Senators propose bills to boost IT security

Many agencies have turned the original intent of the Federal Information Security Management Act into a paperwork exercise, according to one senator who has introduced legislation to deal with the problem.

Sen. Tom Carper (D-Del.) said instead of measuring whether agencies were improving security, the Office of Management and Budget and inspectors general have been measuring whether agencies produced the right documents.

“Measuring an agency’s compliance does not stop the countless examples of data loss due to negligence or willful intent,” Carper said Sept. 11. With the information the government holds, many people, companies and agencies could face serious problems if data is stolen or is missing, he said.

That day, Carper introduced the Federal Information Security Management Act of 2008 (S. 3474), which would require agencies to prove they can properly secure sensitive information and people’s personal data. The bill would allow the Homeland Security Department to test civilian agencies’ security systems and evaluate the agencies’ responses. It also would create a chief information security officer council to strengthen the CISOs’ role in agencies.

Carper, chairman of the Homeland Security and Governmental Affairs Committee’s Federal Financial Management, Government Information, Federal Services and International Security Subcommittee, has held oversight hearings to examine how agencies have reduced information security risks. Carper said he found several examples of foreign and domestic cyberattacks on U.S. information networks.

The Senate Armed Services Committee has also proposed a way for the government to improve security while keeping up with the nimble and fast-moving technology world.

The Senate’s fiscal 2009 National Defense Authorization Act (S. 3001) would create a permanent 1 percent tax on the Defense Department’s information systems security program and other programs focused on protecting its information. According to a report accompanying the legislation, the committee wrote that information technology evolves rapidly, and DOD has no way to keep pace with the important advances.

The armed services committee wrote that DOD has no way to set aside money in anticipation of the developments. Officials have asked the Office of Management and Budget for a specific budget line item, but have received none. The committee wrote that those officials have a good argument for adding the set-aside funding to the budget.

Today, the Senate was debating the authorization bill.

Meanwhile, as IT goes deeper into all sectors of government, states are facing the many of the same issues as the federal government.

“While there has been a tremendous amount of focus on protecting the federal government’s cyber infrastructure, I am concerned that not enough attention is being paid to protect state governments,” Sen. Norm Coleman (R-Minn.) said Sept. 10.

He introduced the State Cyber Security Protection Act (S. 3460) that day. The bill would establish a pilot program within the Homeland Security Department to provide money to strengthen cybersecurity within state governments.

The measure would authorize spending $25 million a year for two years. A state would be able to receive as much as $3 million, and the program would require the money be spread around to states with varying population level s to ensure both large and small states receive these resources, according to the bill.

Gopal Khanna, chief information officer for Minnesota and vice president of the National Association of State Chief Information Officers, said unless the IT and network infrastructures the government systems are secure, the nation is not secure.

“State IT networks and systems form a critical part of that larger infrastructure,” he said.

About the Author

Matthew Weigelt is a freelance journalist who writes about acquisition and procurement.


  • Cybersecurity
    CISA chief Chris Krebs disusses the future of the agency at Auburn University Aug. 22 2019

    Shared services and the future of CISA

    Chris Krebs, the head of the Cybersecurity and Infrastructure Security Agency at DHS, said that many federal agencies will be outsourcing cyber to a shared service provider in the future.

  • Telecom
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA softens line on looming EIS due date

    Think of the September deadline for agencies to award contracts under the General Services Administration's $50-billion telecommunications contract as a "yellow light," said GSA's telecom services director.

  • Defense
    Shutterstock photo id 669226093 By Gorodenkoff

    IC looks to stand up a new enterprise IT program office

    The intelligence community wants to stand up a new program executive office to help develop new IT capabilities.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.