Bipartisan leaders of the House Oversight and Reform Committee are preparing legislation to overhaul the Federal Information Security Management Act, citing changes since that law’s enactment in 2014 including greater connections among federal IT systems and new types threats to them.
“Now, it’s no longer enough to guard our networks at their perimeters, as was the focus in the past. Today, we must also guard within the perimeter, continuously monitoring for the smallest trace of abnormal activity that might signal an intruder,” said chairwoman Rep. Carolyn Maloney, D-N.Y.
“Public and private sector entities continue to play whack-a-mole while hackers take advantage of every possible weakness in information systems. A modern update to FISMA will ensure federal agencies, in coordination with the private sector and government contractors, can better protect, disrupt, and deter damaging digital intrusions,” said ranking Republican Rep. James Comer of Kentucky.
At a hearing witnesses including cybersecurity experts and a GAO representative supported a draft measure focused on improving coordination among federal and other entities involved with cybersecurity and adopting up to date security practices including continuous risk assessment and faster detection of incidents and response to them.