A bill that could help such federal agencies as the FDIC and the IRS better secure themselves against cyberattack has reached the floor of the U.S. House of Representatives. HR 1224, which directs the National Institute of Standards and Technology (NIST) to advise agencies on better defenses, earlier this month made it out of the House Committee on Science, Space and Technology on a 19 to 14 vote.
If approved, the bill requires NIST within six months to provide “guidance that Federal agencies may use” to implement the voluntary “cybersecurity framework” that NIST first introduced in 2014. Serving as a road map to better web defenses, that framework offers best practices that agencies can follow to shield themselves from attack.
“This common-sense legislation takes advantage of NIST’s unique capabilities to both develop cybersecurity standards and guidelines, which NIST does now, and go further and evaluate and assess the extent of federal agencies’ compliance with them,” said committee Chairman Lamar Smith (R-Texas). The NIST guidance would include metrics to measure how well agencies can defend against cyberattack, along with security assessments and other measures.
The vote generally went along party lines, with most committee Democrats opposing. One criticism they leveled at the proposal is that the U.S. Department of Homeland Security or the U.S. Office of Management and Budget should take the lead on this effort.
The push for more federal cybersecurity follows a massive 2015 breach of the Office of Personal Management in which hackers gained access to the personal information of more than 25 million government employees. And late last year, Reuters reported that the FBI is investigating hacks at the FDIC that date back to 2010 and may have come from the Chinese military. That followed an earlier 2016 data breach involving some 44,000 FDIC customers, and another attack that targeted the IRS.
Last year, a congressional report said the FDIC has been hacked several times over several years and regulators have been covering up or misrepresenting breaches.
- FDIC: Non-Malicious Hack Involved 44,000 Consumers
- IRS Thwarts Hack; Obama Calls for More Cybersecurity
- Congressional Report Accuses FDIC of Covering up, Misrepresenting Data Breaches
Image Credits: Ditty_about_summer