The Senate Homeland Security and Governmental Affairs Committee has a draft bill to overhaul the Federal Information Security Management Act (FISMA), which defines cybersecurity requirements for civilian agencies. The committee voted unanimously to advance the bill to the full Senate.
- Richard Spires, former chief information officer at the Department of Homeland Security, now principal at Richard A. Spires Consulting, said the legislation requires faster incident reporting both within the administration and to Congress and expands from a focus on personally identifiable information (PII) to include issues like national security.
- Spires said he thinks the bill is good but is concerned that it might overwhelm agencies; he said it would be better to require them to solidify IT and cybersecurity modernization plans.
- Spires said it’s a positive that the legislation broadens the role of the Cybersecurity and Infrastructure Security Agency (CISA) to perform continuous analysis, monitoring and penetration testing at agencies.
Watch the full interview: