Bill would put OMB in charge of computer security

Senate Government Affairs Committee Chairman Fred Thompson, R-Tenn., introduced a bill Friday to protect federal government information systems from cyber-attack, a move that could complicate the Clinton Administration's pending critical infrastructure protection plan.

Dubbed the Government Information Security Act, S. 1993 is co-sponsored by ranking member Sen. Joseph Lieberman, D-Conn. The bill would require that a government-wide set of information security controls be established under the auspices of the Office of Management and Budget, altering the bifurcated information security system in which the National Security Agency is responsible for securing classified information and the Commerce Department's National Institute of Standards and Technology is responsible for securing non-classified information.

"Despite a flurry of activity in this area and a number of statutes already on the books which deal with the issues, we have concluded that a more complete and meaningful statutory foundation for improvement is needed," Thompson said in a Friday speech introducing the legislation.

Besides strengthening the Office of Management and Budget's information security duties, the bill would require an annual independent evaluation of their information security practices, and mandate that agencies follow "best practices" guidelines derived by the Government Accounting Office.

Thompson's bill adds congressional pressure to the already complicated mix of forces pressing on the administration, which is set to release a long-awaited information security plan in December and has been attempting to rally support within industry and on the Hill.

But although Critical Infrastructure Association Office head John Tritak has recently acknowledged that the government's Federal Intrusion Detection Network (FIDNet) would involve only federal agencies and not the private sector-a concern that raised hackles from privacy advocates and from House Majority Leader Richard Armey, R-Texas-securing the support of federal agencies has also proven problematic.

"The White House is trying to push agencies to do things the agencies don't want to do and that would cut into agency authority and discretion," said James Dempsey, senior staff attorney for the Center for Democracy and Technology.

In his statement introducing the bill, Thompson referred to a recommendation that he opted not to place in the bill, including the proposal that a new National Chief Information Officer be established.

"The goal of the bill we are introducing today is to protect the integrity, confidentiality, and availability of the information on government computers and to ensure that critical improvements in our federal computer security system take place," Lieberman said in a statement.