President Obama introduced an executive order last week that intended to help protect the nation’s infrastructure from cyber attacks. It’s similar to CISPA in that it increases information sharing between government and private corporations, but thankfully lacks the privacy infringing clauses found in the aforementioned bill. Some experts, however, are saying that it’s not enough.
Security experts have found that Congress itself is woefully unprepared for a cyberattack on its network. They say that Congressional networks lack the technology and security methods to prevent attacks. The danger here is that a successful hack could yield a treasure trove of classified information from lawmakers.
Speaking to The Hill, Tom Kellermann, VP of Cybersecurity for Trend Micro, says that Congress is “overly reliant on perimeter defenses that are ineffective in today’s targeted environment.” He also says that Congressional networks “lack their own appropriate levels of funding for technologies and manpower to deal with this properly.”
If hackers were interested in Congress, who would they hit? Security experts say that high-ranking lawmakers would be first on the list, but important committees like the Intelligence and Armed Services committees would also be high priority targets. These committees hold highly classified information from government agencies like the FBI and the Pentagon that would be especially desirable.
For their part, many people in Congress told The Hill that they practice “proper cyber hygiene.” That is to say that members of Congress and its employees are trained to spot phishing attempts and malware attacks. It’s a good first line of defense that could prevent incidents like the recent Apple and Facebook hacks that used an exploit in Java to gain access to systems.
As always, lawmakers can talk a good talk, but are they really doing enough to protect their networks from hackers? Congress’ cybersecurity professionals have been reportedly stepping up their game over the past few years to prevent the kind of attacks that have crippled corporations over the last few years. They do, however, emphasize the need for new cybersecurity regulations. Let’s just hope Congress can provide one devoid of CISPA’s privacy infringing ugliness.