Last week’s news that the U.S. Office of Personnel Management had been hacked, resulting in the exposure of millions of current and former federal employees prompted quick calls for stricter cybersecurity in the government sphere – but Congress continues to argue on which direction it should follow.
Immediately upon announcement of the OPM breach, sources attributed it to Chinese hackers, although the White House and the FBI have yet to formally attribute the attacks – which were discovered in April 2015 after occurring for several months – to any specific group. News reports indicated that the attack encompassed a much broader range of information and individuals than previously reported, with speculation that hackers could have accessed information that would jeopardize the ability of U.S. intelligence officers to do their jobs — however, OPM and the White House have not confirmed any of these reports.
“[T]he threat that we face from our adversaries is a persistent one. And anytime we’re talking about any kind of activity in cyberspace, we’re talking about activity that is frequently and regularly evolving,” said White House press secretary Josh Earnest in a press briefing this week. “And we have seen our adversaries use innovative techniques and to learn from their previous efforts to try to find vulnerabilities in our system and to exploit them. And that means that our defenses, and those who are responsible for protecting these systems, need to be vigilant about constantly updating and reviewing our security measures to make sure that our computer systems and the data that they hold are safe.”
President Barack Obama, speaking at the G-7 Summit, cited “very old systems” as the reason for the successful hack and urged Congress to move forward on cybersecurity legislation
“We haven’t publicly unveiled who we think may have engaged in these cyber-attacks — but I can tell you that we have known for a long time that there are significant vulnerabilities and that these vulnerabilities are going to accelerate as time goes by, both in systems within government and within the private sector. This is why it’s so important that Congress moves forward on passing cyber legislation — cybersecurity legislation that we’ve been pushing for; why, over the last several years, I’ve been standing up new mechanisms inside of government for us to investigate what happens and to start finding more effective solutions,” said the president.
For some lawmakers, the hacking represented a chance to criticize the Obama Administration, with Sen. Mitch McConnell (R-Ky.) commenting, “I think a lot of people were shocked to hear that the Obama Administration was unable to prevent the information of 4 million Americans from being compromised by hackers. Officials in the White House now owe it to every American to let Congress help them get out of the past and up to speed with the cybersecurity realities of the 21st Century.
McConnell sought to tie a cybersecurity bill that would allow the sharing of threat information to the National Defense Authorization Act currently being considered on the Senate floor. The measure failed to pass this week, with significant pushback against McConnell’s portrayal of the cybersecurity amendment as a response to the federal cyber attack.
McConnell noted in a statement on the cyber bill, “That hasn’t stopped some Democrat leaders from thinking they should try to score political points by taking down a bipartisan measure to combat cyberattacks.”
In the U.S. House of Representatives, one lawmaker, Joe Wilson of South Carolina, called for more study of the issue and emphasized the offensive nature of cyber attacks.
“Cyber is a new domain of warfare. These cyberattacks are a sober reminder that Congress, and all government agencies, need to work together to better protect public and private networks. The complicated nature of cyber defense means we need a clear standard of measurement for assessing the damage of attacks to our citizens and affected systems,” he said.