U.S. lawmakers have unveiled bipartisan legislation to prevent another massive hack of federal computers like the recent breach that stole the personal data of more than 21 former and current million American civil servants, making them vulnerable to identity theft and other crimes.
Some also are urging the Obama administration to publicly name the origin of such attacks, which are widely suspected to involve China.
Speaking at a news conference at the Capitol, Republican Senator Susan Collins said the cyber breach at the Office of Personnel Management “underscores the extraordinary vulnerability of computer networks in our federal civilian agencies.”
“Cyberattacks present one of the most critical national economic threats to our nation,” said Democratic Senator Mark Warner. “What the OPM hack showed is that this threat goes well beyond the private sector.”
Collins, Warner and other senators are introducing a bill that would boost the Department of Homeland Security’s authority to keep tabs on computer systems in a multitude of civilian federal agencies, ensure adoption of cyber security measures and monitor for breaches.
“The alternative to giving these authorities to DHS is essentially to continue the completely unacceptable status quo, in which each agency either competently or incompetently, monitors its own networks and only requests assistance from DHS if it sees fit to do so,” Collins said.
No easy fix
While stressing the need for change, Collins admitted that “no one law” can keep federal networks safe.
Warner agreed.
“It’s not like you fix one hack and then you can say, ‘We’re safe forever.’ The hackers change their techniques,” he said.
The OPM hack is under investigation. So far, the Obama administration has named no culprits. That should change, according to some lawmakers.
“I think there is a lot of deterrence value in showing that you know who the adversary is. If there is no penalty, not even public identification of the perpetrator of the cyberattack, it seems to me it only encourages future cyberattacks from the same actors,” Collins said.
“It would be important for the president to be very direct with the Chinese publicly about this,” added Republican Senator Kelly Ayotte.
The Washington Post newspaper quotes unnamed senior U.S. officials as saying the administration has chosen “not to make any official assertions about attribution at this point” – but that options are being considered and private communication between Washington and Beijing has not been ruled out.
Senator Collins said she hoped Congress will address cyber security either before or after lawmakers’ annual August recess.