As a result of the recent major OPM breach which saw the compromise of data on over 20 million Americans, Congress has bipartisan support for the FISMA Reform Act, strengthening DHS cyber security mission capabilities for the .gov domain (emphasis added):
Introduced on Wednesday, the FISMA Reform Act provides an update to the 12-year-old FISMA and would give the DHS increased authority over other agencies’ networks on the .gov domain. As it stands, the DHS needs permission to come in and investigate or monitor networks, the Hill reports.
The new measure would provide DHS with legal authority to deploy tools that search for security breaches in real-time without a formal request to an agency. It would also enable DHS to conduct risk assessments of any other agency’s system and take action to secure vulnerable systems.
Earlier this year, the US Office of Management and Budget released a report that found although US government agencies spent $12.7 billion on cybersecurity in fiscal 2014 the government still faced nearly 70,000 cybersecurity events in total across departments.
Sen. Mark Warner, the lead Democrat on the bill, said that the voluntary nature of the system has “resulted in an inconsistent patchwork of security across the whole federal government.”
In a time when cybersecurity threats are changing rapidly, the federal government has been criticized for outdated programs and responding too slowly to serious data breaches, such as the OPM breach that compromised personal data belonging to 22 million people.