Sens. Ron Johnson, R-Wis., and Tom Carper, D-Del., sent a letter to Office of Management and Budget Director Shaun Donovan on Tuesday to voice their frustrations about the White House’s planned update to federal cybersecurity policy, according to a Nextgov report.
The senators say the lack of a new policy is preventing federal agencies from moving to automated systems that can better protect federal networks from cybersecurity threats.
The existing federal cybersecurity policy was created in 2000 and the threat landscape has evolved significantly since then.
The current policy requires agencies to audit security controls of major systems and applications "at least once every three years." But the senators say the current policy produces huge amounts of paperwork and provides little confidence that agencies are protected.
OMB did release a draft rewrite of the policy in October. But since then, the White House has fallen behind and isn’t keeping lawmakers in the loop, Johnson and Carper said. Lawmakers wanted the update completed by last December.
An OMB official told Nextgov that it was overwhelmed with public comments received since last October and that it is "working vigorously to ensure that public feedback informs any ultimate policy."
A report released earlier this month by security risk benchmarking startup SecurityScorecard found U.S. federal, state and local government agencies rank lowest in cybersecurity when compared to the private sector.
In an effort to turn cybersecurity practices around, President Barack Obama requested $19 billion for federal cybersecurity initiatives in 2017 federal budget, including a new cybersecurity panel with officials from across industries.