In the aftermath of a massive data breach on the federal government's personnel database, which resulted in the theft of more than 21 million government employees' sensitive information, a bipartisan group of senators is working to bolster the security of federal networks and consolidate the government's cyberdefense.
The bill would accomplish this, the senators believe, by granting the Department of Homeland Security additional authority to monitor the networks of other federal agencies and to initiate countermeasures that would thwart cyber intrusions.
"The recent cyber attack at [the Office of Personnel Management] affected a staggering number of Americans and exposed a tremendous vulnerability with the status quo in the defense of federal civilian networks," Sen. Susan Collins said Wednesday. "Like millions of Americans, I received a letter that my personal data had been compromised."
Collins was joined by her Senate colleagues Mark Warner, Dan Coats, Barbara Mikulski, Kelly Ayotte, and Claire McCaskill.
The grand scale of the OPM breach, which was revealed earlier this month, was seen by many lawmakers as a reflection of incompetence among civilian leadership and a result of enduring negligence across government agencies to prepare for the rising threat of cyber attacks.
"The attack on OPM has been a painful illustration of just how behind the curve some of our federal agencies have been when it comes to cybersecurity," Sen. Warner said.
Shortly after the total number of affected employees was publicly disclosed, OPM Director Katherine Archuleta resigned. The stolen information included employees' Social Security numbers and fingerprints, as well as their home addresses and financial histories.
"Today's threats are too great to rely on each department and agency to protect their own networks, and recent evidence demonstrates that the status quo is unacceptable," Sen. Coats said. "It's time for [Homeland Security] to earn its title."
The legislation aims to focus the federal government's cyber defenses by giving the Department of Homeland Security a more direct role. Under the proposed changes, the DHS would be able to operate breach detection on all federal agencies across the .gov domain without an agency's permission. The Department would also be empowered to launch defensive measures once a threat has been detected on government networks.
The senators believe the proposed law will better protect sensitive data that's stored in scattered locations.
"We've got to employ every tool at our disposal to ensure this data can be protected, and that such a staggering security breach never happens again," said Sen. McCaskill.