U.S. senators introduce cybersecurity bill to boost Department of Homeland Security’s authority

U.S. Senator Kelly Ayotte (R-NH) joined five other senators last week in introducing bipartisan legislation that would bolster the U.S. Department of Homeland Security’s (DHS) authority to prevent and block cyberattacks on .gov networks.

The Federal Information Security Management Reform Act of 2015 was introduced by Ayotte and Senators Susan Collins (R-ME), Mark Warner (D-VA), Dan Coats (R-IN), Barbara Mikulski (D-MD), and Claire McCaskill (D-MO) following the cyberattack at the Office of Personnel Management (OPM), which compromised the personal information of at least 21.5 million individuals as of April.

“While the DHS has the mandate to protect the .gov domain, it only has limited authorities to do so,” Ayotte said in a press release posted on her website. “At present, DHS does not have the authority to monitor the networks of government agencies unless they have permission from that agency. DHS also cannot regularly deploy countermeasures to block malware without permission from the agency.”

Ayotte argued that the “limited authority hinders the security of .gov information systems which – as evidenced by the recent OPM attack – contain highly sensitive personal data such as Social Security numbers, home addresses, dates of birth, and in some cases, extensive background information of federal employees, retirees, and contractors.”

Related: Massive data breach could affect every federal agency; China based hackers suspected

To counter the risk, the act takes the following steps to strengthen the security of the networks of federal civilian agencies:

* Allows the Secretary of Homeland Security to operate intrusion detection and prevention capabilities on all federal agencies on the .gov domain;

* Directs the Secretary to conduct risk assessments of any network within the government domain;

* Allows the Secretary to operate “defensive countermeasures” on these networks once a cyber threat has been detected;

* Strengthens and streamlines the authority Congress gave to DHS last year to issue binding operational directives to federal agencies, especially to respond to substantial cybersecurity threats in emergency circumstances; and

* Requires the Office of Management and Budget (OMB) to report to Congress annually on the extent to which OMB has exercised its existing authority to enforce government wide cybersecurity standards.

Related: US personnel chief Katherine Archuleta resigns after more than 21 million affected by hack

“The recent security breaches of sensitive government databases pose a serious risk not only to the personal information of those affected, but also to our national security,” Ayotte said in the release. “There is currently a disconnect in our federal cybersecurity system when it comes to the responsibility, capability, and authority to protect federal agency networks, resulting in serious security vulnerabilities. The reforms in our legislation are major steps in the right direction, allowing the Department of Homeland Security a more direct role and responsibility to guard sensitive data housed in multiple places.”

Collins added that “like millions of Americans, I received a letter that my personal data had been compromised. This bipartisan legislation is crucial to securing our government systems and helping to prevent future, potentially devastating cyberattacks against our nation.”