The proposal would establish baseline safeguards for cybersecurity and physical issues like natural disasters.
A group of bipartisan senators have introduced legislation to establish baseline cybersecurity requirements and new protections against catastrophic weather-related disasters for federal data centers across the country.
The Federal Data Center Enhancement Act of 2022 tasks the Office of Management and Budget with establishing standardized cybersecurity requirements for the federal facilities, which host some of the nation's most sensitive information technology and cybersecurity infrastructure.
OMB will have 180 days to provide new minimum requirements for data centers under the legislation, which includes specific calls for information security protections and safeguards against power failures, natural disasters and intrusions. The bill also instructs OMB to work with the Cybersecurity and Infrastructure Security Agency and the National cyber director's office to establish the requirements, as well as consult with the General Services Administration and the Federal Chief Information Officers Council.
Sen. Gary Peters (D-Mich.), chairman of the Senate Homeland Security and Governmental Affairs Committee, noted the responsibility federal data centers have to protect data like Social Security and credit card information in a statement after the bill was introduced on Friday.
"The federal government is responsible for storing considerable amounts of sensitive and personal information," he said, adding: "We must ensure this data is stored securely and used in a way that does not violate civil rights and liberties."
Peters introduced the bill along with Sen. Jacky Rosen (D-Nev.) and Sen. John Cornyn (R-Tex.).
The bill seeks to build on recent efforts to close and consolidate federal data centers: over 6,000 facilities have been consolidated since 2010, a trend that has resulted in an estimated $5.8 billion in cost savings and cost avoidance, according to a copy of the bill obtained by FCW.
Agency leaders will be tasked with regularly assessing their data center usage to help determine whether to continue operating a data center, and to ensure legacy systems are updated, modern technologies are employed and the facility is overall optimized and secure against potential vulnerabilities.
"The sensitive information stored on federal systems cannot be left open to vulnerabilities like cyberattacks or natural disasters,” Cornyn said in a statement. "This legislation would help secure federal data and encourage optimization, which will save taxpayer dollars and protect Americans who entrust their information to the federal government.”
Rosen also noted the "increasing threat of cyberattacks and natural disasters" in a statement and said the bill "will enact a new set of security and resiliency standards" to protect data.