New Cyber Bill Strikes Better Balance in Keeping Agencies Accountable

• October 30, 2017

In an era marked by high-profile cyberattacks and hacks, U.S. government agencies need to be held accountable for implementing adequate security standards to better mitigate those risks.

In May, President Donald Trump issued an executive order requiring federal agencies to assess their own cybersecurity, an assessment that is then reviewed by the Department of Homeland Security and the Office of Management and Budget.

In February, the House Science, Space, and Technology Committee proposed supplemental legislation, the Cybersecurity Framework, Assessment, and Auditing Act.

The initial draft of the bill tasked the National Institute of Standards and Technology with auditing the cybersecurity measures of government agencies. We criticized the proposal because that task is traditionally reserved for the Government Accountability Office or the inspector general of each agency.

In 2014, the institute created a cybersecurity framework compiling a list of best practices from existing industry standards. Today, the framework is the leading tool for assessing cybersecurity.

While there is little disagreement that the National Institute of Standards and Technology did a good job in compiling cybersecurity practices and tools to measure preparedness, the institute is not equipped to audit compliance with those practices, and requiring it to do so would erode the institute’s standing as a neutral arbiter.

For that reason, we were concerned that the proposal might make stakeholders less likely to share information with the institute, since that information might then be used in an audit from the institute.

After taking into consideration feedback from the public and undergoing a review, the House committee made amendments to the bill that addressed these concerns.

Under the updated proposal, which will be brought to the House floor, the National Institute of Standards and Technology would be tasked with working with the inspectors general to perform yearly evaluations. The institute will be responsible for providing an initial assessment of preparedness, providing technical assistance, and making recommendations to improve security.

The Council of the Inspectors General, the organization that oversees inspectors general, in turn would be responsible for providing training and evaluating effectiveness.

This new division of labor is an improvement, as it makes better use of the unique strengths of the National Institute of Standards and Technology and the inspectors general.

Paul Rosenzweig | Contributor

Paul Rosenzweig is the founder of Red Branch Consulting PLLC, a homeland security consulting company, and a senior adviser to The Chertoff Group. Read his research.

Follow on X RosenzweigP

Ceara Casterline | Contributor

Ceara Casterline is a member of the Young Leaders Program at The Heritage Foundation.

Read the first chapter of The Woketopus right now for FREE

Today, even with President Trump’s victory, leftist elites have their tentacles in every aspect of our government.

The Daily Signal’s own Tyler O’Neil exposes this leftist cabal in his new book, The Woketopus: The Dark Money Cabal Manipulating the Federal Government.

In this book, O’Neil reveals how the Left’s NGO apparatus pursues its woke agenda, maneuvering like an octopus by circumventing Congress and entrenching its interests in the federal government.
You can read the first chapter of this new book for FREE in this eBook, The Woketopus: Chapter One using the secure link below.

GET MY FREE EBOOK