[Congressional Record Volume 158, Number 61 (Thursday, April 26, 2012)]
[Extensions of Remarks]
[Pages E668-E669]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]




     H.R. 4257, FEDERAL INFORMATION SECURITY AMENDMENTS ACT OF 2012

                                 ______
                                 

                         HON. CHRIS VAN HOLLEN

                              of maryland

                    in the house of representatives

                        Thursday, April 26, 2012

  Mr. VAN HOLLEN. Mr. Speaker, as a cosponsor of the Federal 
Information Security Amendments Act of 2012, I rise to commend Chairman 
Issa and Ranking Member Cummings and the members of the House 
Government Oversight Committee for their bipartisan efforts in crafting 
this thoughtful and timely piece of legislation.
  This bill is necessary because there has been an increasing number of 
cyber-attacks against federal information systems, including incidents 
in which operations were disrupted or sensitive data placed at risk. 
Among the number of notable security breaches in 2011 were cyber-
attacks at the Pentagon, the Oak Ridge Laboratory and the Veterans 
Administration. According to the U.S. Computer Emergency Readiness 
Team, the number of cyber-incidents reported in 2010 totaled more than 
107,000. The number of federal-only incidents was up 39 percent 
compared with 2009, at nearly 42,000 incidents.
  This act is intended to help arrest and reverse this troubling trend 
by ensuring that federal agencies use risk-based approaches to defend 
against cyber-attacks and to protect government information from 
unauthorized access.
  By shifting the federal government to a system of continuous 
monitoring of information systems and streamlining reporting 
requirements, the bill addresses concerns that

[[Page E669]]

FISMA, in its current form, places too great an emphasis on compliance 
over outcomes.
  The bill requires OMB to oversee agency policies and develop 
information security protections consistent with standards issued by 
the National Institute of Standards and Technology and OMB would have 
to report to Congress annually on agency compliance.
  Additionally, each agency would be required to provide protections 
that are commensurate with the risks posed to the security of the 
agency's information. The head of each agency would be required to 
appoint a Chief Information Security Officer responsible for developing 
and implementing an information security program and the bill mandates 
that each agency develop and implement an information security program 
that is approved by OMB.
  Mr. Speaker, as a leading employer in the U.S., the federal 
government has a special responsibility to ensure that the electronic 
points of entry it maintains with Americans and with the world are 
protected from unauthorized access and disruption.
  The common sense and necessary legislation before us today is an 
important step in that direction. I encourage my colleagues to join me 
in support of the bill.

                          ____________________