The National Cybersecurity and Critical Infrastructure Protection Act waits to be passed by the Senate

Nov 18, 2014 17:45 GMT  ·  By

A statement from the chairman of the Committee on Homeland Security, Michael McCaul, on the recently disclosed cyber-attack targeting the US State Department puts pressure on the Congress to pass bipartisan cybersecurity legislation.

A few weeks ago, unclassified systems at the White House suffered a cyber-attack. At that time, there was no indication that the network of the State Department had been affected. It appears that now a connection between the two incidents has been established, although there is no clear information on the identity of the attackers as the investigation is ongoing.

Bipartisan cybersecurity legislation stuck in Congress

Speaking on the latest incident, Michael McCaul puts the blame on the Congress for not passing “vital and bipartisan cybersecurity legislation” that would enable the Department of Homeland Security (DHS) to conduct cybersecurity activities on behalf of the federal government.

He refers to the National Cybersecurity and Critical Infrastructure Protection Act that has already been passed by the House of Representatives on July 28, and is currently waiting for the approval of the Senate.

The bill would codify the role of DHS in taking proactive measures and reacting to cyber-attacks against federal civilian agencies in the US. Protection of critical infrastructure sectors would also be covered by the bill.

“Criminals, hacktivists and nation states are attacking our government networks at an alarming rate. Every day that Congress does not pass vital and bipartisan cybersecurity legislation is a day Congress leaves this country vulnerable to these persistent and increasingly dangerous attacks,” Chairman McCaul said.

“If a larger attack occurs, it's going to be on Congress for not acting. It is my hope our common sense legislation to secure our government networks and critical infrastructure from the growing cyber threat is sent to the president's desk without further delay,” he added.

Number of cyber-attacks is growing

The number of reported breaches on federal computer networks has increased from 26,942 in 2009 to 46,605 in 2013, based on information from the US-CERT (Computer Emergency Readiness Team), and the numbers are not improving.

Apart from the attack on the White House systems and those on the State Department, attackers managed to get past the cyber defenses of the National Oceanic and Atmospheric Agency (NOAA) and the US Postal Service.

In an emailed comment, Mike Davis, CTO at CounterTack, said that “all industries, whether it be government, retail, finance or energy needs to move a detect and respond model where hacks are analyzed in real-time and threats are flagged and mitigated quickly and efficiently.”