House Passes Connolly's Bipartisan Bill to Enhance Government's Cybersecurity Defenses
Washington, DC,
April 16, 2013
Bipartisan legislation sponsored by Issa, Cummings, Mica and Connolly passes House 416-0. Read more.
Recognizing the ever-growing number of cyber attacks on federal government agencies’ computers, the U.S. House of Representatives on Tuesday passed bipartisan legislation to update and strengthen the federal government’s cybersecurity defenses, Congressman Gerry Connolly (D-VA), a bill sponsor, said. The bill - H.R. 1163, the Federal Information Security Amendments Act of 2013 – passed the House by a vote of 416-0. The bipartisan legislation was introduced on March 14 by House Oversight and Government Reform Committee Chairman Darrell Issa (R-CA), Ranking Member Elijah Cummings (D-MD), Government Operations Subcommittee Chairman John Mica (R-FL), and Government Operations Subcommittee Ranking Member Connolly. During House floor debate on the bill Tuesday afternoon, Connolly said there were 48,562 reported cyber attacks against federal agencies in fiscal year 2012, marking a 782 percent increase over a six-year period. In 2006, agencies reported only 5,503 cyber attacks in their reports to the U.S. Computer Emergency Readiness Team. “This legislation is desperately needed to address a looming and critical threat to our nation’s economic and national security,” Connolly said. “Increasingly-sophisticated cyber threats have clearly outpaced the security framework created by the Federal Information Security Management Act of 2002 (FISMA),” Connolly said. The Issa-Cummings-Mica-Connolly bill would enhance existing law by requiring a more dynamic approach that leverages current technology to implement continuous monitoring of federal government computer networks and systems. The 2002 legislation, also a bipartisan bill, was sponsored by former Congressman Tom Davis (R-VA), Connolly’s predecessor in Virginia’s 11th Congressional District who chaired the House Oversight and Government Reform Committee. “We are augmenting the legislation authored in 2002 by former Congressman Davis to reflect the cyber-realities of 2013,” Connolly said. The Issa-Cummings-Mica-Connolly Federal Information Security Amendments Act will direct agencies to:
Because of the overwhelming bipartisan vote for the legislation in the House, Connolly said he was hopeful the measure will be considered expeditiously and passed by the Senate. # # # Congressman Gerald E. Connolly (VA-11) Consideration of H.R. 1163, Federal Information Security Amendments Act of 2013 Floor Statement April 16, 2013 Mister Speaker, I rise in strong support of H.R. 1163, the Federal Information Security Amendments Act of 2013. I want to thank the Chairman and Ranking Member of the Committee on Oversight and Government Reform, Mr. Issa and Mr. Cummings, for working with me in a bipartisan fashion to advance this bill to the floor today. H.R. 1163 is desperately needed legislation to address a looming and critical threat to our Nation’s economic and national security. As the U.S. Government Accountability Office (GAO) testified before our Committee, and noted in its 2013 High Risk Report, the number of cyber incidents reported by Federal agencies is increasing at an alarming rate. Specifically, in fiscal year 2006, agencies reported 5,503 cyber incidents to the U.S. Computer Emergency Readiness Team, compared to 48,562 reported cyber attacks in fiscal year 2012 – which is an astounding 782 percent increase over a 6 year period. According to GAO, cyber attacks involving Federal systems and critical infrastructure “could be devastating” to our country, yet its audits have consistently revealed information security deficiencies in public and private financial and nonfinancial systems. More troubling, despite producing hundreds of recommendations to agencies over the past two fiscal years that would address security control deficiencies, the majority of GAO’s recommendations have not been fully implemented. Unfortunately, vital Federal assets and missions will remain at high risk for fraud, misuse, and disruption, unless agencies fully implement the literally hundreds of recommendations made by GAO and various Offices of Inspector General aimed at strengthening the security of critical information systems, fixing known deficiencies, and fully implementing effective cybersecurity programs. The sophisticated and rapidly evolving cyber threat has clearly outpaced the security framework established by the Federal Information Security Management Act of 2002 (FISMA). FISMA’s static, compliance-based framework must be enhanced to be more agile, active, and performance-based. I believe our bipartisan legislation, H.R. 1163, will accomplish this goal by enhancing FISMA to promote a more dynamic, risk-based approach that leverages current technology to implement continuous monitoring of networks and systems. Specifically, the Federal Information Security Amendments Act will direct agencies to test and evaluate information security controls and techniques; conduct threat assessments by monitoring information systems and identifying potential system vulnerabilities; conduct vulnerability assessments and penetration tests commensurate with the risk posed to agency information systems; and collaborate with OMB, and appropriate public and private sector security operations centers, on security incidents that extend beyond the control of an agency – to require that security incidents be reported through an automated and continuous monitoring capability to the Federal Information Security Incident Center, appropriate security operations centers, and respective agency Offices of Inspector General. I urge all Members to support this critical bipartisan cybersecurity legislation that is urgently needed to provide Federal agencies with the necessary tools to effectively secure our Federal information systems. |
In the News
SUBSCRIBE
SUBSCRIBE
Sign up to get news and updates from Rep. Gerry Connolly directly to your inbox.