WASHINGTON – U.S. Senators Ben Cardin and Barbara A. Mikulski (both D-Md.) today announced that they have introduced two amendments to the Cybersecurity Information Sharing Act (CISA) to improve the security of federal cyber systems and expand protections for federal employees affected by recent data breaches at the Office of Personnel Management (OPM). CISA is currently being debated on the Senate floor. Without these amendments, CISA does not do enough to protect federal employees whose data has been exposed in OPM data breaches or to accelerate the protection of OPM data.
“The breach of OPM’s personnel records affects a staggering number of individuals – public servants – who trusted the Federal Government to safeguard their most personal information. They and their families now face greater risk of having their lives turned upside down by whoever stole this critical information,” said Senator Cardin. “We need to plug the holes in the federal network immediately and make sure all those who have been violated are held harmless from any damage that could be done.”
“OPM’s latest data breaches compromised the personal data of at least 22 million men and women working in government, serving in the military or working as contractors. They are federal employees, retirees, their families and applicants for jobs that require background checks,” Senator Mikulski said. “Very sensitive information has been stolen – social security numbers, financial data, fingerprints, mental health status and work histories. It’s as outrageous and unacceptable as it is devastating. And it’s permanent. Their vulnerability will not dissipate over time. I will not rest until we get the best protection possible for every person affected and our cyber shields are up and effective.”
The first amendment Senators Cardin and Mikulski have introduced will provide OPM with an additional $37 million to accelerate the completion of scheduled improvements to network systems and IT infrastructure one year ahead of schedule.
“OPM’s retirement services and background investigation databases contain the most sensitive data OPM holds,” Senator Mikulski said. “Securing these systems must be done now. We can’t wait for the next budget cycle. This is a crisis and must be treated like a crisis.”
Their second amendment to the cybersecurity legislation would provide federal employees whose personal information may have been compromised in the federal data breaches with greater protection. It provides for lifetime credit-monitoring services, ID theft protection and restoration, and $5 million in liability protection for related damages for individuals affected by either or both of the data breaches. This adjustment to what OPM has previously offered more adequately addresses the egregious nature of this federal cyberattack. This amendment mirrors the Reducing the Effects of the Cyberattack on OPM Victims Emergency Response Act of 2015 (RECOVER Act) introduced in July by Senator Cardin and cosponsored by Senator Mikulski as well as Senators Mark Warner and Tim Kaine (both D-Va.) along with Tammy Baldwin (D-Wis.) and Tom Udall (D-N.M.).
“Off-the-shelf solutions are not good enough to protect the individuals jeopardized because the Federal Government’s systems were inadequately protected,” Senator Cardin added. “We have a responsibility to protect all of the people who have been put at risk by these incidents.”
Introducing these amendments to the cybersecurity legislation currently being debated by the Senate builds upon Senator Mikulski’s recent action as Vice Chairwoman of the Senate Appropriations Committee to include cyber protections for federal employees in the fiscal year (FY) 2016 Financial Services and General Government Appropriations bill.
OPM is the Federal Government’s chief hiring agency and is responsible for conducting most federal background investigations. OPM’s retirement services system and the background investigation system contain some of the most sensitive data OPM holds, making the need to security these systems a top priority. Recently disclosed data breaches involving confidential personnel data of 4.2 million individuals as well as background investigation records of 21.1 million people could compromise both national security as well as the personal security of millions of federal employees.
Maryland is home to the headquarters of 20 major federal agencies, from the Social Security Administration to the Food and Drug Administration (FDA). More than 300,000 federal employees and retirees live and work in Maryland, serving the nation and serving the world.