OFFICIALS LEGISLATION INTEREST GROUPS PUBLIC STATEMENTS COMMITTEES VETOES

Upton, Murphy Highlight GAO Report that Finds Competing Priorities Hamper Federal Cybersecurity Officials

Press Release

Date: Sept. 15, 2016
Location: Washington, DC
Issues: Technology and Communication Government Operations

House Energy and Commerce Committee Chairman Fred Upton (R-MI) and Oversight and Investigations Subcommittee Chairman Tim Murphy (R-PA) today highlighted a new report from the non-partisan Government Accountability Office (GAO) that details challenges faced by Chief Information Security Officers (CISOs) across the federal government. In particular, the report found that 75 percent of surveyed federal CISOs cite competing priorities between operations and security as a large or moderate challenge they face.

Chairmen Upton and Murphy requested that the GAO investigate federal CISO authorities as a result of the Oversight and Investigations Subcommittee's 2015 report on information security at the Department of Health and Human Services (HHS), which found that competition between operations and security with regards to cybersecurity often led to security being deprioritized. As documented in that report, this reduction of security to operations often resulted in compromises of networks and information.

"We were concerned that the competition between security and operations that we observed at HHS might well exist at other federal agencies," explained Upton and Murphy, "Unfortunately, GAO's findings confirm our suspicions. Considering the consequences experienced by HHS as a result of this competition, it is imperative that we find ways to address this issue across the federal government and ensure that cybersecurity remains of utmost priority."

Two Energy and Commerce Committee Members, Rep. Billy Long (R-MO) and Rep. Doris Matsui (D-CA), introduced bipartisan legislation to address this issue at HHS. H.R. 5068, the HHS Data Protection Act seeks to address the imbalance between security and operations at HHS by elevating and empowering the senior official responsible for cybersecurity, the HHS CISO, to be a peer to the senior official responsible for information operations, the HHS CIO.

"We now have the watchdog's diagnosis, and the legislation introduced by Representatives Long and Matsui is an important first step toward addressing the competition between security and operations faced by federal cybersecurity officials," Upton and Murphy continued, "The committee remains dedicated to this important issue, and will continue to explore ways to address it and improve cybersecurity at federal agencies."


Source
arrow_upward