Sens. Gary Peters (D-Mich.) and Rob Portman (R-Ohio) last Thursday introduced legislation requiring federal agencies to share information about cyber security incidents with the Office of Management and Budget (OMB) and the Cybersecurity and Infrastructure Security Agency, allowing greater situational awareness about threats.
The Federal System Incident Response Act (S. 5008) would require CISA to publish an annual report on federal cyber security incidents, which the senators said would help the government and private sector understand the most common and dangerous threats.
The bill, which hasn't been published, would also require OMB to provide guidance and templates for agencies so that information sharing is standardized, reducing cost and time for sharing and better enabling analysis of the threat data.
"The federal government has a responsibility to secure the information of all Americans," Portman said in a statement. "As bad actors continue to exploit weaknesses in federal systems, it's critical that the federal government is able to quickly respond to any incident and better protect the information in its care. This bipartisan bill takes important steps to better coordinate our government's response to breaches and quickly inform the American people if their information has been compromised."
The bill, which has been referred to the Senate Homeland Security and Governmental Affairs Committee, would amend the Federal Information Security Management Act (FISMA) to clarify when and how agencies must notify impacted individuals and Congress when data breaches occur. FISMA mandates that agencies have information security plans.