DHS's Greg Schaffer tells the House Homeland Security Committee that the department would lead most responses to cyber attacks but definitive roles won't be determined until the administration completes a national incident response plan.
A new federal "tiger team" on healthcare privacy and security is preparing its first set of recommendations, focusing on making sure healthcare organizations exchanging clinical information take adequate precautions.
The Protecting Cyberspace as a National Asset Act also would replace paper-based FISMA compliance with continuous monitoring of technology systems and assaults by "friendly hackers" to test IT vulnerabilities.
"Operators of critical infrastructure could opt-in to a government-sponsored security regime," Deputy Secretary William Lynn III says. "Individual users who do not want to enroll could stay in the wild wild West of the unprotected Internet."
Veterans Affairs CIO tells a House panel that the VA has taken significant steps to prevent further IT security breaches that have plagued the agency, but auditors testify that the department faces alarming consequences because of a lack of security controls.
Most House members voted for the America COMPETES Reauthorization Act, but with few Republicans supporting it, the measure failed to muster the two-thirds vote required to pass under rules that brought the bill back to life.
Although the list of major healthcare breaches reported to federal authorities so far does not yet include a large-scale hacking incident, organizations should nevertheless take preventive measures to avoid such attacks, a federal privacy expert says.