House member suggests regular network security reports

Federal agencies may soon be required to submit regular reports to Congress on the security status of their networks, much as they now report their Year 2000 compliance.

At a House Technology Subcommittee meeting today covering reasons why federal World Wide Web sites and systems are vulnerable to cyberattacks, Rep. Connie Morella (R-Md.) said that in her revision of the Computer Security Act of 1987 she plans to include a requirement for agencies to report to Congress regularly the steps they are taking to secure their sites and systems.

All three witnesses at the hearing supported Morella's suggestion as a way to spur agencies to move beyond planning security measures and into implementing them. Testifying at the hearing were Keith Rhodes, director of the Office of Computer and Information Technology Assessment at the Accounting and Information Management Division of the General Accounting Office; Michael Jacobs, deputy director of information systems security at the National Security Agency; and National Institutes of Standards and Technology director Ray Kammer.

"Security needs to stop being an afterthought," Rhodes said. "The value of reporting would be in a standardization of agencies' ability to report," he said.

If agencies know the questions Congress will ask, they will better understand the fundamental IT implementation steps they must take, he said.

Many agencies in the national security community already submit such reports and have found it helpful to undergo regular security assessments, Jacobs said.

Rhodes, Jacobs and Kammer also suggested that the new computer security bill require federal agencies to use security expertise developed by NIST and NSA instead of "recommending" such steps, as the current act does.

Featured

  • FCW Perspectives
    tech process (pkproject/Shutterstock.com)

    Understanding the obstacles to automation

    As RPA moves from buzzword to practical applications, agency leaders say it’s forcing broader discussions about business operations

  • Federal 100 Awards
    Federal 100 logo

    Fed 100 nominations are now open

    Help us identify this year's outstanding individuals in federal IT.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.