Davis: FISMA could prevent 'cyber Pearl Harbor'

Rep. Tom Davis (R-Va.) predicted a “cyber Pearl Harbor,” an attack in the future that would penetrate the federal government in some way. He said such an attack could cause deaths or a financial breakdown.

That is why the Federal Information Security Management Act’s standards are necessary as preventive measures, despite needing tweaks and improvements, he said at an Industry Advisory Council and American Council for Technology luncheon in Washington, D.C.

“It’s difficult, I think, for managers out there when you get so much thrown at you,” Davis said. “You’ve got a lot of boxes to check.”

However, the standards will be forced through appropriations as lawmakers start to cooperate, he said. Davis said he is open to feedback on FISMA requirements.

The House Government Reform Committee, which Davis heads, releases a FISMA report card annually, grading each agency on its compliance with FISMA standards. It released its 2005 report card March 16.

This year, the federal government as a whole had a D-plus for computer security.

Karen Evans, administrator of e-government and information technology at the Office of Management and Budget, said after the luncheon that officials are discussing the controversy over whether the security certification and accreditation standards meet the legislation’s intended goals or whether FISMA is seen simply as a requirement.

She said she believes that meeting standards is beneficial, “if you do it in the spirit in which it was intended.”

Evans directed questions about possible upcoming changes to FISMA to Davis’ committee.

According to the latest assessment of federal agencies’ FISMA compliance, weaknesses and inconsistencies in agencies’ security management practices left dangerous holes in critical infrastructures.

Notably, agencies whose missions include homeland security received failing grades in 2005. Grades for the Defense, Homeland Security, Justice and State departments remained below average or dropped. Of those four departments, DHS remained level with its 2004 grade of an F, according to the committee’s rating. The other departments’ grades fell from the previous year. DOD went from a D to an F, Justice dropped from a B-minus to a D and State fell from a D-plus to an F.

“FISMA is still viewed by some federal agencies as a paperwork exercise,” Davis said at a congressional hearing in March, when the committee released the grades. “But these are shortsighted observations.”

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.