Error message

Hatch in Medium: Defending our Nation Against Cyberthreats

Saturday, November 14, 2015 - 9:30am
Senator Orrin Hatch

Defending our Nation Against Cyberthreats

By Senator Orrin G. Hatch

https://medium.com/@SenOrrinHatch/defending-our-nation-against-cyberthreats-ef02aff8ef03

 

An alarming surge in cyberattacks is costing American taxpayers and businesses hundreds of billions of dollars every year. Glaring vulnerabilities in our cybersecurity infrastructure have even resulted in high-profile breaches at large corporations, including Target, Home Depot, Sony, and others. Sadly, the proliferation of cyberthreats shows no sign of abating. Unless Congress acts to strengthen our defenses, the future of our economy and our national security is in danger. 

 

This year alone, we have witnessed a staggering number of cyberattacks against our nation. In February, Chinese hackers breached the records of Anthem Blue Cross/Blue Shield, stealing the personally identifiable information of nearly 80 million customers. In the early summer, Chinese cybercriminals also hacked United Airlines, compromising manifest data that detailed the movement of millions more.

 

By far the most devastating cyberattack this year was against the United States Office of Personnel Management. Considered the worst cyber-intrusion ever perpetrated against the U.S. government, the OPM data breach affected about 21.5 million federal employees and contractors. Hackers successfully penetrated OPM firewalls to access the sensitive personal information of individual Americans, including security clearance files, social security numbers, and information about employees’ contacts and families. In this unprecedented attack, China was again the suspected culprit.  

 

When Chinese President Xi Jinping visited Washington last month, he and President Obama reached an agreement that their respective governments would not “conduct or knowingly support” cybertheft of intellectual property or commercial trade secrets. Many national security experts—including Director of National Intelligence James Clapper—immediately expressed pessimism about China’s willingness to uphold its end of the deal. I add my skepticism to the growing chorus of lawmakers, military leaders, and intelligence community personnel who doubt the sincerity of this agreement.

 

I also join policymakers in their concerns regarding cyberthreats from nations other than China. Many investigators believe that Russia, North Korea, Iran, and several other countries have launched their own cyber-offenses against the United States. These attacks are increasing, both in number and in severity.

 

Just last April, Russian hackers accessed White House networks containing sensitive information, including emails sent and received by the President. Only a few months later, a Russian spear phishing attack shut down the Joint Chiefs of Staff email system for 11 days.

 

Many hackers hide behind the anonymity of the Internet, including the cybercriminals who breached IRS servers last May to gain access to 330,000 American taxpayers’ tax returns.  That same month, a fraudulent stock trader manipulated U.S. markets, costing the stock exchange an estimated $1 trillion in just 36 minutes.

 

Just one month ago, hackers stole the personal data of 15 million T-Mobile customers by breaching Experian—the company that processes credit checks for prospective users.  This stolen data includes names, birthdates, addresses, social security numbers, and credit card information. 

 

We must act now to prevent cybercriminals from launching even more damaging attacks. Many commentators have expressed disappointment in the President’s inability to protect our federal computer systems from cyber-intrusions and to hold hackers accountable for their actions.  Our lack of effective cybersecurity policies and procedures threatens the safety of the American people, the strength of our national defense, and the future of our economy.   

 

Congress must be more vigilant in reinforcing our cyber-infrastructure to protect our nation against these attacks. Lawmakers can build a stronger cyber-defense by creating severe deterrents for those who commit these crimes. Our adversaries should know that they will suffer dire consequences if they attack the United States. 

 

That’s why I support the objectives outlined in the bipartisan Cybersecurity Information Sharing Act (CISA). This legislation incentivizes and authorizes private sector companies to voluntarily share cyberthreat information to detect and prevent future cyberattacks. CISA also includes provisions to protect individual privacy by preventing a user’s personally identifiable information from being shared with government agencies.  

 

In light of recent revelations highlighting the federal government’s inability to protect and secure classified data and other sensitive information, I recently introduced the bipartisan Federal Computer Security Act a version of which was included in the Senate's recently passed CISA legislation.

 

My bill shines light on whether our federal government is using the most up-to-date cybersecurity practices and software to protect federal computer systems and databases from hackers. Specifically, it requires federal agency Inspectors General to report to Congress on the security practices used to safeguard classified and personally identifiable information on federal computer systems. These reports will guide Congress in helping prevent future large-scale data breaches and blocking unauthorized users from accessing classified and sensitive information.

 

The future of our nation’s cybersecurity starts with the federal government practicing good cyber-hygiene. In strengthening our security infrastructure, the federal government should be accountable to the American people—especially when cyberattacks affect millions of taxpayers.

 

My legislation and the broader CISA bill represent a crucial first step in protecting our nation’s vulnerable infrastructure from the devastating impacts of cyberattacks. I will not rest until the federal government takes adequate measures to protect and secure America’s presence in cyberspace.