Publication / DecodeDC/ Scripps
July 3, 2014
View Article

Lawmakers agree there’s a cyber threat, but are divided on how to fix it

At least 17 bills are pending in Congress

WASHINGTON, D.C. – Forget about identity theft, cyber attacks on the U.S. government could put your life at risk.

Despite a growing number of cyber attacks against the United States, the government apparently is still unequipped to ward-off attacks — and Congress remains divided on how to fix it.

The last time Congress passed major cyber security legislation was 12 years ago. Five bills passed in 2002 that addressed potential cyber threats, including the act that established the Department of Homeland Security.

Since then, computers at some of the government’s most essential institutions have been hacked, including the Pentagon, NASA and the Department of Defense.

[Podcast: Protecting the nation’s critical infrastructure]

The hackers, mostly from Russia and countries in Asia, often use spyware and viruses to gain access to classified documents, personal data and critical infrastructure, which includes the nation’s oil rigs, shipping ports and electrical grids.

A 2013 report by the Industrial Control Systems Cyber Emergency Response Team found attacks against America’s power, water and nuclear systems are growing at an alarming rate. The number of “brute force” cyber attacks between October 2012 and May 2013 surpassed the number of attacks reported in all of its 2012 fiscal year. More than half of the cyber warfare was against the energy sector.

Today there are more than 17 bills pending in Congress that deal specifically with cyber security. But if you’re looking for an overall theme, you will be at a loss. The bills’ objectives vary tremendously.

Some focus on directing an agency to develop guidelines to amp-up security. Others deal specifically with cyber security education, research and development. And then there’s the few that target something different altogether, such as the Cyber Warrior Act, which would send a team of National Guard members to every state to protect important electronic systems in person in case of a physical attack.

No one party leads the pack on cyber security legislation. Of the 17 bills we counted, six were introduced by Republicans and 11 by Democrats and most have some bipartisan support.

Yet the problem facing legislators is not a lack of understanding that something must be done, it’s the absence of cohesion on how to go about it.

Of the cyber security bills we looked at, eight mandate a specific government agency to develop a plan or report on the current issues surrounding security in the government as a whole. But here’s the kicker: Almost every bill assigns the job to a different agency.  Choices include the Department of Homeland Security, the Department of Commerce, the National Institute of Standards and Technology, and the Office of Management and Budget.

One of the bills proposes creating a new department entirely. It would sit within the Executive Office of the President and would be called The National Office for Cyberspace.

Only three of the 17 bills have accrued more than 10 co-sponsors in the House. One of those bills, the Cyber Warrior Act, has a companion bill in the Senate, where it has nine co-sponsors.

The most successful of the trio, which has 37 co-sponsors, is the Cyber Intelligence Sharing and Protection Act. It is an amendment to the National Security Act of 1947, and would require all agencies threatened by cyber-attacks to notify the DHS.

Even though the federal government hasn’t enacted a blanket cyber security law, members of Congress have worked to fill holes in the critical infrastructure through amendments and other legislative packages.

According to a 2013 Congressional Research Service report there are more than 50 U.S. statutes that either directly or indirectly address various aspects of cyber security, “but there is no overarching framework legislation in place.”

Nevertheless, cyber security legislation continues to be a priority for a select few in Congress.

At the end of June, Sens. Tom Carper, D-Del., and Tom Coburn, R-Okla., introduced two bills that would respectively give the government the ability to share cyber hacking data with the private sector and better delineate roles in the OMB and DHS for handling data breaches.

“Cybersecurity is one of our nation’s biggest challenges,” said Sen. Carper in a statement. “That’s why it’s imperative that we face this 21st century threat with a 21st century response. While our work in this area is far from finished, these bills are an important step in our effort to modernize our nation’s cyber security programs and help the public and private sectors work together to tackle cyber threats more effectively in the future.”