Washington, DC ? Governmental Affairs Committee Chairman Fred Thompson (R-TN) and Ranking Member Joseph Lieberman (D-CT) today introduced the Government Information Security Act, a bill to protect Federal government information systems from cyberattack.
“The security of Federal government computer systems is of great importance to this committee and the nation,” said Thompson. “Advancements in technology have forced us to look more closely at those factors that may compromise our government?s security.”
Those factors — widely accessible data and instantaneous communication — increase the risks that information will be misused, possibly to commit fraud or other crimes, or that sensitive information will be inappropriately disclosed. The Federal government?s dependence on computers makes it susceptible to devastating disruptions in critical services, as well as in computer-based safety and financial controls. Such disruptions could be caused by sabotage, natural disasters, or widespread system faults, as illustrated by the Y2K date conversion concerns.
Senator Lieberman added, “Our government?s computer-reliant infrastructure is frighteningly vulnerable to exploitation not only by trouble makers and professional hackers but by organized crime and international terrorists. The goal of the bill we are introducing today is to protect the integrity, confidentiality, and availability of the information on government computers and to ensure that critical improvements in our federal computer security system take place. I look forward in the coming months to extensive discussions with all interested parties to refine this bill into successful legislation.”
The Governmental Affairs Committee spent considerable time during the last Congress on this issue. Committee hearings uncovered and identified failures of information security affecting our international security and vulnerability to domestic and international terrorism. The Committee directed GAO to prepare a “best practices” guide on computer security for Federal agencies to use and asked GAO to study computer security vulnerabilities at several Federal agencies.
“Our hearings highlighted our nation?s vulnerability to computer attacks — from international and domestic terrorists to crime rings to everyday hackers,” continued Thompson. “GAO identified that there is inadequate security program planning and management at several agencies.
“And while there has been some action to improve Federal information security, I believe more improvement is needed. The Government Information Security Act builds on the basic framework for managing information security by better defining roles among Federal agencies as we begin to develop a fully secure government.”
The Government Information Security Act:
Strengthens the Office of Management and Budget?s information security duties, consistent with its existing responsibilities under the Paperwork Reduction Act;
Establishes Federal agency accountability for information security as needed to cost-effectively protect the assets and operations of the agency by creating a set of management requirements derived from GAO “Best Practices” audit work;
Requires agencies to have an annual independent evaluation of their information security programs and practices to assess compliance with authorized requirements and to test effectiveness of information security control techniques;
Provides for the application of a unified and logical set of government-wide controls by including national security systems within the application of the legislation; and
Focuses on the importance of training programs and government-wide incident handling.