House Passes National Defense Authorization Act
An amendment included in the final version of the NDA act would install a permanent cybersecurity office in the White House and reshape government IT security compliance.
House Democrats have secured passage of an amendment to the defense authorization bill that would establish a formal cybersecurity office in the White House and update federal compliance requirements for securing electronic data.
On Friday, the House passed the National Defense Authorization Act by a vote of 229 to 186, which included an amendment co-authored by Reps. Diane Watson (D-Calif.) and Jim Langevin (D-R.I.) that achieved many of the provisions outlined in separate pieces of legislation introduced earlier by the lawmakers.
"Not only does this amendment make necessary and wholesale improvements to our current cybersecurity policy and management framework, but it will also ensure that agencies have a strong leader within the Executive Office of the President to assist them in their efforts," Watson said in a statement.
Watson and Langevin described the amendment as an extension of the broader effort to overhaul the federal cybersecurity apparatus underway in the White House and across the agencies.
The creation of the National Office for Cyberspace within the Executive Office of the President would provide a statutory framework for the position of cybersecurity coordinator that President Obama created last year, drawing on the recommendations of the comprehensive cyberspace review he commissioned shortly after taking office.
Schmidt's current post won't be the only position getting some attention. The amendment would also codify the role of CTO, now held by Aneesh Chopra, within the White House as a permanent position to coordinate the IT activities and policies throughout the government.
Additionally, the amendment would reshape the requirements for government IT staffs outlined in the Federal Information Security Management Act (FISMA) of 2002, which has often come under criticism for placing more of a focus on compliance than achieving real security. The amendment would establish the Federal Cybersecurity Practice Board within the White House cyberspace office to establish uniform policies for FISMA compliance and coordinate the implementation of standards approved by the National Institute of Standards and Technologies.
"These provisions will establish strong, centralized oversight to protect our nation's critical information infrastructure and update our comprehensive policy for operating in cyberspace," said Langevin, who serves as co-chairman of the House Cybersecurity Caucus.
Other agencies would also be impacted by the amendment, which would establish new requirements for agencies to automate their security-monitoring procedures and run them continuously to identify weak spots in their systems. Agencies would also be required to enlist an outside entity to conduct an annual security assessment.
It would also revise the federal procurement procedures to ensure that government IT personnel only purchase technology that meets a baseline security standard.
The defense authorization bill now heads to the Senate, which is set to take up debate on the issue following the Memorial Day recess.