Congress Grills Agency Heads on Cybersecurity

WASHINGTON (CN) – House Republicans proved unreceptive Wednesday to testimony about the need for money federal agencies need to weather the growing tide of cyberattacks.

At the morning hearing before the House Subcommittee on Information Technology, the general mood was that federal agencies are in a better position to handle complex cyberattacks than they once were. But the news wasn’t all good.

Robert Klopp, deputy commissioner and chief information officer for the Social Security Administration, told the committee the government’s information-technology systems are still not state of the art.

“I think our IT systems are sort of the equivalent of B-52s, reliable but outdated and vulnerable,” Klopp told the committee.

The fix for this, Klopp said, is for Congress to carve out more money to help agencies update their systems. The call for more funding was common among the agency representatives, with Alboum specifically asking Congress to fulfill a $10 million request from his agency.

But these requests did not appear to be totally popular among the few representatives who attended Wednesday’s hearing.

“The answer is always going to be yes, we could have more money, but we’ve got to be sure we’re using the money that we do have effectively,” Rep. William Hurd, R-Texas, said before closing the hearing.

Representatives insisted that while larger budgets might help agencies fight against cyberattacks in the short run, it will also be important for the government to hold people accountable when breaches do occur.

“One thing that is very frustrating is in Washington you see there seems to be no penalty for failure,” said Rep. Rod Blum, R-Iowa. “In fact, the answer usually to failure is to spend more money, we’re not spending enough of the taxpayer money.”

Wednesday’s hearing was set against the backdrop of a series of recent cyberattacks against the federal government and contractors. The biggest of these, against the Office of Personnel Management, jeopardized the personal information of as many as 18 million people.

Congress responded with the Federal Cybersecurity Enhancement Act, which required agencies to take certain steps to improve their cyberdefense systems by December 2016. With that deadline looming, the Subcommittee on Information Technology sent letters asking agencies about their compliance efforts and called Wednesday’s hearing to receive updates from some.

Along with Klopp from Social Security, officials with NASA and the Department of Agriculture said they have hired new security experts, brought on board the latest technologies and started up training programs to help defend against the “constantly evolving” cyberattacks that threaten their systems.

“Unfortunately there is no single approach or tool that can project, counter and mitigate the wide range of attacks that threaten networks,” NASA chief information officer Renee Wynn said, testifying Wednesday morning before the House Subcommittee on Information Technology.

Jonathan Alboum, the chief information officer for the Department of Agriculture, specifically touted his agency’s increased use of personal identification cards as a method of fighting against cyberattacks. The usage rate of these cards has exploded in the past year and a half, booming from 6 percent for some users up to 96 percent, Alboum said.

One project highlighted in the testimony is an anti-phishing campaign the agency launched this year to educate employees on how to spot messages that could poke holes in their networks. Alboum said the campaign reduced the click-through rate on test phishing messages by more than 50 percent.

%d bloggers like this: