The Senate Committee on Homeland Security and Governmental Affairs on July 29 approved four bills–one cybersecurity, two border security, and one critical infrastructure.
The Federal Cybersecurity Enhancement Act of 2015 (FCEA, S.1869) was approved by a vote of 9-0 with 6-0 approving by proxy for the record only.
FCEA would speed up deployment of the Department of Homeland Security’s (DHS) EINSTEIN intrusion detection and prevention systems to federal civilian agencies by clarifying legal authorities and mandating agency adoption. The bill would also require agencies to adopt best practices in cybersecurity (Defense Daily, July 28).
The bill was sponsored by Sen. Ron Johnson (R-Wisc), the chairman of the committee, and Tom Carper (D-Del.), the ranking member.
“I think the overall reason…we need to authorize…the EINSTEIN program is there are agencies that simply don’t believe they have the authority to basically install this protection on their IT systems,” Johnson said upon introducing the bill at the hearing.
“It is a critically important program especially in light of the seemingly never ending cyber attacks on our federal government,” Carper agreed in his opening statement.
S.1869 was approved with six amendments by voice vote: two by Sens. Kelly Ayotte (R-N.H.) and Claire McCaskill (D-Mo.), two by Rand Paul (R-Ky.), and two by Ben Sasse (R-Neb.).
Ayotte and McCaskill’s first amendment requires the secretary of DHS to ensure several privacy and transparency measures are incorporated into the EINSTEIN system. The second amendment grants the secretary additional tools to improve cybersecurity across the government and requires an annual OMB report on the number f times it has used its authority to force an agency to comply with promulgated cybersecurity policies.
Paul’s amendments incorporate several more privacy protections.
Sasse’s first amendment would require an assessment and report to identify unclassified information on government networks that, when combined with other unclassified information as a mosaic, could produce a piece of classified information. His second amendment requires an assessment and report to Congress on the damage to national security caused by the Office of Personnel Management (OPM) data breach.
Several other Homeland Security bills were approved as one block, notably the Department of Homeland Security Border Security Metrics Act of 2015 (S.1864); the Northern Border Security Review Act, as amended by a Heitkamp Substitute (S. 1808); and the Critical Infrastructure Protection Act of 2015, as amended by a Johnson Substitute (CIPA, S. 1846).
S. 1864, introduced by the chairman and Sen. John McCain (R-Ariz.), directs the secretary of DHS to develop metrics to measure the effectiveness of security between both land and shipping port points of entry to the United States and to annually implement metrics developed within the bill. The metrics include estimates of total attempted unlawful border crossings, the rate of apprehension of attempted unlawful border crossers, number of unlawful entries, unlawful border crossing effectiveness rate, probability of detection and illicit drugs seizure rate.
S. 1808, introduced by Sens. Heidi Heitkamp (D-ND), Johnson, Ayotte, and Gary Peters (D-Mich.), requires the Secretary of DHS to conduct a northern borders threat analysis and to submit a report on the analysis to congressional committees no later than 180 days after the enactment of the bill. The threat analysis would include terrorism and criminal threats posed by individuals and groups seeking to enter or exploit the Northern Border; improvements needed at ports of entry along the border; improvements needed between ports of entry along the border; and vulnerabilities in law, policy, and cooperation between state, tribal, and local law enforcements that hinder border security.
CIPA, introduced by the chairman, would order the secretary of DHS, through the under secretary for science and technology, to conduct research and development to mitigate the consequences of threats of an electro-magnetic pulse (EMP) caused by a nuclear device or non-nuclear device, or a geomagnetic disturbance (GMD) caused by solar storms or other naturally occurring phenomena.