Ensuring DHS is prepared to fight cyberattacks
Bloomberg Government regularly publishes insights, opinion and best practices from our community of senior leaders and decision-makers. This column is written by Congressman Michael McCaul, Chairman of the House Homeland Security Committee.
Every day, our enemies are waging war against the United States, but those attacks are no longer confined to the physical battlefield in faraway lands. Instead, the constant barrage of cyberattacks from countries such as China, Russia, Iran and North Korea — not to mention cyberterrorists, including ISIS’s cyber caliphate, and hacktivists around the globe — threaten the economic, digital and national security of our Nation.
Just last year, the United States Office of Personnel Management’s (OPM) computer systems were infiltrated by hackers, reportedly from China, aiming to steal the personal information provided for security clearances of more than 21.5 million Americans. According to recent reports, Juniper Networks’ encrypted communications platforms used by the federal government have been infiltrated for up to three years.
However, the federal government isn’t the only entity susceptible to cyberattacks. American businesses are under attack, as dangerous hackers are putting jobs at risk by stealing trade secrets and sensitive information. Retailers such as Target and Home Depot, financial institutions like JP Morgan, and private companies like Sony have all suffered from attacks that led to the theft of personal information and credit cards belonging to millions of Americans.
We live in a world where almost everything is online, from our banking, to our private messages, and even our favorite pizza order. As a country, we must protect the American people and make sure their personal information and their ideas aren’t stolen by those wishing to do our nation harm.
Today’s digital battlefield has many more adversaries that just nation states. Terrorist groups such as ISIS, as well as hacktivists, have become increasingly knowledgeable and experienced at cyber intrusions. They are adept at using encryption technologies to communicate and carry out malicious campaigns, leaving America to play catchup.
These cyber threats aren’t going away and will only grow more prevalent. The security of Americans’ personal information needs to keep pace with the emerging technologies of today. We must, and we will, better combat these threats.
As such, I was adamant that the recently-enacted Cybersecurity Act include key provisions of my legislation H.R. 1731, the National Cybersecurity Protection Advancement Act. With this law, we now have the ability to be more efficient while protecting both our nation’s public and private networks.
With these new cybersecurity authorities signed into law, the Department of Homeland Security (DHS) will become the sole portal for companies to voluntarily share information with the federal government, while preventing the military and NSA from taking on this role in the future.
With this strengthened information-sharing portal, it is critical that we provide incentives to private companies who voluntarily share known cyber threat indicators with DHS. This is why we included liability protections in the new law to ensure all participants are shielded from the reality of unfounded litigation.
While security is vital, privacy must always be a guiding principle. Before companies can share information with the government, the law requires them to review the information and remove any personally identifiable information (PII) unrelated to cyber threats. Furthermore, the law tasks DHS and the Department of Justice (DOJ) to jointly develop the privacy procedures, which will be informed by the robust existing DHS privacy protocols for information sharing.
Enhancing our cybersecurity doesn’t stop with the sharing known cyber threat information; that is just where it begins. We also strengthened our federal cyber networks to ensure DHS has the tools to improve network visibility and to detect and mitigate intrusions and anomalous activity. Additionally, we authorized DHS to execute intrusion detection and prevention capabilities when an imminent cyber threat to a federal agency information system is identified.
We must ensure DHS is adequately prepared to fight off cyberattacks, whether they are coming from a nation-state or a terrorist organization. A stronger “.gov” system will allow DHS to proactively defend federal networks against cyber-attacks and prevent another OPM breach from compromising national security.
With the passage of these new cybersecurity protections, I am confident that the government and private sector will better work together to secure the intellectual property and personal information of Americans. We are taking all the necessary steps for the federal government to more effectively identify and thwart cyber-attacks that endanger our national security and puts American jobs at risk. We are safeguarding our citizen’s personal information while protecting this great nation of ours from the ever evolving cyber-threats we face.
Given DHS’ clearly defined lead role for cyber information sharing in the Cybersecurity Act of 2015, my Committee and others will hold regular oversight hearings to make certain there is effective implementation of these authorities and to ensure American’s privacy and civil liberties are properly protected. This year I will also lead efforts to strengthen our cyber posture by bolstering our State and local cyber defenses, providing incentives to private entities to more effectively manage cyber risks, and improving how we conduct cyber investigations in the digital age.
We are in a new age which affords us new opportunities and vulnerabilities. I will strive to work with the other leaders in Congress to best secure digital America.
Article originally appeared on Bloomberg Government, here.