Senators propose bills to boost IT security

Many agencies have turned the original intent of the Federal Information Security Management Act into a paperwork exercise, according to one senator who has introduced legislation to deal with the problem.

Sen. Tom Carper (D-Del.) said instead of measuring whether agencies were improving security, the Office of Management and Budget and inspectors general have been measuring whether agencies produced the right documents.

“Measuring an agency’s compliance does not stop the countless examples of data loss due to negligence or willful intent,” Carper said Sept. 11. With the information the government holds, many people, companies and agencies could face serious problems if data is stolen or is missing, he said.

That day, Carper introduced the Federal Information Security Management Act of 2008 (S. 3474), which would require agencies to prove they can properly secure sensitive information and people’s personal data. The bill would allow the Homeland Security Department to test civilian agencies’ security systems and evaluate the agencies’ responses. It also would create a chief information security officer council to strengthen the CISOs’ role in agencies.

Carper, chairman of the Homeland Security and Governmental Affairs Committee’s Federal Financial Management, Government Information, Federal Services and International Security Subcommittee, has held oversight hearings to examine how agencies have reduced information security risks. Carper said he found several examples of foreign and domestic cyberattacks on U.S. information networks.

The Senate Armed Services Committee has also proposed a way for the government to improve security while keeping up with the nimble and fast-moving technology world.

The Senate’s fiscal 2009 National Defense Authorization Act (S. 3001) would create a permanent 1 percent tax on the Defense Department’s information systems security program and other programs focused on protecting its information. According to a report accompanying the legislation, the committee wrote that information technology evolves rapidly, and DOD has no way to keep pace with the important advances.

The armed services committee wrote that DOD has no way to set aside money in anticipation of the developments. Officials have asked the Office of Management and Budget for a specific budget line item, but have received none. The committee wrote that those officials have a good argument for adding the set-aside funding to the budget.

Today, the Senate was debating the authorization bill.

Meanwhile, as IT goes deeper into all sectors of government, states are facing the many of the same issues as the federal government.

“While there has been a tremendous amount of focus on protecting the federal government’s cyber infrastructure, I am concerned that not enough attention is being paid to protect state governments,” Sen. Norm Coleman (R-Minn.) said Sept. 10.

He introduced the State Cyber Security Protection Act (S. 3460) that day. The bill would establish a pilot program within the Homeland Security Department to provide money to strengthen cybersecurity within state governments.

The measure would authorize spending $25 million a year for two years. A state would be able to receive as much as $3 million, and the program would require the money be spread around to states with varying population level s to ensure both large and small states receive these resources, according to the bill.

Gopal Khanna, chief information officer for Minnesota and vice president of the National Association of State Chief Information Officers, said unless the IT and network infrastructures the government systems are secure, the nation is not secure.

“State IT networks and systems form a critical part of that larger infrastructure,” he said.

About the Author

Matthew Weigelt is a freelance journalist who writes about acquisition and procurement.


  • People
    Federal CIO Suzette Kent

    Federal CIO Kent to exit in July

    During her tenure, Suzette Kent pushed on policies including Trusted Internet Connection, identity management and the creation of the Chief Data Officers Council

  • Defense
    Essye Miller, Director at Defense Information Management, speaks during the Breaking the Gender Barrier panel at the Air Space, Cyber Conference in National Harbor, Md., Sept. 19, 2017. (U.S. Air Force photo/Staff Sgt. Chad Trujillo)

    Essye Miller: The exit interview

    Essye Miller, DOD's outgoing principal deputy CIO, talks about COVID, the state of the tech workforce and the hard conversations DOD has to have to prepare personnel for the future.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.