Press Releases

Following Cyber Attack at OPM, Warner & Collins Introduce Bipartisan Bill to Improve Government Cybersecurity

The FISMA Reform Act would Strengthen DHS Authority to Prevent and Block Cyber Attacks on .gov Networks

Jul 22 2015

WASHINGTON – Following the recent cyber-attack at the Office of Personnel Management (OPM) which compromised the personal information of at least 22 million individuals, U.S Sens. Mark R. Warner (D-VA), Susan Collins (R-ME), Dan Coats (R-IN), Barbara Mikulski (D-MD), all members of the Senate Intelligence Committee, and Kelly Ayotte (R-NH) and Claire McCaskill (D-MO), members of the Senate Homeland Security and Governmental Affairs Committee, introduced bipartisan legislation today that strengthens the Department of Homeland Security’s (DHS) authority to protect federal civilian networks.

While DHS has the responsibility for safeguarding the cyber domain for federal civilian agencies (.gov), DHS has limited authority to actually act. At present, DHS does not have the authority to monitor the networks of government agencies without permission from that agency.  DHS also cannot regularly deploy countermeasures to block malware without permission as well.  This limited authority hinders the security of .gov information systems which, as evidenced by the recent OPM attack, contain highly sensitive personal data such as Social Security numbers, home addresses, dates of birth, and in some cases, extensive background information of federal employees, retirees, and contractors.

“Both the private and public sector need to do a better job of investing in infrastructure and talent to combat an increasing number of cyberattacks,” said Sen. Warner. “The attack on OPM has been a painful illustration of just how behind-the-curve some of our federal agencies have been when it comes to cybersecurity. Those breaches allowed cyber attackers to get hold of the personal information of more than 22 million people – what the FBI Director has described as ‘a huge deal,’ and a ‘treasure trove of information’ for potential adversaries. If we want to be better prepared to meet this threat in the future, we have to make sure that the Department of Homeland Security has the tools it needs to adequately secure our federal civilian networks.”

“The recent cyberattack at OPM affected a staggering number of Americans and exposed a tremendous vulnerability with the status quo in the defense of federal civilian networks.  Like millions of Americans, I received a letter that my personal data had been compromised,” said Sen. Collins. “This attack was a stark reminder that our adversaries are increasingly turning to the cyber realm and we must make certain that the Department of Homeland Security is empowered to deploy effective tools in the .gov domain to ensure that government agencies are properly protected. This bipartisan legislation is crucial to securing our government systems and helping to prevent future, potentially devastating cyberattacks against our nation.”

To fix this problem, the bipartisan Federal Information Security Management Reform Act of 2015 (FISMA Reform) takes five important steps to strengthen the security of the networks of our federal civilian agencies:

  1. This legislation would allow the Secretary of Homeland Security to operate intrusion detection and prevention capabilities on all federal agencies on the .gov domain.
  2. The bipartisan bill would also direct the Secretary of Homeland Security to conduct risk assessments of any network within the government domain.
  3. The bill would allow the Secretary of Homeland Security to operate defensive countermeasures on these networks once a cyber threat has been detected.
  4. The legislation would strengthen and streamline the authority Congress gave to DHS last year to issue binding operational directives to federal agencies, especially to respond to substantial cyber security threats in emergency circumstances.
  5. The bill would require the Office of Management and Budget to report to Congress annually on the extent to which OMB has exercised its existing authority to enforce government wide cyber security standards. 

“By enacting this legislation, DHS will be in a stronger position to detect and reduce the likelihood of other cyberattacks like the ones we saw at OPM,” Sen. Warner said