President Obama once declared that ‘cyber threat is one of the most serious economic and national security challenges we face as a nation’. From individuals to federal agencies, the threat of a cyber attack is of huge concern to everyone. Unfortunately, at the moment there is no united approach in the US to tackling cyber threats: different states have different legislation, which means there is severe fragmentation in how the US federal government deals with cyber security.
However, at the end of June 2014 the Senate Homeland Security and Governmental Affairs Committee passed the Federal Information Security Management Act (FISMA) reform bill, which promises to be more in line with 21st century business needs. The current version of FISMA, brought in by President Bush following the September 11th attacks, requires federal agencies to implement information security programs to ensure the confidentiality, integrity and availability of their information and IT systems, including those provided or managed by other agencies or contractors.
12 years old, the Act is in dire need of updating and being brought into line with current threats such as cyber attacks and data breaches. According to Federal News Radio, the draft Act would require agencies to conduct ‘periodic assessments of risk and the magnitude of harm that could result in a cyber attack or data breach’. Cybersecurity procedures and standards would need to be injected into all federal agency frameworks and there would need to be senior level leadership around cybersecurity.
Committee chairman, Sen. Tom Carper, who is introducing the reform bill, said in a recent press release, “Cybersecurity is one of our nation’s biggest challenges… That’s why it’s imperative that we face this 21st century threat with a 21st century response.”
For more information on how you can help align your strategy with the current version of the Act, view our advice and guidance on FISMA.