Legislation introduced by U.S. Reps. James Walkinshaw (D-VA) and Don Bacon (R-NE) would strengthen security at the U.S. Department of Homeland Security after compliance gaps were found by the Government Accountability Office.
The Cybersecurity Logging Enforcement and Accountability Reporting (CLEAR) Act would require DHS to report to Congress on the gaps preventing the department from fully meeting federal cybersecurity event logging requirements. The legislation comes after the GAO found in 2023 that DHS and several federal agencies had not fully implemented event logging requirements mandated under executive orders and the Office of Management and Budget directions.
“DHS is supposed to be the tip of the spear on federal cybersecurity. That means meeting its own cybersecurity requirements, not just setting standards for others,” Walkinshaw said. “This bill is simple: show Congress what’s broken, what resources are missing, and what it will take to fix it. When federal networks are under attack, DHS cannot afford blind spots.”
Event logging is a cybersecurity tool that tracks activity across and agency’s network and systems. Without them, agencies can miss information needed to investigate cyber incidents, which can impact the ability to respond to threats in time. The GAO found that federal agencies reported more than 32,000 information security incidents to DHS in 2023 alone. Advocates argue that as cyber threats become more sophisticated and frequent, the country must ensure DHS all the information it needs to respond to cybersecurity incidents.
The CLEAR Act requires DHS submit a report to Congress within 180 days identifying gaps in resources, guidance, and policies preventing the Department from meeting all federal cybersecurity event logging requirements, along with what is needed to close those gaps. The legislation also requires DHS to brief relevant congressional committees and publish an unclassified summary for the public.
“The cybersecurity threats facing our federal agencies continue to escalate, and DHS cannot afford blind spots across its networks,” Bacon said. “The CLEAR Act will give Congress the insight needed to ensure DHS is fully implementing federal event logging standards, closing compliance gaps, and protecting some of our nation’s most critical systems. I’m pleased to join Rep. Walkinshaw on this bipartisan effort to strengthen DHS cybersecurity and improve accountability.”
The bill is supported by the Information Technology Industry Council (ITI).
