Feds Get Tough on Cybersecurity WeaknessesBy Roy Mark | Posted 2008-09-25 Email Print
A new bill approved by a Senate Homeland Security Committee will give federal CIOs more authority and resources to respond to threats and attacks against government IT assets. It will also create a new CIO security council to coordinate government cybersecurity efforts.
The federal government is taking steps to toughen up the nation’s cybersecurity defenses by establishing new policies and an oversight group to direct security efforts and cut wasteful spending.
According to a report in eWeek, the Homeland Security and Governmental Affairs Committee has approved legislation designed to give federal department CIOs more authority and resources to monitor and respond to security threats and breaches. The bill also calls for the creation of a federal CIO security council that will report to the Department of Homeland Security’s National Cyber Security Center.
The bill’s sponsor, Sen. Tom Carper (D-Del.) believes the legislation is necessary to protect the U.S. critical governmental infrastructure from attack and compromise by foreign governments, terrorists and high-tech criminal organizations.
"It was extremely sobering to learn how often and how easily agency information networks can be compromised," Sen. Tom Carper, D-Del., said in a statement. "We are open to attack not only from countries like Russia and China, but to criminal syndicates and terrorists. It is frightening to learn that the most powerful government in the world has essentially been helpless until now in preventing these information technology attacks."
The legislation is not without precedent. The federal government has made numerous attempts to improve the security of its IT infrastructures in the years following the Sept. 11, 2001 terrorist attack. The original Federal Information Security Management Act in 2003 mandated that federal agencies monitor and report the progress of their security efforts, and apply uniform standards in the selection of security technology. Despite that and other security efforts, federal agencies continue to receive below average or failing security grades by inspectors.
The need for bolstering the government’s cybersecurity came to the forefront during the brief Georgia-Russia war, during which the Georgian IT infrastructure was swamped by attacks from what was believed state-sponsored and rogue elements in Russia. The U.S. has reported numerous incidences of attacks against military and government assets by groups in China, Russia and Middle East states.
In March, the Department of Homeland Security conducted Cyber Storm II, its second attempt exercise to test the security of government and critical infrastructure – such as the power, communications and transportation networks. Agencies, solution providers and government contractors reported that the exercise was a miserable failure and replete with miscommunications, poor planning, and unrealistic expectations and constraints on attacks and responses.
"Someone, somewhere—in my view—is not fulfilling their responsibility to ensure that taxpayer money dollars are spent only on those investments that are well thought out and truly necessary," Carper said at a July hearing.