Hurd on the Hill: Cyber Attacks
Cybersecurity. It’s the latest buzzword. Your colleagues worry about it. The talking heads on TV analyze it. Congress holds hearings about it. And when your credit card company sends you a letter about it, you wonder just how concerned you should be.
Long before the word cybersecurity was coined, governments, companies and individuals were victims of cyber breaches. For as long as there has been sensitive information available on the web, there have been bad actors trying to access it and use it in a destructive way.
But no longer are cyber attacks just about identity thieves trying to steal personal information. They have evolved into something far more insidious.
During my time in the CIA, national security was my greatest priority. And while some of my days were spent in the back alleys of foreign nations recruiting spies and stealing secrets, the increasing number of cyber attacks drew more and more of our attention and resources.
So, what’s at stake?
National secrets are at risk. Cyber espionage against our government and U.S. companies is a daily problem. The U.S. Government Accountability Office recently announced that flight controls on commercial flights are vulnerable to attack by passengers using the plane’s wireless system. And perhaps most frightening, patients dependent on medical devices that are controlled through a wireless system are also at risk by hacktivists.
Cyber attacks allow micro actors to have a macro impact, disrupting the lives of individuals and potentially causing devastation at a much greater level.
While we can all agree that cyber attacks are a serious threat, there’s no clear agreement on how to address it. But one of the reasons I wanted to serve in Congress is to use my expertise to help shape cybersecurity policy, finding the best way to protect the lives and information of American citizens, businesses and our government, while upholding privacy rights. I know from experience that if we’re going to stay a step ahead of hacktivists, government and businesses are going to have to work together, sharing the cyber threat indicators needed to create a strong defense.
The House’s previous attempts to pass cyber and information sharing legislation have been thwarted by the President’s threats to veto this legislation. But his recent announcement that cyber attacks are a national security issue give me hope that he’s ready to work with Congress.
The Committee on Homeland Security, which I sit on, got the ball rolling last week with the bipartisan National Cybersecurity Protection Advancement Act, which passed out of committee unanimously. This is a pro-privacy, pro-security bill that ensures that information sharing is transparent and timely by providing liability protection to companies for the voluntary sharing of cyber threat indicators with the public and private sectors. It includes robust privacy protections by requiring the public sector to comply with all civilian laws that protect the privacy and civil liberties of American citizens.
In an effort to help small businesses, I offered an amendment to the Act which will give small and medium sized cyber firms the same access to government resources that are currently enjoyed by the large firms. These smaller companies, many of them located in San Antonio, are doing great things every day that are helping to protect other small and medium sized businesses. These groups perform at a high level and make up the bulk of the economy for this industry — they deserve the same access that a larger company has. Including them helps every company fighting this fight, large and small.
I helped build a cybersecurity firm over the last four years, so I know first-hand the threats companies face. My time in the CIA showed me the lengths to which the bad guys are willing to go. I will continue to work with my colleagues on both sides of the aisle to make sure that information sharing legislation makes it all the way to the President’s desk.