October 10, 2000
Conferees Endorse Thompson?s Plan to
Ensure Government Cyber-Security
WASHINGTON, DC - Senate Governmental Affairs Chairman Fred
Thompson (R-TN) today announced that the Government Information
Security Act, his bill to provide a new framework for protecting
the security of the government?s computers from outside attack
by hackers, is included in the conference report on H.R. 4205, the
National Defense Authorization Act for Fiscal Year 2001. The
legislation, the result of numerous hearings, independent reports
and security testing by government computer security experts at
the request of Chairman Thompson, was added to the Defense
Authorization bill in the Senate and has been approved by the
House-Senate conferees. The conference report is expected to be
approved by both the Senate and House this week.
"Effective computer security starts with effective
management and this legislation will help federal agencies get a
handle on protecting their assets and prevent hackers and
cyberterrorists from wreaking havoc with citizens? sensitive
information, such as taxpayer data, veterans? medical records,
and social security portfolios," said Senator Thompson.
A number of federal systems have experienced security lapses
over the years. For example:
In March, a routine inventory check of State Department
computers revealed that 18 laptop computers were missing. At least
one computer belonged to the State Department?s Bureau of
Intelligence and Research and is believed to have contained highly
classified information. On August 9, 2000, the FBI posted a
$25,000 reward for any information leading to its recovery.
Recent reports revealed that the FAA has allowed
unauthorized access to FAA?s most sensitive computer systems and
software.
A private auditing firm hired by the Department of Veterans
Affairs? Inspector General broke into computers at the
Department at least a dozen times this year, gaining total control
of data and creating a "virtual veteran" to fraudulently
collect benefits.
The Thompson bill, which he introduced with the Committee?s
Ranking Member, Senator Joseph Lieberman (D-CT), addresses
inadequate government management of computer security by
making the Executive Branch accountable for the safe
keeping of the data kept by the government on all working
Americans.
The Government Information Security Act would:
Vest overall government accountability within
the highest levels of the Executive Branch (Deputy Director for
Management at the Office of Management and Budget);
Create specific management rules for agency
heads, such as requiring agency-wide security programs;
Require agencies to have an annual independent
evaluation of their information security programs and practices;
and
Focus on the importance of training programs
and government-wide incident response handling.
# # # |