These days, it seems like data breaches are the norm. For government organizations, there have been several major events, including a hack last month at the Office of Personnel Management that compromised personal data for more than 22 million Americans. There have also been recent reports that the email accounts of top U.S. officials have been intercepted for the past five years by Chinese cyber spies. In the wake of these attacks, new legislation has been offered to boost government cybersecurity.
Federal computer security act of 2015
In an effort to promote good cyber hygiene across the federal government, Senators Orrin Hatch and Tom Carper introduced the federal computer security act of 2015. According to St. George News, the bill will require inspectors general evaluate security practices and software being leveraged by agencies to safeguard classified and personally identifiable information. The legislation will also require the Government Accountability Office to create a report detailing any impediments to agency use of security software and devices as well as an economic analysis.
The bill is geared to better prepare agencies for potential breaches and ensure that any possible events are mitigated quickly. It aims to hold organizations accountable for their cybersecurity posture and help agencies protect their information more effectively.
"This legislation builds on our ongoing efforts to bolster the federal government's cyber defenses by adding another important layer of oversight to make sure agencies are doing all that they can to protect their critical networks and to ensure that sensitive information is properly secured," Carper stated.
Cyber defense of federal networks act of 2015
As a direct result of the recent breaches, Congressman Michael McCaul presented the cyber defense of federal networks act of 2015. The legislation has lofty ideas like deploying enhanced network cybersecurity tools to agencies, providing increased technical assistance capabilities, ensuring that the use of cybersecurity tools is being prioritized and authorizing protective capabilities immediately when an organization is under attack, FedSmith reported.
"In light of the massive OPM hacks, it's clear that our nation's federal digital infrastructure isn't capable of effectively detecting and defending against these cyber threats," McCaul stated. "Currently, the Department of Homeland Security's (DHS) hands are tied in responding to ever growing cyber threats. Providing DHS with similar abilities to defend federal networks that the Department of Defense uses to protect military networks is commonsense legislation."
While this sounds like a promising start for federal government, the bill is vague on how these efforts would be accomplished, other than mentioning that the plan would need to be done within a year after being signed into law. This could create more potential problems down the road in terms of widespread rollout, defining what agencies must do under the bill and how to realistically maintain such an initiative in the long-term. For example, because malware and cyberattacks are becoming more complex, the tools used today may no longer be viable tomorrow. Officials must flesh out how agencies will be supported with the resources they require.