WASHINGTON - At today’s House Committee on Oversight and Reform markup of H.R. 6497, the Federal Information Security Modernization Act (FISMA), Ranking Member James Comer (R-Ky.) championed the bipartisan legislation and emphasized how Congress can accomplish real progress when resources are focused on the needs of the American people.
In his opening statement, Ranking Member Comer highlighted the importance of the federal government protecting Americans’ sensitive information housed on federal agency systems. Foreign adversaries continue to unleash a nonstop barrage of cyber-attacks against American companies and federal agencies, potentially jeopardizing our national security, economy, and even the personal safety of Americans. Ranking Member Comer noted how this update to FISMA will ensure federal agencies, in coordination with the private sector and government contractors, are better equipped to protect against, quickly fix, and deter future damaging digital intrusions. He concluded by stating a risk-based, real-time approach to deterring evolving threats will allow government and private sector partners to efficiently respond to inevitable future breaches.
Below are Ranking Member Comer’s remarks as prepared for delivery.
We are here today to update the Federal Information Security Modernization Act or FISMA - the primary law governing federal cybersecurity.
I want to thank Chairwoman Maloney and her staff for their hard work, professionalism, and collaboration on this effort.
It has been nearly eight years since Congress last addressed the structure, framework, and evolution of federal cybersecurity in a comprehensive manner.
And in that time, we have seen criminal organizations, nation states, and all manner of enemies unleash a nonstop barrage of cyber-attacks against American companies and federal agencies.
These threats are becoming more sophisticated, and the damage they can inflict puts our national security, economy - even the personal safety of the American people at risk.
As these threats evolve, FISMA must evolve too in order to meet the challenge.
While not the only high-profile attack in recent years, the SolarWinds breach last year served as a wake-up call.
The governance structure of federal cyber security, the maturity of our cyber defenses and the effectiveness of our oversight tools were no longer up to the task.
Those are the main problems our bill addresses.
We clarify roles, responsibilities and reporting channels. OMB sets policy; CISA gives operational assistance; and the National Cyber Director is in charge of overall cyber strategy.
We make the National Cyber Director the point person for briefing Congress.
They will coordinate the multiple agencies involved in a major cyber incident to give Congress a clear picture of the situation.
They will also serve to help industry navigate the array of federal agencies who come calling after an attack.
We also codify a Federal Chief Information Security Officer to ensure focus on cybersecurity within OMB and to ensure proper coordination with the National Cyber Director.
Second, we make it clear Congress wants federal agencies to adopt modern cyber practices. SolarWinds showed the days of “perimeter defenses" are over.
Given the sophistication of our foes, we have no choice but to move to a “zero-trust" framework where agencies assume anyone inside their networks is up to no good.
Finally, we give clear direction that Congress expects new processes and metrics to understand the readiness of our cyber defenses are on a continual basis. Point-in-time, backwards-looking assessments will no longer cut it.
I appreciate the input from all stakeholders as we have worked on this bill.
I am also pleased to see such bipartisan support from this Committee with so many original cosponsors.
I am confident our risk-based, real-time approach will help federal agencies and private sector partners address a quickly evolving threat landscape and more efficiently respond to the inevitable breaches to come.
This is a good example of what this Committee can do when we focus on the real needs of the American people and go through regular order.
I urge my colleagues to support this legislation.
I yield back.
