Oversight Leaders Introduce Federal Information Security Update Legislation

Published: Mar 15, 2013

WASHINGTON, DC – House Oversight and Government Reform Committee Chairman Darrell Issa, R-Calif., Ranking Minority Member Rep. Elijah Cummings, D-Md., Government Operations Subcommittee Chairman John Mica, R-Fla., and Government Operations Subcommittee Ranking Member Gerry Connolly, D-Va., yesterday introduced the Federal Information Security Amendments Act of 2013 (HR 1163).
This legislation enhances the Federal Information Security Management Act (FISMA) of 2002 by improving the framework for ensuring security over information technology systems that support the federal government.  It establishes a mechanism for stronger oversight through a focus on automated and continuous monitoring of cybersecurity threats and the implementation of regular threat assessments.
“Currently, federal agencies are struggling with cyber-security threats,” said Issa. “This update to FISMA will incorporate the last decade of technological innovation, while also addressing FISMA shortcomings realized over the past years.”
“Earlier this week, the Director of National Intelligence, James Clapper, placed cyber-attacks at the top of his list of national security threats,” said Cummings. “This bipartisan legislation will ensure that federal agencies use a risk-based approach to defend against cyber-attacks and protect government information from being compromised by our adversaries.”
“Cyber attacks now pose the greatest national security threat,” Mica said. “These FISMA enhancements provide the tools to fend off these attacks and protect our technology infrastructure.  With more than 48,000 attacks on U.S. federal agencies in 2012, it is vital, not only to government but also to the economy as a whole, to adopt this important measure.”
“As GAO noted in its 2013 High Risk Report, the number of cyber incidents reported by federal agencies increased by an alarming 782 percent from 2006 to 2012,” said Connolly. “FISMA’s static, compliance-based framework is clearly inadequate to this rapidly evolving threat to our security. Our bipartisan legislation will enhance FISMA to promote a more dynamic, risk-based approach to securing federal information systems.”
The House of Representatives passed similar legislation, HR 4257, the Federal Information Security Amendments Act of 2012, on April 26, 2012 by a unanimous voice vote. The Senate did not act on the legislation.