Putnam pushing Clinger-Cohen security amendment
- By Jason Miller
- Sep 17, 2004
Rep. Adam Putnam may have found a way to push the first major change to the Clinger-Cohen Act into law.
The Florida Republican and chairman of the Government Reform Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census will attach the amendment, which would require agencies to include cybersecurity in the planning and acquisition phases of systems development, to a bill that should be passed before the close of Congress, said Bob Dix, the subcommittee's staff director (GCN story)
Dix would not say which bill Putnam will attach the language to because the decision has not been finalized.
The Clinger-Cohen Act amendment is one of several areas Putnam is focusing on to improve agency cybersecurity, Dix said.
'For too long, software has focused too much on functionality and features and security has been an afterthought,' Dix said yesterday at a luncheon sponsored by the Association for Federal Information Resources Management in Washington. 'Chairman Putnam wants agencies and the private sector to view these challenges as management and governance issues.'
To that end, Putnam is driving change in the public and private sector through subcommittee oversight of agency progress with cybersecurity, and the Corporate Information Security Working Group.
Dix said the subcommittee has held 10 hearings since last October on IT security, and one more on identity theft is scheduled for next week.
'Our experience is that many agencies are taking IT security seriously, but we need to make sure all of them do,' he said. 'We must have a system to evaluate the level of risk and puts in appropriate security controls.'
Dix said the subcommittee once again will review agency cybersecurity reports due to the Office of Management and Budget by Oct. 6 and required under the Federal Information Security Management Act. The subcommittee will issue a report card in early 2005.
'Chairman Putnam is very optimistic that the agency grades will improve this year,' Dix said.
The corporate working group by November will issue more specifics on the recommendations it made in April, and Putnam will decide what action needs to be taken in the next Congress (GCN story)
, Dix said.
Dix said Putnam would like to see software vendors do a better job of responding to the need for better security. He said Putnam, for now, will let the marketplace drive the change.
'We don't need legislation right now because you don't want to stifle innovation,' Dix said. 'We need more rigorous and better quality assurance programs.'