The Public Eye with Eric Chabrow

Cybersecurity Reform Dealt Fatal Blow

Infosec Reform Downed by Don't Ask, Don't Tell Filibuster
Cybersecurity Reform Dealt Fatal Blow

A measure to significantly change the way IT security would be governed in the federal government will not become law this year.

Democratic supporters of the National Defense Authorization Act of 2011 failed Thursday to end a Republican filibuster that prevented a Senate vote on the measure that included historic changes in the way the government governs IT security. That's because the National Defense Authorization Act includes a provision to repeal the don't ask, don't tell law that bars gays from serving openly in the military.

Technically, another attempt to invoke cloture and stop the filibuster could occur before year's end, but that's seen as highly unlikely, striking the death knell for cybersecurity reform in the 111th Congress.

The House approved the defense act in May. And, earlier this week there was hope that Republican supporters of repeal of don't ask, don't tell would provide enough votes to stop the filibuster and allow an up-or-down vote on the measure. But some Republicans, despite their support for repeal, first wanted Congress to address the extension of the Bush-era tax cuts before voting on the defense bill; some also sought a more lengthy debate on the defense act than Senate Majority Leader Harry Reid, D-Nev., offered.

The original National Defense Authorization Act only addressed military cybersecurity matters, but in May - shortly before the House approved the bill - Reps. Diane Watson, D-Calif., and James Langevin, D-R.I., successfully attached a rider to the measure that would make momentous changes in how the federal government manages IT security.

The most dramatic change to IT security governance in the bill would have been the creation of a National Office of Cyberspace within the White House, with a Senate-confirmed director, to coordinate and oversee the security of agency information systems and infrastructure. That office would have strong budgetary oversight powers that are backed by financial pay-for-performance authorities, while remaining accountable to Congress. Other provisions would have:

  • Established a Federal Cybersecurity Practice Board within the cyberspace office to develop policies and procedures for agencies to adhere to in meeting Federal Information Security Management Act statutory requirements and to oversee the implementation of approved standards and guidelines developed by the National Institute of Standards and Technologies.
  • Required agencies to undertake automated and continuous monitoring of their systems to ensure compliance and identify deficiencies and potential risks caused by cyber incidents or threats to an agency's information technology assets.
  • Ordered agencies to obtain an annual independent audit of their information security programs to determine their overall effectiveness and compliance with FISMA requirements.
  • Developed secure acquisition policies to be used in the procurement of information technology products and services.
  • Created the Office of the Chief Technology Officer within the White House to work collaboratively across the government and private sector to analyze and improve the use of information technology.

What next? Lawmakers will start from scratch, with new hearings and new bills in the 112th Congress that convenes in January.

* * *

This blog entry replaces an earlier version that addressed a possible vote on the National Defense Authorization Act.



About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.