SPONSORED:

Senate chairmen: White House not complying with security laws

Senate chairmen: White House not complying with security laws
© Getty Images

Two Senate committee chairmen are concerned the White House is not complying with basic cybersecurity reporting laws.

“Recently, we learned that the [Executive Office of the President] has not submitted an annual information security review of its own systems to the Office of Management and Budget (OMB) or to the appropriate congressional committees for at least the last three years,” said Sens. Ron JohnsonRonald (Ron) Harold JohnsonSunday shows preview: Coronavirus dominates as White House continues to push vaccination effort Overnight Health Care: WHO-backed Covax gets a boost from Moderna Vaccine hesitancy among lawmakers slows return to normalcy on Capitol Hill MORE (R-Wis.) and John ThuneJohn Randolph ThuneGOP braces for wild week with momentous vote Cheney fight stokes cries of GOP double standard for women Trump muddles Republican messaging on Afghanistan MORE (R-S.D.), in a letter to the White House.

ADVERTISEMENT

The OMB, they added, has not received such a review since fiscal 2008.

Johnson heads the Senate Homeland Security and Governmental Affairs Committee, while Thune oversees the Senate Commerce Committee. Both panels play a central role in ensuring compliance with the Financial Information Security Modernization Act (FISMA), originally passed in 2002 and updated last year.

The senators wrote in a letter, dated June 22 but never publicly released, that FISMA requires “all agencies, even agencies with sensitive information operating national security systems, must comply with the requirement to report on information security performance.”

Johnson has become more vocal about the Obama administration’s lack of security reporting in the wake of a massive data breach at the Office of Personnel Management (OPM), which has likely laid bare data for more than 18 million people.

“What is happening within the federal government IT systems is serious, and I’m highly concerned this administration isn’t really complying with things like the FISMA law, is not seriously taking a look at their security measures,” Johnson told The Hill in mid-June, roughly a week after the OPM first revealed the breach. 

White House network security has also come under intense scrutiny after it was revealed that suspected Russian hackers infiltrated unclassified systems in the fall, gaining access to information, such as President Obama’s private schedule.

In their letter, Johnson and Thune asked the White House to submit a security report by July 13.

“As cybersecurity risks and threats to agencies grow and evolve,” they said, “Congress and OMB must be able to assess the effectiveness of agencies’ security efforts through required compliance reviews and reports.”