Senators urge White House to speed cyber policy updates

Leaders of the Senate Homeland Security Committee on Wednesday pressed the Obama administration to speed the update of a 15-year-old guidance they say is hampering agencies from catching hackers.

The guidance in question, known as Circular A-130, directs agencies on how to secure their information technology.

ADVERTISEMENT
First issued in the 1980s, this document has not been revised in more than 15 years despite drastic changes in technology and the cyber threats facing the government, said committee Chairman Ron JohnsonRonald (Ron) Harold JohnsonDems to challenge Kavanaugh for White House records To solve the southern border crisis, look past the border GOP senator on revoking security clearances: 'I don't want to see this become routine' MORE (R-Wis.) and ranking member Tom CarperThomas (Tom) Richard CarperSenate panel spars with Trump administration over treatment of unaccompanied immigrant children Senate study: Trump hasn’t provided adequate support to detained migrant children Overnight Energy: Trump elephant trophy tweets blindsided staff | Execs of chemical plant that exploded during hurricane indicted | Interior to reverse pesticide ban at wildlife refuges MORE (D-Del.).

A 2014 law directed the Office of Management and Budget (OMB) to update the document by December of 2015, but Johnson and Carper say the government is behind schedule.

“We appreciate OMB’s work to update Circular A-130, but also emphasize the importance of completing this revision in a timely manner,”  the two senators wrote in their letter to the OMB head, Shaun DonovanShaun L. S. DonovanHouse Dems call on OMB to analyze Senate budget plan Overnight Finance: Dems turn up heat on Wells Fargo | New rules for prepaid cards | Justices dig into insider trading law GOP reps warn Obama against quickly finalizing tax rules MORE. “We request that you provide us with a date by which you plan to issue revisions to Circular A-130.”

The lawmakers also asked for a staff briefing on the status of the updates within 30 days.

Revising the outdated guidance is part of the government’s broader efforts to get its cyber house in order.

In late 2014, Congress pushed through a series of small-bore bills that delineated cyber powers among the agencies. One of those measures, the Federal Information Security Modernization Act, directed the administration to update Circular A-130.

Then in December, Congress approved a wide ranging cyber bill that also mandated certain digital security standards while accelerating the rollout of the government’s anti-hacking shield that detects and repels known cyber threats.