Legislators revive security bill to fight hackers
Faced with a rash of government computer security snafus, House lawmakers are reintroducing a bill that aims to better safeguard government systems against attacks.
The House Science Committee said it is preparing the Computer Security Enhancement Act, which for the most part duplicates a bill passed by the House last year, but was killed in the Senate.
With the Federal government reeling from a spate of hacker attacks on government Web sites and other information systems, the legislation's reintroduction is timely.
The committee will try to introduce the bill today or tomorrow, the House's schedule permitting. If the bill does not get introduced this week, it will have to wait until the second week of August, according to a committee spokesperson.
In pushing the bill, the Science Committee cited attacks on the White House, the Central Intelligence Agency, the Federal Aviation Administration, the Defense Department, the FBI, the National Aeronautics and Space Administration, the Energy Department's Brookhaven National Laboratory, the Army, and most recently, the National Weather Service. The U.S. Senate Web page also has been hit.
The recent computer security debacles were merely "embarrassing acts of vandalism," but threats to public safety also loom, the committee stated in its summary of the legislation.
"Altering or denying information could certainly have an adverse affect on public safety," the committee wrote. "According to [the General Accounting Office], the [Federal Aviation Administration's] weak computer security practices threaten nationwide disruption of air traffic or even loss of life due to collision.' Further, agencies like the IRS possess large amounts of sensitive personal information and data that need to be protected."
The Science Committee's bill would:
• Encourage government agencies to buy commercial security products, and require the Under Secretary of Commerce for Technology to promote the use of computer security technologies. The Under Secretary also would be directed to create a public information source on security threats, and
promote the development of a standards-based encryption, confidentiality,
and authentication technologies.
• Require Congress's 12-member independent Computer System Security and Privacy to formally recommend security-related standards.
• Establish fellowships for computer security students at the undergraduate and graduate levels.
• Require the National Research Council to weigh the benefits of public key infrastructures for encryption, which helps secure computer communication.
• Form a national panel to examine the potential creation of a standard nationwide digital signature infrastructure for authentication.