U.S. Sen. Susan Collins (R-ME), a member of the Senate Intelligence Committee, led a bipartisan delegation of senators on Wednesday to introduce legislation that would bolster the Department of Homeland Security’s (DHS) authority to protect federal civilian database networks.
Other original co-sponsors of the legislation include Sens. Mark Warner (D-VA), Dan Coats (R-IN), Kelly Ayotte (R-NH) and Claire McCaskill (D-MO).
The legislation, named the Federal Information Security Management Reform Act of 2015 (FISMA Reform), comes on the heels of a recent cyber-attack at the Office of Personnel Management (OPM) that compromised the personal information of at least 21.5 million individuals.
“The recent cyber-attack at OPM affected a staggering number of Americans and exposed a tremendous vulnerability with the status quo in the defense of federal civilian networks,” Collins said. “Like millions of Americans, I received a letter that my personal data had been compromised.”
Even though DHS has a mandate to protect the .gov web domain, its authority in that role is limited. Currently, the DHS does not have the authority to monitor the networks of government agencies without their permission. The DHS also cannot regularly deploy countermeasures to block malware without that permission.
This bill would allow the Department of Homeland Security to operate intrusion-detection and -prevention capabilities on all federal agencies on the .gov domain, as well as conduct risk assessments of any network within the government web domain.
In addition to that, the legislation would give the secretary of Homeland Security the power to operate defensive countermeasures on these networks once a cyber-threat has been detected.
It would also strengthen and streamline the authority Congress gave the DHS last year in regard to issuing binding operational directives to federal agencies in response to substantial cyber-security threats.
Finally, the bill would require the Office of Management and Budget to report to Congress annually on the extent to which OMB has exercised its existing authority to enforce government-wide cyber-security standards.
“This attack was a stark reminder that our adversaries are increasingly turning to the cyber-realm, and we must make certain that the Department of Homeland Security is empowered to deploy effective tools in the .gov domain to ensure that government agencies are properly protected,” Collins said. “This bipartisan legislation is crucial to securing our government systems and helping to prevent future, potentially devastating cyber-attacks against our nation.”