Legislation Introduced to Enhance Government Cybersecurity

In response to the recent data breaches at the Office of Personnel Management that left the personal data of millions of current and former federal workers vulnerable, one lawmaker has introduced legislation which he says will combat future attacks. However, the bill does not provide a great deal of specifics on how this would be accomplished.

Congressman Michael McCaul (R-TX) has introduced legislation designed to strengthen the government’s cybersecurity defenses in light of the recent data breaches that hit the Office of Personnel Management and left the personal data of millions of current and former federal workers at risk.

Known as the Cyber Defense of Federal Networks Act of 2015 (H.R. 3313), the bill is specifically designed to:

  • Deploy enhanced network cybersecurity tools at Federal agencies
  • Ensure agencies are prioritizing the use of cybersecurity tools
  • Provide increased technical assistance capabilities through incident detection, mitigation, and response information for federal civilian networks
  • Authorize the use of protective capabilities immediately when a federal agency is under a cyber attack

The bill is vague on specifics as to how each of these would be accomplished. For instance, the wording of the legislation states that it would require the Secretary of Homeland Security to work with the Director of the Office of Management and Budget to “develop and implement an intrustion detection and response plan to detect, identify, and remove cyber intruders in agency networks.” It does not offer any specifics beyond this other than to say that the plan would have to be done no later than one year after the bill is signed into law, and that the Department of Defense would be exempt from the plan.

Another directive in the bill is to provide for greater transparency to the public on agency cybersecurity postures. Again, it is vague as to what this ultimately would mean, but the bill states that it would require an increased number of “metrics available on Federal Government performance websites and, to the greatest extent practicable, displaying metrics for agencies.”

Speaking on the legislation, McCaul said, “In light of the massive OPM hacks, it’s clear that our nation’s federal digital infrastructure isn’t capable of effectively detecting and defending against these cyber threats. Currently, the Department of Homeland Security’s (DHS) hands are tied in responding to ever growing cyber threats. Providing DHS with similar abilities to defend federal networks that the Department of Defense uses to protect military networks is commonsense legislation.”

About the Author

Ian Smith is one of the co-founders of FedSmith.com. He has over 20 years of combined experience in media and government services, having worked at two government contracting firms and an online news and web development company prior to his current role at FedSmith.