How Tom Carper Sees FISMA Bill PassingSenator Describes Building Trust with Republican Counterpart
Sen. Tom Carper, the Delaware Democrat who chairs the Senate Homeland Security and Governmental Affairs Committee, says it's taken him some time to build trust with the ranking member of the panel, Tom Coburn, R-Okla., and for them to produce a series of cybersecurity bills now before the full Senate.
"If I had been a better chairman of Homeland Security in, maybe, my first year, and had a chance to work even more closely with Dr. Coburn in my first year, I think we would have made more progress," Carper says in an interview with Information Security Media Group. "I think I've gotten to be a better chairman. I hope I'm better."
Battling the dysfunction that permeates Congress - where cooperation between Democrats and Republican is rare - Carper points to his relationship with Coburn, who's a physician, to prove that lawmakers with different political views can reach compromise on critical legislation.
"The relationship I built with Dr. Coburn is just a really, good strong one, a friendship and a trusting relationship," he says. "Those things take some time."
When the 113th Congress convened in January 2013, Carper become the committee's chairman with the retirement of the panel's previous head, Joe Lieberman, an Independent Democrat from Connecticut. Carper is one of Congress' biggest proponents of legislation to reform the Federal Information Security Management Act, or FISMA, the law that governs federal government cybersecurity, and sponsored measures to do just that in the 111th and 112th Congresses. FISMA reform is one of the three bills Carper has worked on with Coburn in the current Congress as well.
FISMA reform, known as the Federal Information Security Modernization Act in the Senate, passed Carper's committee in June but has yet to be scheduled for a vote by the entire Senate (see FISMA Reform Heads to Senate Floor). The similarly named Federal Information Security Amendments Act of 2013 was passed in the House of Representatives last year (see FISMA Reform Passes House on 416-0 Vote).
DHS as Cybersecurity Leader
A major obstacle to FISMA reform passage is differing views among lawmakers on the role the Department of Homeland Security should perform in overseeing federal civilian agencies' implementation of IT security. Federal law gives the White House Office of Management and Budget authority over civilian agencies' IT security, but the Obama administration has shifted some of that authority to DHS, raising the objections of some lawmakers, including Sen. John McCain, R-Ariz., who believe that DHS isn't up to the task. The Carper-Coburn FISMA reform measure would codify the administration's action, giving greater sway to DHS, as the administration instituted. FISMA reform that passed the House of Representatives, which also had bipartisan support, does not give DHS any additional authorities over civilian cybersecurity.
In explaining his support for granting DHS more clout over government cybersecurity, Carper points out that OMB has only a handful of staffers to oversee government IT security, whereas DHS has hundreds of employees with IT security skills. Carper, a former Navy officer, submits a nautical analogy to make his case:
"Who should be responsible for steering the boat, the boat being, if you will, cybersecurity policy for the federal government, and who should be responsible for rowing the boat? I believe OMB should be responsible for steering the boat and to delegate to the Department of Homeland Security a lot of the responsibility for rowing the boat, for doing the actual work with federal agencies."
Carper has a history of being optimistic about chances of FISMA reform passage (see FISMA Reform Outlined: Sen. Tom Carper), and believes he has a persuasive argument that will lead to the Senate bill's enactment in the current Congress.
Other Cybersecurity Observations
In the interview, Carper also discusses:
- Breaches of banks and credit card payment processing companies, which are big business in his home state of Delaware;
- His frustration with congressional dysfunction; and
- How he, as one of Congress' more knowledgeable members on cybersecurity, approaches his personal IT security and privacy.
Carper began his political career in 1976 when he was elected Delaware state treasurer, a job he held until his election to the House of Representatives in 1982. Ten years later, Delaware voters elected him governor, a post he held for eight years. He was elected to the Senate in 2000 and re-elected in 2006 and 2012. Before he first ran for office, Carper served five years as a naval flight officer, including three tours in Southeast Asia during the Vietnam War. He continued to serve for 23 more years in the Naval Reserve as a P-3 aircraft mission commander, retiring with the rank of captain in 1991.