Davis: FISMA could prevent 'cyber Pearl Harbor'

Rep. Tom Davis (R-Va.) predicted a “cyber Pearl Harbor,” an attack in the future that would penetrate the federal government in some way. He said such an attack could cause deaths or a financial breakdown.

That is why the Federal Information Security Management Act’s standards are necessary as preventive measures, despite needing tweaks and improvements, he said at an Industry Advisory Council and American Council for Technology luncheon in Washington, D.C.

“It’s difficult, I think, for managers out there when you get so much thrown at you,” Davis said. “You’ve got a lot of boxes to check.”

However, the standards will be forced through appropriations as lawmakers start to cooperate, he said. Davis said he is open to feedback on FISMA requirements.

The House Government Reform Committee, which Davis heads, releases a FISMA report card annually, grading each agency on its compliance with FISMA standards. It released its 2005 report card March 16.

This year, the federal government as a whole had a D-plus for computer security.

Karen Evans, administrator of e-government and information technology at the Office of Management and Budget, said after the luncheon that officials are discussing the controversy over whether the security certification and accreditation standards meet the legislation’s intended goals or whether FISMA is seen simply as a requirement.

She said she believes that meeting standards is beneficial, “if you do it in the spirit in which it was intended.”

Evans directed questions about possible upcoming changes to FISMA to Davis’ committee.

According to the latest assessment of federal agencies’ FISMA compliance, weaknesses and inconsistencies in agencies’ security management practices left dangerous holes in critical infrastructures.

Notably, agencies whose missions include homeland security received failing grades in 2005. Grades for the Defense, Homeland Security, Justice and State departments remained below average or dropped. Of those four departments, DHS remained level with its 2004 grade of an F, according to the committee’s rating. The other departments’ grades fell from the previous year. DOD went from a D to an F, Justice dropped from a B-minus to a D and State fell from a D-plus to an F.

“FISMA is still viewed by some federal agencies as a paperwork exercise,” Davis said at a congressional hearing in March, when the committee released the grades. “But these are shortsighted observations.”


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.