A group of senators and representatives collectively introduced the Federal Information Security Modernization Act of 2023 this week in an effort to reform federal cybersecurity laws left largely untouched since 2014, and to increase communication between governmental entities.
The Federal Information Security Modernization Act of 2014 was one of the key catalysts for establishing real cybersecurity efforts at a federal level. This new act would update it and press for greater coordination between the Office of Management and Budget (OMB), the Cybersecurity and Infrastructure Security Agency (CISA), the Office of the National Cyber Director and other federal agencies and contractors dealing with online threats. It would also codify various efforts and require OMB to create guidance for federal agencies to better allocate resources needed for cybersecurity work.
While reform of federal security is its major goal, though, the reach of the bill would extend beyond the government. It would also put new stipulations on civilian agencies, requiring them to report all cyber attacks to CISA and major incidents to Congress, while granting CISA greater power to respond to incidents involving federal civilian networks.
“Foreign adversaries and criminal hackers are relentlessly targeting federal networks to steal sensitive data, and we must modernize federal cybersecurity standards to prevent attacks that can compromise our national security,” U.S. Sen. Gary Peters (D-MI), Homeland Security and Governmental Affairs Committee chairman, said. “This bipartisan bill will help federal agencies prevent cyber-attacks and quickly address network breaches.”
Peters was a lead figure on the bill, and was joined by U.S. Sen. Josh Hawley (R-MO). In the House, efforts were backed by U.S. Reps. James Comer (R-KY), and Jamie Raskin (D-MD), chairman and ranking member of the Committee on Oversight and Accountability, and Nancy Mace (R-SC), and Gerald E. Connolly (D-VA), chairwoman and ranking member of the Subcommittee on Cybersecurity, Information Technology, and Government Innovation.
“It has been almost a decade since Congress last addressed the structure, framework, and evolution of federal cybersecurity in a comprehensive manner,” Comer said. “And in that time, we have seen criminal organizations, nation states, and all manner of enemies unleash a nonstop barrage of cyber-attacks against American companies and federal agencies. The bipartisan, bicameral Federal Information Security Modernization Act of 2023 reflects years of diligent work between the House Oversight Committee and Senate Homeland Security and Governmental Affairs Committee to ensure the authorities and reporting responsibilities of our nation’s cybersecurity leadership is strengthened.”
High profile cyber attacks have grown in recent years, including several that successfully accessed federal networks. Just last month, Microsoft’s cloud systems were breached, allowing Chinese hackers to access government email accounts.