A bipartisan duo of senators introduced legislation late last week to update the Federal Information Security Modernization Act (FISMA) by clarifying how agencies share information about breaches in federal data systems.
Sens. Rob Portman, R-Ohio, and Gary Peters, D-Mich. — who serve together on the Senate Homeland Security and Governmental Affairs Committee — introduced the Federal System Incident Response Act as an effort to modernize and increase transparency in the government’s response to cyberattacks on federal agencies. The bill is especially timely after the recent SolarWinds breach that affected multiple agencies.
“As bad actors continue to exploit weaknesses in federal systems, it’s critical that the federal government is able to quickly respond to any incident and better protect the information in its care,” Portman said in a statement. “This bipartisan bill takes important steps to better coordinate our government’s response to breaches and quickly inform the American people if their information has been compromised.”
The bill would set specific requirements about alerting people if their information was accessed in a security breach by providing written notice “as expeditiously as practicable and without unreasonable delay.” To standardize that process, the Office of Management and Budget (OMB) director would develop a template and guidance to share that information.
It would also require agencies to share incident information with OMB and the Cybersecurity and Infrastructure Security Agency (CISA) to compare attacks across agencies. CISA would then produce an annual report of these incidents to share with federal and private-sector cybersecurity professionals so they can better understand the most common and persistent threats.
Peters and Portman have led several efforts to strengthen cybersecurity defenses, such as a bill to improve cybersecurity budgeting and another — unanimously passed by the Senate — to promote cybersecurity collaboration between the Department of Homeland Security and state and local governments.
It is unlikely that this bill will pass in the final weeks of the 116th Congress, but could signal legislative priorities for the next term.