WASHINGTON - Governmental Affairs Committee Chairman Fred Thompson (R-TN)
and ranking Democrat Joseph Lieberman (D-CT) said Senate approval Thursday of
the Government Information Security Act provides a new framework for
managing the security of the government’s information technology systems by
inserting increased accountability into the current security process. The Government
Information Security Act (S.1993) passed the Senate as part of the FY '01
Department of Defense Authorization bill (H.R. 4205).
"Effective computer security starts with effective management and this
legislation will help federal agencies get a handle on managing their computer
security efforts," Thompson said. "Establishing government_wide
procedures will help us prevent hackers and cyber-terrorists from wreaking
havoc in our information systems."
"If government is going to be plugged into the networked world as an
active, permanent presence," Lieberman said, "we will first have to
protect the confidentiality, the integrity and, of course, the availability of
the information contained on government computers. In today's Wild West
electronic environment, every precaution must be taken."
At risk of exploitation by teen-age hackers or international
cyber-terrorists is information ranging from the movement of the nation's armed
forces and deployment of our most powerful weapons, to accumulated data about
the economy, to wage and tax data kept by the government on all working
Americans. The Government Information Security Act addresses inadequate
government management of computer security by providing a meaningful foundation
from which to build more secure government computer networks. It vests overall
government accountability within the highest levels of the Executive
Branch; creates specific management rules for agency heads, such as
requiring agency-wide security programs; and requires agencies to have an annual
independent evaluation of their information security programs and
practices.
Also, in an effort to bolster the government's efforts to protect its
information technology assets, the