WASHINGTON – Today, Sen. Tom Carper (D-Del.), ranking member of the Senate Committee on Homeland Security and Governmental Affairs, highlighted a Fiscal Year 2014 annual report by the Office of Management and Budget (OMB) that evaluates implementation by federal agencies of the Federal Information Security Management Act (FISMA). The report found that federal agencies have overall made significant progress in several key security priorities, but several agencies are still behind on their cyber defenses.
“Now more than ever, the federal government needs to fully implement meaningful security programs that can withstand the serious cyber challenges our nation faces today and will face for the foreseeable future,” Sen. Carper said. “Although some agencies are making significant progress, this report underscores the troubling reality that cyber attacks and intrusions continue to occur at an increasing rate, and agencies need to be better prepared. Last year, I worked closely with my colleague and former ranking member, Dr. Tom Coburn, to enact a law that updates our FISMA framework and will better protect federal agencies from cyber attacks. But this report makes it clear that we cannot rest on our laurels. I look forward to learning more about federal agencies’ updated FISMA implementation in the coming weeks. I also look forward to continue working closely with my colleagues in the Senate and House, especially Chairman Johnson, on ways for Congress to help agencies address the very serious cyber threats facing our nation.”
Passed last Congress, the Federal Information Security Modernization Act of 2014, introduced by Sens. Carper and Tom Coburn (R-Okla.) made updates to the Federal Information Security Management Act of 2002 to address critical issues that had risen over the previous 12 years. The bill – now law – better delineated the roles and responsibilities of the Office of Management and Budget (OMB) and the Department of Homeland Security (DHS) in securing federal networks, moved agencies away from paperwork-heavy processes toward real-time and automated security, and put greater management and oversight attention on data breaches.