Senate bill would help feds detect, block hackers
A bill introduced by two Senate leaders aims to strengthen the government’s cyber defenses in the wake of hacks that have rattled Washington.
Sens. Ron Johnson (R-Wis.) and Tom Carper (D-Del.), the top two lawmakers on the Senate Homeland Security & Governmental Affairs Committee, are backing the Federal Cybersecurity Enhancement Act.
{mosads}The measure would require all agencies to adopt certain cybersecurity best practices, while accelerating the rollout of the government’s anti-hacking shield that detects and repels known cyber threats.
“Congress needs to make bolstering our cyber defenses — and staying ahead of this evolving threat — a top priority,” said Carper. “Making sure our federal agencies have access to the best technology is a critical part of that effort.”
The recent data breach at the Office of Personnel Management spurred the lawmakers to action. The intrusion compromised over 22 million people’s most sensitive data and shed a light on the government’s sluggish approach to bolstering its digital defenses.
“Had the powers of this bill been implemented already, they likely would have stopped the hack of the Office of Personnel Management,” said Johnson, who chairs the committee. “They will make it far more difficult for our adversaries to steal our private data and to penetrate government networks.”
The Federal Cybersecurity Enhancement Act would authorize the Department of Homeland Security’s “Einstein” program. Einstein is the government’s first, and most important, line of defense against potential hackers. The software is designed to discover and stop known malicious actors.
But Einstein cannot catch skilled digital intruders the government has not previously identified, leading to criticisms that the program is outdated before it’s even fully implemented.
The Johnson-Carper bill is trying to address those concerns by giving Einstein its first congressional mandate in over 10 years of existence.
The measure would require an accelerated rollout of the final phase of Einstein. While the first two stages of the program are now government-wide, the third stage only covers 45 percent of federal networks.
This last phase, known as Einstein 3 Accelerated (E3A), is required to block potential digital invaders. Einstein 1 and 2 simply help detect hackers.
DHS Secretary Jeh Johnson has already vowed to implement E3A government-wide by the end of the year, quicker than originally anticipated.
The Johnson-Carper offering would also enhance oversight of Einstein and require that the program integrate leading private-sector technology, an attempt to address the criticisms that Einstein is behind the times.
“Einstein is a valuable tool that can help agencies detect and block cyber threats before they can cause too much harm,” Carper said.
More broadly, the legislation would require all federal agencies to implement several basic cybersecurity measures, such as two-factor authentication and encryption.
In the fallout following the OPM hacks, security specialists were shocked to discover that the pilfered data had not been encrypted and that many network users with high-level access were not using two-factor authentication, which requires a second form of identification on top of a username and password.
These steps are seen as basic cyber hygiene among the security community.
Soon after, the White House ordered all agencies to complete a 30-day “cybersecurity sprint” to rapidly implement these protections.
But Johnson and Carper want to mandate the practice.
Congress must “ensure every agency is equipped with the ever-improving capabilities needed to fend off cyber attacks in the future,” Carper said.
The duo’s bill fits with other recent efforts in the Senate to strengthen the DHS’s legal authority to protect government networks from hackers.
A bipartisan group of six senators last week introduced a bill that would give the DHS the power to deploy tools that search for intrusions on government networks at any agency without a formal request.
There’s a chance that the language from both measures will be offered as amendments to a cybersecurity bill expected to hit the floor either later this week or sometime next week.
That cyber bill, known as the Cybersecurity Information Sharing Act (CISA), would boost the public-private exchange of data on hackers.
With strong bipartisan backing and potential White House support, CISA has a good shot at passing, making it an ideal vehicle for the two DHS-focused bills.
However, a growing coalition of privacy-minded senators is hoping to block or alter the bill. They fear CISA will simply create another venue for intelligence agencies to collect sensitive data on Americans.
Senate Republican leaders are hoping to turn to CISA after completing a highway funding bill, which could be wrapped up by Wednesday.
Copyright 2024 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed..