The Homeland Security and Governmental Affairs Committee (HSGAC) sent 11 bills to the Senate floor today, including legislation to enhance agencies’ ability to protect themselves from cyber attacks.
Sens. Ron Johnson (R-Wis.) and Tom Carper (D-Del.), the committee’s chairman and ranking member, respectively, introduced The Federal Cybersecurity Enhancement Act of 2015 (S. 1869).
“The U.S. government’s computer networks are under attack. Hacktivists, organized crime syndicates and nation-states have successfully launched electronic assaults against vulnerable government networks, some of which house millions of Americans’ personal and private information,” Johnson said, in a release. “To protect their privacy against our adversaries, Senator Carper and I are introducing the Federal Cybersecurity Enhancement Act, which will accelerate deployment of a federal intrusion detection and prevention system that will improve the government’s cyber defense capabilities.”
FCEA mandates that all agencies adopt the Homeland Security Department’s EINSTEIN intrusion detection and prevention system. Agencies would use EINSTEIN to analyze their network traffic in order to detect and prevent cyber threats. Currently, only 45 percent of agencies are using the system.
Insight by GitLab: During this webinar executives from the State Department, U.S. Securities and Exchange Commission, U.S. Patent and Trademark Office and GitLab will discuss how institutionalizing a DevSecOps approach to software development is a journey that must bring together the technology and business sides to change an organization’s culture.
“Making sure our federal agencies have access to the best technology is a critical part of that effort,” Carper said, in the release. “At the same time, agencies must be constantly assessing and increasing their internal cyber defenses to be as strong as possible. EINSTEIN is a valuable tool that can help agencies detect and block cyber threats before they can cause too much harm.”
The bill requires agencies to adopt best practices in their cybersecurity, using, for example, two-factor authentication and encrypting sensitive systems. In addition, the bill authorizes DHS and the Office of Management and Budget to conduct comprehensive assessments of agencies’ networks to detect and remove intruders.
“Had the powers of this bill been implemented already, they likely would have stopped the hack of the Office of Personnel Management,” Johnson said. “They will make it far more difficult for our adversaries to steal our private data and to penetrate government networks.”
The bill also requires agencies to provide annual status reports of their EINSTEIN programs, in order to promote transparency and accountablity.
During today’s markup session, committee members approved several amendments to FCEA. These included:
As amended, the committee voted to send FCEA to the full Senate.
Sens. Susan Collins (R-Maine) and Mark Warner (D-Va.) sent out a release voicing their support for the amended bill. They said it includes all five of the key provisions of the bipartisan FISMA Reform Act of 2015, which they introduced a week ago.
“The recent cyber attack at OPM exposed the current vulnerabilities to our federal networks in a glaring manner. It is long overdue to make sure all of our federal networks and the information they hold are properly protected and secured,” Collins said, in the release. “I am very pleased that one week after the introduction of our bipartisan legislation, that HSGAC has reported legislation that Carper includes the five critical provisions that DHS needs to properly defend the dot-gov domain from cyberattacks like the ones we saw at OPM.”
Warner added that DHS does not have the authority necessary to enforce cybersecurity standards, and agencies have to come to DHS voluntarily in order to obtain help detecting an neutralizing cyber threats.
“That’s a real problem as we face a growing number of these cyber attacks, because our federal networks are only as secure as their weakest link,” he said.
Other bills affecting federal employees the committee passed included:
Rep. Will Hurd (R-Texas) introduced the EINSTEIN Act of 2015 in the House on Wednesday. It would authorize DHS to deploy its EINSTEIN 3A program. DHS Secretary Jeh Johnson has called on Congress to authorize the program’s deployment.
,“Our adversaries are attempting to steal military secrets and valuable information on a daily, if not hourly basis,” said Hurd, in a release. “It is imperative that the federal government does everything it can to protect ourselves from the bad actors who are continuously trying to hack our systems. It’s bad enough when any person’s private information is stolen and used for identify theft, but imagine the grave impact of the theft of information belonging to those who are tasked with protecting America’s most sensitive information. ”