[BreachExchange] Cyber Bill Would Let Agency Heads Be Fired If There’s a Data Breach

[Audrey McNeil]

http://www.nextgov.com/cybersecurity/2016/09/cyber-
bill-would-let-agency-heads-be-fired-if-theres-data-breach/131735/

A new bill would let agency heads be demoted, fired or punished if a data
breach occurs under their purview.

Introduced in the House this week by Rep. Ralph Abraham, R-La., the
Cybersecurity Responsibility and Accountability Act of 2016 proposes if a
major data breach occurs "in part or in whole" because an agency head
"failed to comply sufficiently with the information security requirements,
recommendations, or standards," the director of the Office of Management
and Budget can recommend his or her removal.

The bill would also allow OMB's director to ensure the agency head doesn't
get "any cash or pay awards or bonuses for a period of one year after
submission of the explanation" for the incident.

The bill follows several congressional hearings related to federal data
breaches including at the Office of Personnel Management, the Internal
Revenue Service, and the Federal Deposit Insurance Corporation, according
to a press release from Abraham's office.

The act is designed to increase "accountability so that we can hold agency
heads responsible when they fail to correct security vulnerabilities
identified by inspectors,” Abraham said in a statement.

The bill also tasks the National Institute of Standards and Technology
director with identifying major information security concerns for agencies
and supporting agencies in information security training and certification.

NIST, OMB and the Homeland Security Department would also collaborate on a
job description for agency chief information security officers within six
months of the bill being enacted.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160922/2cabba04/attachment.html>