House bill would expand DHS authority over private networks
Rep. Jim Langevin (D-RI) has introduced legislation that would expand the Department of Homeland Security’s authority over private networks determined to be part of US critical infrastructure.
The bill, the Executive Cyberspace Coordination Act, would give the Department of Homeland Security (DHS) the authority to establish “risk-enforced security practices and standards for critical infrastructure”, according to a summary of the legislation issued by Langevin’s office.
DHS would have the authority to create, verify, and enforce measures to protect information systems that control critical infrastructure. And the department would have the power to determine what critical infrastructure would be covered by the legislation.
The House bill would also establish a National Office for Cyberspace within the White House that would evaluate and enforce cybersecurity requirements for federal agencies, make certain that the government buys the “most advanced and secure technology possible”, and train the federal workforce in cybersecurity.
The director of the office would be appointed by the president, subject to Senate confirmation, and would have a seat on the National Security Council. This would enable the director to review agency information security budgets and make recommendations to the agencies as well as the president, the summary explained.
The bill would also require federal agencies to implemented automated and continuous monitoring of their information systems to ensure compliance with the Federal Information Security Management Act (FISMA) and identify deficiencies in information system security.
Federal agencies and contractors would also be required to conduct an annual independent audit of their information security programs to determine compliance with FISMA.
“Our nation sits at a crucial moment, where cyber attacks are common, but have not yet significantly impacted or endangered the American way of life”, said Langevin. “We have the opportunity to improve prevention and response to cybersecurity threats, but we must take action now”, he added.