America's Cybersecurity Emergency That Keeps Getting Worse
Scarcely a week goes by without news of cyber-criminals successfully breaching big computer systems and stealing millions of Americans’ personally identifiable information (PII). The federal government collects information about every man, woman and child in our country. Unfortunately, the federal government is the world capital of cyber insecurity. Unless we take steps to prevent rapidly increasing cyber-attacks by foreign criminals and unfriendly governments, our economy and national security are at huge risk.
How vulnerable are federal computer networks? Two years ago, Chinese hackers broke into the computer systems of the Office of Personnel Management and stole the PII and sensitive background check information of approximately 26 million people, including fingerprint records of 5.6 million people. Even worse, the hack wasn’t discovered and reported until several months later.
Another gang of Chinese cyber-criminals repeatedly hacked – and may still be hacking – the Federal Deposit Insurance Corporation’s (FDIC) computer network. The FDIC hacks threaten everything from large-scale manipulation of our entire financial system to looting individuals’ checking, savings and retirement accounts.
As if repeated Chinese hacking isn’t bad enough, the Obama administration invited dozens of for-profit data mining companies to take up permanent residence on the HealthCare.gov website. These companies were permitted to harvest confidential financial and health care information from the tens of millions of people who visit HealthCare.gov each year.
At the IRS, 2016 tax-refund fraud is projected to set a new record – a whopping $21 billion. An enterprising crook needs only a name, date of birth and a Social Security number to enter made-up W-2 information, submit a fraudulent return and receive a refund from the IRS within 30 days.
On the plus side, the IRS estimates that it now detects and prevents 90% of fraudulent tax returns. But the IRS is also part of the problem. In one recent year, more than 700,000 taxpayers had sensitive data such as Social Security numbers, dates of birth and addresses stolen through IRS websites. This stolen data enabled hackers to access information from prior tax returns, which in turn allowed them to file new, fraudulent tax returns.
These problems are only the tip of the iceberg. Information security incidents reported by federal agencies have jumped from 5,000 in fiscal year 2006 to 77,000 in fiscal year 2015 – an increase of 1,300%. Even worse, a series of in-depth reports show that federal agencies haven’t responded adequately.
In April 2014, the Government Accountability Office (GAO) reported that 24 major federal agencies responded inadequately to cyber-attacks. The GAO made more than 2,500 specific recommendations for improving agencies’ cybersecurity, but about 1,000 of these still have not been implemented.
Two recent reports, from the Commission on Enhancing National Cybersecurity and the privately-funded Center for Strategic and International Studies Commission on Cyber Security, describe the abysmal state of our cybersecurity preparedness and recommend significant reforms to protect our government and our citizens.
Earlier this month, the House Committee on Science, Space and Technology, which I chair, approved on a bipartisan basis a package of reforms that will strengthen federal cybersecurity defenses, require regular audits of cybersecurity preparedness and make agencies and their leaders publicly accountable for performance. H.R. 1224, the NIST Cybersecurity Framework, Assessment, and Auditing Act of 2017, further engages the National Institute of Standards and Technology (NIST) in this effort.
NIST is widely recognized as a global leader in cybersecurity knowledge, scientific standards-setting and research and analysis of federal agencies’ cybersecurity readiness. Given the number and magnitude of cyber threats, we hope the House and Senate will take action soon and send our bill to the president for signing.
The inescapable fact is that we are in a cyber-war, whether we like it or not. The question is whether our government will defend itself and its citizens.
Chairman Smith and Rep. Abraham are members of the House of Representatives' Committee on Science, Space and Technology.