental IT implementation steps they must take, he said.

Many agencies in the national security community already submit such reports and have found it helpful to undergo regular security assessments, Jacobs said.

Rhodes, Jacobs and Kammer also suggested that the new computer security bill require federal agencies to use security expertise developed by NIST and NSA instead of "recommending" such steps, as the current act does.

Featured

  • IT Modernization
    Eisenhower Executive Office Building (Image: Wikimedia Commons)

    OMB's user guide to the MGT Act

    The Office of Management and Budget is working on a rules-of-the-road document to cover how agencies can seek and use funds under the MGT Act.

  • global network (Pushish Images/Shutterstock.com)

    As others see us -- a few surprises

    A recent dinner with civil servants from Asia delivered some interesting insights, Steve Kelman writes.

  • FCW Perspectives
    cloud (Singkham/Shutterstock.com)

    A smarter approach to cloud

    Advances in cloud technology are shifting the focus toward choosing the right tool for the job and crafting solutions that truly modernize systems.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.