Issa Rejects Senate-Passed Measure To Overhaul Federal Information Security

By Alexei Alexis

Dec. 9 — Senate-passed legislation designed to beef up the security of federal computer networks faces opposition from House Oversight and Government Reform Committee Chairman Darrell Issa (R-Calif.), who is the author of a conflicting House version.

Both measures would update the Federal Information Security Management Act (FISMA), but a key difference is that the Senate proposal (S. 2521) would give a new lead role to the Department of Homeland Security. Currently, FISMA issues are supervised by the Office of Management and Budget.

“Chairman Issa does not support the FISMA bill being sent over and encourages the Senate to move the unanimously approved House version, H.R. 1163,” Issa spokeswoman Becca Glover Watkins said Dec. 9 in an e-mail.

Outlook Uncertain

Norma Krayem, global co-chairman of data protection and cybersecurity at Squire Patton Boggs LLP, told Bloomberg BNA that legislation to overhaul FISMA is “critical to get done,” particularly in light of ongoing cyberattacks against federal agencies.

Whether differences can be reconciled during the remaining days of the legislative session is uncertain, she said.

A spokesman for House Majority Leader Kevin McCarthy (R-Calif.) didn't respond to a request for comment.

Under the Senate bill, OMB would “oversee” FISMA implementation, while DHS would “administer” it. The Senate passed the measure late Dec. 8 by unanimous consent.

“This bill will modernize our outdated federal network security laws, provide the tools and authorities needed to improve security at our federal agencies, and increase transparency and accountability for data breaches at federal agencies,” Senate Homeland Security and Governmental Affairs Committee Chairman Tom Carper (D-Del.), the bill's author, said in a statement.

“We now need our colleagues in the House to bring this critical bill across the finish line and to the President's desk. With the clock ticking on the 113th Congress, we can't afford to wait.”

Other Bills

Carper has also been pushing a bill (S. 2519) to clarify the Department of Homeland Security's role in combating cybersecurity threats that U.S. companies face. The bill would codify the DHS National Cybersecurity Communications Integration Center (NCCIC) as an entity charged with facilitating real-time cyberthreat information sharing. Carper's committee approved the measure in June, but he has since struggled to get proposal to Senate floor.

Action on a cybersecurity bill (S. 2588) approved by the Senate Intelligence Committee has been stalled as well. That measure would provide liability protection to U.S. companies that share cyberthreat data with other private sector entities or the federal government. The bill has faced opposition from privacy advocates, while enjoying strong support from leading industry groups, such as the U.S. Chamber of Commerce.

Senate Intelligence Committee Chairman Dianne Feinstein (D-Calif.) previously said she was hopeful about the possibility of Senate floor action during the lame-duck session. However, a Feinstein aide told Bloomberg BNA Dec. 9 that the outlook was “not positive.”

To contact the reporter on this story: Alexei Alexis in Washington at aalexis

To contact the editor responsible for this story: Heather Rothman at

Text of Carper's bill to update FISMA, S. 2521, can be found at: