House, Senate make security review plans

House, Senate make security review plans

Sen. Fred Thompson says technology advancement means agencies must focus on security.

By Shruti Dat'
GCN Staff

Computer security will rank high on the Hill's to-do list next year as concern about vulnerable federal systems grows and lawmakers look into agency practices and weaknesses.

Sen. Fred Thompson (R-Tenn.), chairman of the Senate Governmental Affairs Committee, and Sen. Joseph I. Lieberman (D-Conn.), the committee's ranking minority member, made it clear when they introduced the Government Information Security Act last month that security will be a Senate priority.

'Advancements in technology have forced us to look more closely at those factors that may compromise our government's security,' Thompson said.

The Senate bill, S 1993, calls for governmentwide oversight of information security efforts. The bill has five main directives:

• The Commerce Department and the National Institute of Standards and Technology would have to develop standards and guidance for security training and planning.

• The Justice Department would have to provide legal remedies for security breaches.

• The General Services Administration would have to assist agencies with computer security procurements.

• The Office of Personnel Management would have to review information security regulations covering federal civilian employees.

• Chief information officers would have to designate senior agency information security officers.

Jack Brock, director of governmentwide information issues at the General Accounting Office, said the bill would modify the way agencies implement computer security measures.

GAO will release computer security studies on the Environmental Protection Agency and Energy Department by spring or early summer, Brock said.

In upcoming congressional oversight hearings, GAO will explain that agencies generally lack centralized computer security efforts, he said.

'The biggest weakness among agencies is the lack of coordinated programs,' Brock said. 'Agencies address specific issues, but they don't follow best practices.'

Several congressional hearings and GAO studies have revealed system security failures across the government, Thompson said. Governmental Affairs has directed GAO to do further studies, at the IRS, the Federal Aviation Administration, the Social Security Administration, the State Department and the Veterans Affairs Department.

Similar requests have poured in from the House, where the Science, Government Reform and Commerce committees have asked GAO to examine the government's computer security measures, Brock said.

The House next year also plans to renew consideration of the Computer Security Enhancement Act, HR 2413.

Rep. Steve Horn (R-Calif.), chairman of the Government Reform Subcommittee on Government Management, Information and Technology, said GAO's research will help his panel structure a series of oversight hearings on federal computer security.

'One thing we'd like to do is find out what happens now,' Horn said. 'How many times have you been broken into? What kind of break-in was it? Is there a pattern in practice here?'

Checking it twice

Brock has received two requests from Horn to research whether agencies have followed best practices during 2000 remediation to avoid computer security breaches during the rollover period, he said.

Sen. Robert Bennett (R-Utah), chairman of the Senate Republican High-Tech Task Force, has also requested a GAO presentation on system security lessons learned from the year 2000 remediation process.

Rep. Constance A. Morella (R-Md.), chairwoman of the House Science Subcommittee on Technology, said she will hold oversight hearings to make sure agency information technology leaders are accountable for computer security.

Morella said she would like to pull in agency inspectors general to discuss management issues.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.