Federal data security bill heads to Obama’s desk

The first cyber bill of the lame-duck session will head to President Obama’s desk after the House approved an update to federal information security laws on Wednesday night.

The Federal Information Security Modernization Act (FISMA), which passed the Senate unanimously Monday night, made it through the House without opposition.

{mosads}The bill aims to change the way government agencies manage and respond to data breaches. It authorizes the Office of Management and Budget (OMB) to set policies regarding federal information security and directs the Department of Homeland Security (DHS) to help implement those policies.

Notably, it will also clarify oversight of the .gov websites.

“This bill will modernize our outdated federal network security laws, provide the tools and authorities needed to improve security at our federal agencies and increase transparency and accountability for data breaches at federal agencies,” said Senate Homeland Security and Governmental Affairs Committee Chairman Tom Carper (D-Del.), who sponsored the Senate bill.

During a Senate hearing Wednesday, Phyllis Schneck, DHS deputy under secretary for cybersecurity, said FISMA would “help us to achieve” the rapid cyber threat analysis and notification it desires.

The FISMA that ultimately passed contains elements of two bills that passed the House earlier this year.

House Oversight and Government Reform Committee Chairman Darrell Issa (R-Calif.) had his own federal information security update bill. That measure focused less on the DHS and more on the OMB. Although Issa indicated on Tuesday he did not support the Senate’s version of his bill, he ultimately didn’t oppose its passage.

House Homeland Security Committee Chairman Michael McCaul (R-Texas) also had a bill that defined the DHS’s cybersecurity role.

A pared-down Senate version of McCaul’s bill passed the upper chamber on Wednesday afternoon. It has yet to move in the House. But some elements left out of the Senate’s bill made it into FISMA, pleasing McCaul.

“The bill Congress sent to the president today will improve the DHS’s cybersecurity capabilities by clarifying the department’s authority and mission to secure federal networks,” he said.

Still, it’s just a fraction of what industry — and many lawmakers — were hoping to achieve this Congress.

Industry had pushed for a legal safe harbor for businesses exchanging cyber threat information with the National Security Agency. The private sector also advocated for standardized federal data breach notification requirements for companies.

Sen. Tom Coburn (R-Okla.), Homeland Security Committee ranking member, acknowledged that FISMA is just part of the bigger picture.

“This bipartisan reform bill is a small but significant step to address the problem,” he said. “It requires agencies to be accountable to Congress and the public for data breaches and other incidents to protect the public’s information.”