Senate bill would give DHS new authority to remove corrupted software from federal systems

With the volume of cyber attacks on government computer systems jumping from 5,500 in 2006 to more than 77,000 in 2015, legislation introduced in the U.S. Senate on Tuesday would give the U.S. Department of Homeland Security (DHS) tools to better protect against foreign attacks.

The Federal Network Protection Act, S. 2743, would build on earlier legislative efforts give the secretary of homeland security authority to act expeditiously to address compromised software and computer systems under the Federal Information Security Modernization Act (FISMA). S. 2743 would clarify that the secretary of homeland security has authority to issue binding operational directives to act without prior notice to remove compromised software from federal networks.

U.S. Sen. Dianne Feinstein (D-CA) cited the growing speed and complexity of cyber attacks on federal systems in announcing the introduction of the bill on Tuesday.

“We’re seeing more and more attacks on federal computer systems by foreign agents, and we need to make sure we have all the tools and authorities necessary to block those attacks,” Feinstein said. “By clarifying what actions the secretary of homeland security can take, we allow the department to act quickly in response to cyber threats.”

A Government Accountability Office (GAO) report on DHS cybersecurity risk mitigation efforts released on Tuesday states that DHS has issued four binding operational directives under FISMA since July 2017. Federal agencies were ordered to identify and remove AO Kaspersky Lab security software from information systems and to discontinue future use, by one of the directives. GAO stated that it plans to evaluate DHS’ process for developing binding operational directives and overseeing implementation later this year.