The U.S. intelligence community’s conclusion that Russia attempted to influence the 2016 U.S. presidential election serves as yet another reminder: We face a host of emerging threats in cyberspace that jeopardize the integrity of our democratic elections, the privacy of our citizens, as well as our infrastructure, economic stability and national security.
Despite these threats, Congress’ current structure to preempt and respond to cyber attacks remains ineffective. It is time to establish a permanent Senate Select Committee on Cybersecurity to provide oversight of our data breach prevention strategy and cyber activities.
According to the Congressional Research Service, at least 20 standing committees between the House of Representatives and the Senate held hearings related to cybersecurity during the 114th Congress. This has resulted in a scattered and uncoordinated response to recent cyber attacks and served as an impediment to crafting legislation to prevent and mitigate the threat, which is growing increasingly complex due to the sophistication of recent incursions and the wide range of responsible actors involved.
While an investigation into Russia’s hacks may be viewed as a catalyst for support of a committee dedicated exclusively to cybersecurity, the alarm that U.S. cybersecurity policy must be strengthened was sounded long ago.
According to a recent Government Accountability Office report, federal agencies and government contractors experienced more than 14 times the number of information security incidents in 2015 compared to 2006. In addition, the GAO noted that 19 out of the 24 major federal agencies have deficient security protocols, and only 41% of user accounts at 23 civilian agencies required secured credentials to access agency systems.
For example, in 2014, hackers affiliated with the Chinese government infiltrated the computer system of the Office of Personnel Management (OPM) and stole the personal information of more than 22 million current and former federal employees. With a stronger cybersecurity congressional oversight structure, our federal government agencies could have built more proactive and resilient defenses. Even if these safeguards failed, with greater congressional oversight, it may not have taken a year for OPM to disclose that its network was breached.
The OPM hack remains the largest data breach ever suffered by the federal government and should have served as a wake-up call to Congress. Less widely reported incidents, including almost daily attacks against the Pentagon, State Department and other government servers, also demonstrate the magnitude of the threat and the devastating potential consequences of future attacks.
In 2014, North Korea hacked Sony Pictures and released private information—early evidence that Pyongyang’s cyber capabilities are improving. In 2015, reports revealed that a power company operating 82 plants in 18 states was compromised for as long as two years by a foreign entity. The attackers gained enough information to remotely control more than 70 power stations from New York to California. Later that year, the world learned that Iran hacked a New York dam, an unsophisticated attack that tested the vulnerability of American infrastructure, at the same time that Tehran also targeted U.S. financial institutions.
A catastrophic attack could have widespread economic, military, health and financial implications. Therefore, the United States must develop a robust prevention and recovery policy response that can adapt to current and future technological advancements.
That’s why we are introducing legislation to create a permanent Senate Select Committee on Cybersecurity. A committee with concentrated authority would be directed to complete investigations into cyber attacks and ensure the Administration takes the necessary steps to identify cyber vulnerabilities, address emerging threats and prevent future attacks. Its members would consist of the chairmen and ranking members of all relevant committees that have jurisdiction over cyber issues, as well as a designee appointed by the chairman of each committee. The committee would have the ability to convene hearings, consider legislation and call witnesses in order to produce reports updating Congress and the American public on its progress.
There’s precedent for creating a select committee when there is a void in leadership on an issue. For example, the Senate Select Committee on Aging was created in 1961 to examine seniors’ issues prior to the passage of Medicare.
The United States has not been effective enough in deterring bad cyber actors and encouraging responsible behavior in cyber space. Americans across the country agree. According to the Pew Research Center, seven in ten Americans feel that cyber warfare represents a major threat to the United States.
The purpose of any investigation into Russia’s attempt to influence the U.S. election should not be to challenge the legitimacy of the incoming Trump administration, but rather to learn lessons that will help Congress put forth solutions to protect our democracy and the stability of our country. The committee we propose may have gained traction because of recent events, but the need for the committee extends far beyond Russia’s hacks—history proves it, and our future depends on it.