Congressman Michael McCaul (R-TX) has introduced legislation designed to strengthen the government’s cybersecurity defenses in light of the recent data breaches that hit the Office of Personnel Management and left the personal data of millions of current and former federal workers at risk.
Known as the Cyber Defense of Federal Networks Act of 2015 (H.R. 3313), the bill is specifically designed to:
- Deploy enhanced network cybersecurity tools at Federal agencies
- Ensure agencies are prioritizing the use of cybersecurity tools
- Provide increased technical assistance capabilities through incident detection, mitigation, and response information for federal civilian networks
- Authorize the use of protective capabilities immediately when a federal agency is under a cyber attack
The bill is vague on specifics as to how each of these would be accomplished. For instance, the wording of the legislation states that it would require the Secretary of Homeland Security to work with the Director of the Office of Management and Budget to “develop and implement an intrustion detection and response plan to detect, identify, and remove cyber intruders in agency networks.” It does not offer any specifics beyond this other than to say that the plan would have to be done no later than one year after the bill is signed into law, and that the Department of Defense would be exempt from the plan.
Another directive in the bill is to provide for greater transparency to the public on agency cybersecurity postures. Again, it is vague as to what this ultimately would mean, but the bill states that it would require an increased number of “metrics available on Federal Government performance websites and, to the greatest extent practicable, displaying metrics for agencies.”
Speaking on the legislation, McCaul said, “In light of the massive OPM hacks, it’s clear that our nation’s federal digital infrastructure isn’t capable of effectively detecting and defending against these cyber threats. Currently, the Department of Homeland Security’s (DHS) hands are tied in responding to ever growing cyber threats. Providing DHS with similar abilities to defend federal networks that the Department of Defense uses to protect military networks is commonsense legislation.”