October 13, 2000
Senate Passes Thompson Legislation to Ensure
Government Cyber-Security
WASHINGTON, DC - Senate Governmental Affairs
Chairman Fred Thompson (R-TN) today announced final Senate passage
of the Government Information Security Act, his bill to provide a
new framework for protecting the security of the government’s
computers from outside attack by hackers. The legislation, the
result of numerous hearings, independent reports and security
testing by government computer security experts at the request of
Chairman Thompson, was passed as part of the conference report on
H.R. 4205, the National Defense Authorization Act for Fiscal Year
2001. The bill now goes to the White House for the President’s
signature.
"This legislation will require federal
agencies to get a handle on protecting their assets and prevent
hackers and cyberterrorists from wreaking havoc with citizens’
sensitive information," said Thompson. "Information such
as taxpayer data, veterans’ medical records, and social security
portfolios remains at risk and that’s unacceptable."
A number of federal systems have experienced
security lapses over the years. For example:
In March, a routine inventory check of
State Department computers revealed that 18 laptop computers
were missing. At least one computer belonged to the State
Department’s Bureau of Intelligence and Research and is
believed to have contained highly classified information. On
August 9, 2000, the FBI posted a $25,000 reward for any
information leading to its recovery.
Recent reports revealed that the FAA has
allowed unauthorized access to FAA’s most sensitive computer
systems and software.
A private auditing firm hired by the
Department of Veterans Affairs’ Inspector General broke into
computers at the Department at least a dozen times this year,
gaining total control of data and creating a "virtual
veteran" to fraudulently collect benefits.
The Thompson bill, which he introduced with the
Committee’s Ranking Member, Senator Joseph Lieberman (D-CT),
addresses inadequate government management of computer
security by making the Executive Branch accountable for the
safe keeping of the data kept by the government on all
working Americans.
The Government Information Security Act:
Vests overall government accountability
within the highest levels of the Executive Branch (Deputy
Director for Management at the Office of Management and Budget);
Creates specific management rules for agency
heads, such as requiring agency-wide security programs;
Requires agencies to have an annual
independent evaluation of their information security programs
and practices; and
Focuses on the importance of training
programs and government-wide incident response handling.
# # # |