WASHINGTON — After major breaches at Office of Personnel Management, the Internal Revenue Service and even the White House made Americans’ personal information vulnerable to hackers, Sen. Orrin Hatch wants to take action to shore up government vulnerabilities.
A surge in cyberattacks is costing American taxpayers and businesses hundreds of billions of dollars every year. Vulnerabilities in cybersecurity infrastructure have resulted in high-profile breaches at large corporations, including Target, Home Depot, Sony and others.
“Sadly, the proliferation of cyberthreats shows no sign of abating,” Hatch said. “Unless Congress acts to strengthen our defenses, the future of our economy and our national security is in danger.”
In February, Chinese hackers breached the records of Anthem Blue Cross/Blue Shield, stealing the personally identifiable information of nearly 80 million customers. In the early summer, Chinese cybercriminals also hacked United Airlines, compromising manifest data that detailed the movement of millions more.
By far the most devastating cyberattack this year, Hatch said, was against the United States OPM. Considered the worst cyberintrusion ever perpetrated against the U.S. government, the OPM data breach affected about 21.5 million federal employees and contractors.
Hackers successfully penetrated OPM firewalls to access the sensitive personal information of individual Americans, including security clearance files, Social Security numbers and information about employees’ contacts and families.
In this unprecedented attack, China was again the suspected culprit. When Chinese President Xi Jinping visited Washington, D.C., in September, he and President Obama reached an agreement that their respective governments would not “conduct or knowingly support” cybertheft of intellectual property or commercial trade secrets.
Many national security experts — including Director of National Intelligence James Clapper — immediately expressed pessimism about China’s willingness to uphold its end of the deal.
Hatch added his skepticism to the growing chorus of lawmakers, military leaders and intelligence community personnel who doubt the sincerity of this agreement.
“I also join policymakers in their concerns regarding cyberthreats from nations other than China,” Hatch said. “Many investigators believe that Russia, North Korea, Iran and several other countries have launched their own cyberoffenses against the United States. These attacks are increasing, both in number and in severity.”
In April, Russian hackers accessed White House networks containing sensitive information, including emails sent and received by the president. A few months later, a Russian spear phishing attack shut down the Joint Chiefs of Staff email system for 11 days.
Many hackers hide behind the anonymity of the Internet, including the cybercriminals who breached IRS servers last May to gain access to 330,000 American taxpayers’ tax returns. That same month, a fraudulent stock trader manipulated U.S. markets, costing the stock exchange an estimated $1 trillion in just 36 minutes.
Just one month ago, hackers stole the personal data of 15 million T-Mobile customers by breaching Experian, the company that processes credit checks for prospective users. This stolen data includes names, birthdates, addresses, Social Security numbers and credit card information.
“We must act now to prevent cybercriminals from launching even more damaging attacks,” Hatch said. “Many commentators have expressed disappointment in the president’s inability to protect our federal computer systems from cyberintrusions and to hold hackers accountable for their actions. Our lack of effective cybersecurity policies and procedures threatens the safety of the American people, the strength of our national defense and the future of our economy.”
Hatch said he believes Congress must be more vigilant in reinforcing our cyberinfrastructure to protect our nation against these attacks. Lawmakers can build a stronger cyberdefense by creating severe deterrents for those who commit these crimes.
“Our adversaries should know that they will suffer dire consequences if they attack the United States,” Hatch said.
This is why Hatch supports the objectives outlined in the bipartisan Cybersecurity Information Sharing Act. This legislation incentivizes and authorizes private sector companies to voluntarily share cyberthreat information to detect and prevent future cyberattacks. CISA also includes provisions to protect individual privacy by preventing a user’s personally identifiable information from being shared with government agencies.
In light of recent revelations highlighting the federal government’s inability to protect and secure classified data and other sensitive information, Hatch recently introduced the bipartisan Federal Computer Security Act, a version of which was included in the Senate’s recently passed CISA legislation.
“My bill shines light on whether our federal government is using the most up-to-date cybersecurity practices and software to protect federal computer systems and databases from hackers,” Hatch said. “Specifically, it requires federal agency inspectors general to report to Congress on the security practices used to safeguard classified and personally identifiable information on federal computer systems.”
These reports will guide Congress in helping prevent future large-scale data breaches and blocking unauthorized users from accessing classified and sensitive information.
The future of our nation’s cybersecurity starts with the federal government practicing good cyberhygiene, Hatch said. In strengthening our security infrastructure, the federal government should be accountable to the American people — especially when cyberattacks affect millions of taxpayers.
“My legislation and the broader CISA bill represent a crucial first step in protecting our nation’s vulnerable infrastructure from the devastating impacts of cyberattacks,” Hatch said. “I will not rest until the federal government takes adequate measures to protect and secure America’s presence in cyberspace.”