When it comes to protection of critical US computers and networks, and the data they contain, the government isn’t doing enough, leading to the legislation that will give the Department of Homeland Security and its partners more power to keep systems safe.
A new US congressional committee report was released Tuesday, entitled “The Federal Government’s Track Record on Cybersecurity and Critical Infrastructure”, prepared by Oklahoma Senator Tom Coburn and the Homeland Security and Governmental Affairs Committee. Sen. Coburn sums up the threat in a statement: “Weaknesses in the federal government’s own cybersecurity have put at risk the electrical grid, our financial markets, our emergency response systems and our citizens’ personal information.”
This week, the House Homeland Security Committee voted unanimously in favor of a bill that would amend the Homeland Security Act of 2002 to give the DHS its private cybersecurity partners more power to prevent federal government and critical infrastructure networks. But this additional power, proponents say, is balanced by codification of responsibilities to ensure it doesn’t infringe on Americans’ civil liberties.
Patrick Meehan, chairman of the House Homeland Security Committee Subcommittee on Cybersecurity, said in a statement, “It’s only a matter of time before our power grids or financial networks are the latest victims of hackers.”
Congress’ Track Record report compiles the results of more than 40 department audits, investigations and reviews, including many severe vulnerabilities.
For instance, the Nuclear Regulatory Commission stored sensitive cybersecurity details for nuclear plants on an unprotected shared drive, making them more vulnerable to hackers and cyberthieves. Internal Revenue Service computers were been found to have literally thousands of serious vulnerabilities because critical software patches have not been installed. And in 2012, the Securities and Exchange Commission mishandled and potentially exposed critically sensitive information, including diagrams of how to hack into trading exchanges.
The Congressional report notes, however, that simple fixes like using stronger passwords, and applying patches and updates in a timely manner, would be enough to fix many of these critical vulnerabilities.
“Weaknesses in the federal government’s own cybersecurity have put at risk the electrical grid, our financial markets, our emergency response systems and our citizens’ personal information,” Sen. Coburn said.
In many cases, vulnerabilities in government systems put private enterprises and individuals at risk, but some worry that legislation could give government agencies overarching power over the security of private organizations, which seems like a mistake given its track record.