"The security of our Federal and critical infrastructure networks is an issue of national security and one that I have worked on for several years now," said Congressman Jim Langevin, Chairman of the Subcommittee on Emerging Threats, Cybersecurity and Science and Technology. "Through my many cyber hearings it has become clear that an organization is only as strong as the integrity and reliability of the information that it keeps. Therefore we must make cybersecurity a national priority."
This legislation represents a critical step toward improving the cybersecurity posture at the Department of Homeland Security by addressing two key issues: ensuring a robust defense-in-depth of our information systems, and holding individuals at all levels accountable for mitigating vulnerabilities.
This legislation will:
- Establish authorities and qualifications for the Chief Information Officer (CIO) position at the Department of Homeland Security
- Establish specific operational security practices for the CIO, including:
- A continuous, real-time cyber incident response capability,
- A network architecture emphasizing the positioning of security controls, and
- Vulnerability assessments for each external-facing information infrastructure
- Establish attack-based testing protocols to reduce the number of successful exploitations of the Department's networks
- Require the Secretary to make determinations about the security posture of contractors prior to entering into network service agreements with them
- Require that the Secretary report to Congress on creating a counter-intelligence plan to investigate all cyber breaches and a program to increase threat information sharing with cleared contractors.
