Rep. Ralph Abraham (R-Louisiana) has introduced a bill that seeks to help federal agencies build up their cybersecurity procedures and hold agency heads accountable for failure to enforce measures needed to prevent cyber attacks.
The proposed “Cybersecurity Responsibility and Accountability Act” would direct the director of the National Institutes of Standards and Technology to create and update cybersecurity guidelines and standards and perform research to determine and address data security challenges faced by agencies, Abraham’s office said in a news release published Tuesday.
The bill would also provide authority to the director of the Office of Management and Budget to enforce measures if a cyber incident occurred due to agency head’s failure to comply with federal cybersecurity standards.
“The action that the OMB director may take includes recommending to the president the removal or demotion of the agency head, or ensuring the agency head does not receive any cash or pay awards or bonuses for a period of 1 year,” according to the release.
The proposed legislation would require OMB, NIST and the Department of Homeland Security to define the responsibilities of a government chief information security officer within six months of the bill’s enactment.
Heads of agencies should also submit to OMB annual reports that include a certification of the agency’s compliance with NIST’s data security standards as well as create plans to facilitate the implementation of information security control recommendations of the agency inspector general and the Government Accountability Office.
Abraham introduced the bill in response to data breaches at the Office of Personnel Management, Federal Deposit Insurance Corp. and Internal Revenue Service that compromised the personal information of at least 20 million individuals.