Reps. James R. Walkinshaw, D-Va., and Don Bacon, R-Neb., on June 25 introduced bipartisan legislation that would require the Department of Homeland Security (DHS) to report to Congress on gaps preventing the agency from fully meeting federal cybersecurity event logging requirements.
The Cybersecurity Logging Enforcement and Accountability Reporting (CLEAR) Act would require DHS to submit a report within 180 days identifying specific gaps in resources, guidance, and policies that prevent the department from meeting all federal cybersecurity event logging requirements, and what is needed to close those gaps, according to the lawmakers.
The bill also would require DHS to brief relevant congressional committees and publish an unclassified summary for the public.
Event logging tracks activity across an agency’s networks and systems. Without comprehensive logging, agencies can miss intrusions, lose critical data needed to investigate cyber incidents, and fail to respond to threats in time, Walkinshaw’s office noted.
“DHS is supposed to be the tip of the spear on federal cybersecurity. That means meeting its own cybersecurity requirements, not just setting standards for others,” Walkinshaw said. “This bill is simple: show Congress what’s broken, what resources are missing, and what it will take to fix it. When federal networks are under attack, DHS cannot afford blind spots.”
According to a December 2023 report from the Government Accountability Office, DHS and other federal agencies had not fully implemented event logging requirements mandated under Executive Order 14028 and Office of Management and Budget directives.
Bacon said the bill would help Congress provide oversight of DHS cybersecurity. “The CLEAR Act will give Congress the insight needed to ensure DHS is fully implementing federal event logging standards, closing compliance gaps, and protecting some of our nation’s most critical systems,” Bacon said.
The bill is endorsed by the Information Technology Industry Council (ITI).
As cyber threats targeting federal agencies continue to grow and become more sophisticated, it is crucial to have the “proper tools and effective processes in place for those threats to be quickly mitigated and thwarted before an incident evolves,” said Jason Oxman, ITI president and CEO.
“[The] CLEAR Act helps ensure the Department of Homeland Security has a clear understanding of where gaps exist so it can strengthen U.S. cyber defenses and better protect U.S. critical infrastructure and American communities,” Oxman said.