Senators wrap DHS cyber bills together in bid for floor time

A Senate committee on Wednesday approved a cybersecurity bill that would give the Department of Homeland Security (DHS) considerable powers to defend government networks from hackers.

Since the catastrophic data breach at the Office of Personnel Management (OPM), policymakers have been scrambling to shore up network defenses.

{mosads}Senate Homeland Security and Governmental Affairs Committee Chairman Ron Johnson (R-Wis.) vowed that the measure approved Wednesday, the Federal Cybersecurity Enhancement Act, would help.

“With this act in place, it will become far more difficult for our adversaries to steal our private data and to penetrate government networks,” he said.

The bill — introduced Monday with the panel’s top Democrat, Sen. Tom Carper (Del.) — would require all agencies to adopt several cybersecurity best practices. It would also accelerate the rollout of the government’s anti-hacking shield, dubbed “Einstein,” that detects and repels known cyber threats.

During Wednesday’s markup, Johnson’s committee adopted two amendments that essentially combined his bill with another major DHS-focused piece of legislation that a bipartisan group of six senators introduced last week.

That measure would reform the 12-year-old Federal Information Security Management Act (FISMA) and formalize the DHS’s role in protecting government networks and websites. Known as the FISMA Reform Act, the bill would give the DHS legal authority to deploy tools that search for intrusions on government networks at any agency without a formal request.

“Right now, DHS does not have the authorities it needs to enforce cybersecurity standards, and agencies’ reliance on DHS to find and neutralize cyber threats is voluntary,” Sen. Mark Warner (Va.), that bill’s lead Democrat, said on Wednesday. “That’s a real problem.”

Sen. Susan Collins (Maine), the lead Republican on the FISMA Reform Act, said she was “very pleased” by the merger of the bills.

“It is long overdue to make sure all of our federal networks and the information they hold are properly protected and secured,” she added.

The amendments were offered by Sens. Kelly Ayotte (R-N.H.) and Claire McCaskill (D-Mo.), the two co-sponsors of the original bill and members of the Homeland Security panel.

Other amendments were relatively minor.

Sen. Rand Paul (R-Ky.), who is running for president, got language tacked on that would require a report on whether the Einstein program collects private information not related to cyber threats. Paul’s dogged opposition to government data collection has been a prominent part of his White House bid.

Sen. Ben Sasse (R-Neb.) also got two oversight amendments approved.

One would require the administration to file a report to Congress on the full damage of the recent OPM hacks. The other would require an assessment of what unclassified information can be combined to produce classified data.

National security experts fear Chinese hackers are amassing a database of mostly unclassified data that could still be cross-referenced to uncover classified intelligence, such as the identity of undercover agents.

Senators will now search for a way to get the fortified Federal Cybersecurity Enhancement Act through the upper chamber.

“With each passing day, and for the foreseeable future, our federal agencies will continue to come under a cascade of attacks in cyberspace, as will our businesses and critical infrastructure,” Carper said.

Over the past few weeks, lawmakers backing both efforts had expressed interest in offering their language as an amendment to a cybersecurity bill that had been expected to hit the floor before the August recess.

The bill, known as the Cybersecurity Information Sharing Act, would increase the exchange of data on hackers between the public and private sectors.

But Senate leadership changed course, choosing instead to act on a bill that would strip Planned Parenthood of its federal funding. It’s now unlikely the cyber bill will hit the floor until the fall.

“Congress needs to make bolstering our cyber defenses — and staying ahead of this evolving threat — a top priority,” Carper added.