On Jan. 13th, 2012, Jason Miller reported for Federal News Radio on yet another cybersecurity bill.  That bill is titled the Federal Information Security Management Act (FISMA).  According to the article, FISMA is controversial because the bill might allow DHS to take "any lawful action" against contractors when a contractors system comes under cyberattack.  Some have construed that provision to mean that the government can take over a contractor's system if it contains federal data and comes under cyberattack. 

The Federal News Radio article links to Section 3553 of FISMA, and quotes the following relevant language regarding DHS' power:

"direct officials of agencies that own, operate, lease or otherwise control an information system, including information systems used or operated by another entity, including contractors, on behalf of a federal agency, to take any lawful action with respect to the operation of such information system for the purpose of protecting that information system from or mitigating a cybersecurity threat."

The article notes that cyber-expert James Lewis thinks this is an expansive interpretation.  According to Lewis, it's much more likely that the government would tell contractors to take action on their own systems. 

The source article can be found here.

On Jan. 13th, 2012, Jason Miller reported for Federal News Radio on yet another cybersecurity bill.  That bill is titled the Federal Information Security Management Act (FISMA).  According to the article, FISMA is controversial because the bill might allow DHS to take "any lawful action" against contractors when a contractors system comes under cyberattack.  Some have construed that provision to mean that the government can take over a contractor's system if it contains federal data and comes under cyberattack. 

The Federal News Radio article links to Section 3553 of FISMA, and quotes the following relevant language regarding DHS' power:

"direct officials of agencies that own, operate, lease or otherwise control an information system, including information systems used or operated by another entity, including contractors, on behalf of a federal agency, to take any lawful action with respect to the operation of such information system for the purpose of protecting that information system from or mitigating a cybersecurity threat."

The article notes that cyber-expert James Lewis thinks this is an expansive interpretation.  According to Lewis, it's much more likely that the government would tell contractors to take action on their own systems. 

The source article can be found here.