Carper Reacts to Fiscal Year 2015 FISMA Report

WASHINGTON – Today, U.S. Senator Tom Carper (D-Del.), top Democrat on the Senate Homeland Security and Governmental Affairs Committee, highlighted the Office of Management and Budget’s (OMB) Fiscal Year 2015 annual report evaluating implementation of the Federal Information Security Management Act (FISMA) by federal agencies. The report found that federal agencies have made significant progress in key cyber security priorities, but also that several agencies are still behind in shoring up their cyber defenses.

“As threats posed we face from cyber-attacks continue to evolve and grow every day, it is as important as ever that federal agencies implement FISMA to better insulate their networks from potential harm,” Senator Carper said. “I am pleased that some federal agencies appear to have made substantial progress in meeting the requirements of the law, but this report makes it clear that there is still much work to be done. In both 2014 and 2015, Congress made important legislative updates to boost federal network security. Now the ball is in the agencies' court to fully implement.”

The Federal Information Security Modernization Act of 2014, introduced by Senator Carper and former Senator Tom Coburn (R-Okla.), made updates to the Federal Information Security Management Act of 2002 to address critical issues that had risen over the previous 12 years. The bill – now law – better delineated the roles and responsibilities of the Office of Management and Budget (OMB) and the Department of Homeland Security (DHS) in securing federal networks, moved agencies away from paperwork-heavy processes toward real-time and automated security, and put greater management and oversight attention on data breaches.

The Federal Cybersecurity Enhancement Act of 2015 would mandate the deployment of cybersecurity best practices at agencies — measures such as intrusion assessments, strong authentication, encryption of sensitive data and appropriate access controls. The bill would also authorize EINSTEIN, an intrusion detection and prevention system intended to screen federal agencies’ Internet traffic for potential cyber threats. It would dramatically accelerate deployment and adoption of EINSTEIN, and it includes reporting requirements to increase program accountability. The bill was approved by the Senate Homeland Security and Governmental Affairs Committee in July.