Senate Passes Thompson Legislation to Ensure Government Cyber-Security

WASHINGTON, DC – Senate Governmental Affairs Chairman Fred Thompson (R-TN) today announced final Senate passage of the Government Information Security Act, his bill to provide a new framework for protecting the security of the government?s computers from outside attack by hackers. The legislation, the result of numerous hearings, independent reports and security testing by government computer security experts at the request of Chairman Thompson, was passed as part of the conference report on H.R. 4205, the National Defense Authorization Act for Fiscal Year 2001. The bill now goes to the White House for the President?s signature.

“This legislation will require federal agencies to get a handle on protecting their assets and prevent hackers and cyberterrorists from wreaking havoc with citizens? sensitive information,” said Thompson. “Information such as taxpayer data, veterans? medical records, and social security portfolios remains at risk and that?s unacceptable.”

A number of federal systems have experienced security lapses over the years. For example:

In March, a routine inventory check of State Department computers revealed that 18 laptop computers were missing. At least one computer belonged to the State Department?s Bureau of Intelligence and Research and is believed to have contained highly classified information. On August 9, 2000, the FBI posted a $25,000 reward for any information leading to its recovery.

Recent reports revealed that the FAA has allowed unauthorized access to FAA?s most sensitive computer systems and software.

A private auditing firm hired by the Department of Veterans Affairs? Inspector General broke into computers at the Department at least a dozen times this year, gaining total control of data and creating a “virtual veteran” to fraudulently collect benefits.


The Thompson bill, which he introduced with the Committee?s Ranking Member, Senator Joseph Lieberman (D-CT), addresses inadequate government management of computer security by making the Executive Branch accountable for the safe keeping of the data kept by the government on all working Americans.


The Government Information Security Act:

Vests overall government accountability within the highest levels of the Executive Branch (Deputy Director for Management at the Office of Management and Budget);

Creates specific management rules for agency heads, such as requiring agency-wide security programs;

Requires agencies to have an annual independent evaluation of their information security programs and practices; and

Focuses on the importance of training programs and government-wide incident response handling.


# # #