Dem: Agencies ‘whistling through the graveyard’ on data breaches
Rep. Stephen Lynch (D-Mass.) on Wednesday threatened legislation to force federal agencies like the U.S. Postal Service (USPS) to respond more quickly to data breaches, warning they appear to be “whistling through the graveyard.”
“We’ve got to figure something out,” he said. “Maybe it’s legislatively we need to mandate this.”
{mosads}Lynch’s comments came as lawmakers dressed down postal official Randy Miskanic for waiting nearly two months to notify 800,000 employees of a hack that exposed personal information, including their Social Security numbers.
“I’m concerned about how long it took the Postal Service to act,” said Rep. Blake Farenthold (R-Texas), the chairman of the subcommittee on the post office.
Miskanic, the Postal Service’s vice president of secure digital solutions, defended the agency’s actions.
While the agency originally had evidence of a cyberattack on Sept. 11, it wasn’t until mid-October that the Postal Service pieced together what information might have been taken. After the agency built and implemented a defense plan the first week of November, it notified employees almost immediately, Miskanic said.
“It was necessary to understand the scope of the intrusion to properly mitigate it,” he said.
If the attackers had known USPS was investigating, they might have covered their tracks or embedded themselves even further, which officials worried “could impact our ability to deliver mail,” Miskanic added.
Lynch wasn’t buying that argument.
“The Secret Squirrel stuff,” Lynch replied, referring to the 1960s animated squirrel detective, “that doesn’t fly.”
Lynch said employees at USPS should have been notified the instant officials knew critical information like Social Security numbers had been revealed.
“If we’ve got to do something legislatively to make sure you cough up this information,” we will, Lynch said. “I am very, very disappointed in the way you handled this.”
The Postal Service hack is just part of the slew of recent breaches at federal agencies ranging from the White House to the State Department to the National Oceanic and Atmospheric Administration.
Russian and Chinese cyber thieves are suspected in the offensives, though the government has declined to point fingers in public.
“I’m just concerned about a perverse incentive here that if there’s no negative consequences for what just happened, it’s going to happen again,” Lynch said. “I think we’re whistling through the graveyard here and we’re not taking it seriously enough. Tell me I’m wrong.”
“I can assure you that we will improve our systems in the future,” Miskanic replied.
Copyright 2024 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed..