Tuesday, September 23, 2008

Senate Homeland Security Panel Passes IT Bills

The Senate Homeland Security and Government Affairs Committee late Tuesday approved a pair of federal information security bills introduced by Sen. Tom Carper, D-Del., as lawmakers prepare to leave Washington later this week to campaign for the November elections.

One bill, written by Carper as chairman of the Subcommittee on Federal Financial Management, Government Information, Federal Services and International Security, is intended to improve the way agencies safeguard sensitive information and thwart cyber attacks. The bill grew out of a concern expressed by Carper and others that compliance with existing data security regulations has largely become a paperwork exercise.

"It was extremely sobering to learn how often and how easily agency information networks can be compromised," Carper said in a press release. "We are open to attack not only from countries like Russia and China, but to criminal syndicates and terrorists. It is frightening to learn that the most powerful government in the world has essentially been helpless until now in preventing these information technology attacks."

Carper's bill would require inspectors general to measure the effectiveness of data security policies; increase the authority of chief information security officers; topple artificial barriers and increase collaboration by establishing a CISO council directed by the National Cyber Security Center; and require the Homeland Security Department to conduct regular mock attacks against agency networks to discover vulnerabilities.

His second bill is aimed at improving federal agencies' and Congress' ability to monitor risky information technology investments. "IT investments contain an inherent risk that the system may cost more than expected or not perform the way it was planned," Carper said. "It is simply unacceptable that $21 billion dollars, or nearly a third of our IT budget, may be wasted this year because so many projects are poorly planned or managed."