WASHINGTON, DC - Senate Governmental Affairs Chairman Fred Thompson (R-TN) today announced that the Government Information Security Act, his bill to provide a new framework for protecting the security of the government’s computers from outside attack by hackers, is included in the conference report on H.R. 4205, the National Defense Authorization Act for Fiscal Year 2001. The legislation, the result of numerous hearings, independent reports and security testing by government computer security experts at the request of Chairman Thompson, was added to the Defense Authorization bill in the Senate and has been approved by the House-Senate conferees. The conference report is expected to be approved by both the Senate and House this week.

"Effective computer security starts with effective management and this legislation will help federal agencies get a handle on protecting their assets and prevent hackers and cyberterrorists from wreaking havoc with citizens’ sensitive information, such as taxpayer data, veterans’ medical records, and social security portfolios," said Senator Thompson.

A number of federal systems have experienced security lapses over the years. For example:

In March, a routine inventory check of State Department computers revealed that 18 laptop computers were missing. At least one computer belonged to the State Department’s Bureau of Intelligence and Research and is believed to have contained highly classified information. On August 9, 2000, the FBI posted a $25,000 reward for any information leading to its recovery.

Recent reports revealed that the FAA has allowed unauthorized access to FAA’s most sensitive computer systems and software.

A private auditing firm hired by the Department of Veterans Affairs’ Inspector General broke into computers at the Department at least a dozen times this year, gaining total control of data and creating a "virtual veteran" to fraudulently collect benefits.

The Thompson bill, which he introduced with the Committee’s Ranking Member, Senator Joseph Lieberman (D-CT), addresses inadequate government management of computer security by making the Executive Branch accountable for the safe keeping of the data kept by the government on all working Americans.

The Government Information Security Act would:

Vest overall government accountability within the highest levels of the Executive Branch (Deputy Director for Management at the Office of Management and Budget);

Create specific management rules for agency heads, such as requiring agency-wide security programs;

Require agencies to have an annual independent evaluation of their information security programs and practices; and

Focus on the importance of training programs and government-wide incident response handling.

# # #