House member suggests regular network security reports

Federal agencies may soon be required to submit regular reports to Congress on the security status of their networks, much as they now report their Year 2000 compliance.

At a House Technology Subcommittee meeting today covering reasons why federal World Wide Web sites and systems are vulnerable to cyberattacks, Rep. Connie Morella (R-Md.) said that in her revision of the Computer Security Act of 1987 she plans to include a requirement for agencies to report to Congress regularly the steps they are taking to secure their sites and systems.

All three witnesses at the hearing supported Morella's suggestion as a way to spur agencies to move beyond planning security measures and into implementing them. Testifying at the hearing were Keith Rhodes, director of the Office of Computer and Information Technology Assessment at the Accounting and Information Management Division of the General Accounting Office; Michael Jacobs, deputy director of information systems security at the National Security Agency; and National Institutes of Standards and Technology director Ray Kammer.

"Security needs to stop being an afterthought," Rhodes said. "The value of reporting would be in a standardization of agencies' ability to report," he said.

If agencies know the questions Congress will ask, they will better understand the fundamental IT implementation steps they must take, he said.

Many agencies in the national security community already submit such reports and have found it helpful to undergo regular security assessments, Jacobs said.

Rhodes, Jacobs and Kammer also suggested that the new computer security bill require federal agencies to use security expertise developed by NIST and NSA instead of "recommending" such steps, as the current act does.

Featured

  • People
    2021 Federal 100 Awards

    Announcing the 2021 Federal 100 Award winners

    Meet the women and men being honored for their exceptional contributions to federal IT.

  • Comment
    Diverse Workforce (Image: Shutterstock)

    Who cares if you wear a hoodie or a suit? It’s the mission that matters most

    Responding to Steve Kelman's recent blog post, Alan Thomas shares the inside story on 18F's evolution.

Stay Connected