House bill targets DHS cybersecurity efforts
A bill introduced this week in the House of Representatives would require DHS to assess the robustness of contractors' cybersecurity protection before hiring them.
A bill introduced this week in the House of Representatives would require the Homeland Security Department to assess the robustness of contractors' cybersecurity protection before hiring them.
The Homeland Security Network Defense and Accountability Act of 2008, introduced by Rep. James Langevin (D-R.I.), is intended to improve the department's cybersecurity by ensuring contractor cyberqualifications, strengthening the chief information officer position, establishing rules about cyberresponse and capabilities, and requiring various assessments.
The bill stipulates that DHS must determine contractors' cybersecurity posture before signing a contract, according to a news release from Langevin.
It applies to any contractor who will have access to the department's computer networks, said Joy Fox, a spokeswoman for Langevin.
The legislation calls not only for contractors working with DHS to have robust cybersecurity in place but also for DHS to assess and tighten its cybersecurity procedures and capabilities.
"Through my many cyberhearings, it has become clear that an organization is only as strong as the integrity and reliability of the information that it keeps. Therefore, we must make cybersecurity a national priority," Langevin, who is chairman of the Subcommittee on Emerging Threats, Cybersecurity and Science and Technology, said in a news release.
Besides requiring the secretary to determine the security posture of contractors before entering into network service agreements with them, the legislation will:
- Establish authority and qualifications for DHS' chief information officer.
- Require DHS to have a continuous, real-time cyber incident response capability.
- Require a DHS network architecture with security controls.
- Require vulnerability assessments for each network tied to external networks.
- Set protocols for reducing network intrusions.
- Require the secretary to share threat information with cleared contractors and report to Congress on strategies to investigate cyberbreaches.
NEXT STORY: Learning tree