Priorities
By Bill Bartel
July 23, 2015
Responding to reports that tens of millions of federal personnel records have been breached by hackers, U.S. Sen. Mark Warner and other lawmakers want to give the Homeland Security Department authority to monitor and protect agencies using the.gov domain.
It makes no sense that, under current law, Homeland Security needs permission from most agencies before it can protect government records, the Virginia Democrat said Wednesday while announcing the legislation, "and we're seeing the kind of dreadful results that take place."
The federal Office of Personnel Management confirmed earlier this month that 21.5 million records of current and past federal employees, contractors and other Americans were compromised by hackers.
The legislation, with chief sponsors Warner and Sen. Susan Collins, a Maine Republican, calls for Homeland Security to set up and enforce standards for cybersecurity among the.gov agencies. The bill would empower the department to conduct risk assessment and take action when a cyberthreat is detected. Currently, each agency must give permission and can ignore Homeland Security requests, Warner said.
"The attack on OPM has been a painful illustration of just how behind the curve some of our federal agencies have been when it comes to cybersecurity," said Warner, who is a member the Senate Intelligence Committee.
He and Sen. Tim Kaine, along with two senators from Maryland - another state with a large federal workforce - have proposed bills to offer lifetime credit monitoring and other security protections to those affected by the Office of Personnel Management breach.
But legislation won't solve all the problems, Warner said.
The senator, who made his fortune in the early days of the cellphone industry before running for office, said private companies and people also must be more aggressive in guarding personal information online.
"All of us, as Americans, need to be better about changing our PIN numbers, not using the same PIN code for all of our computer files. This is something we're all going to have to learn," he said, adding that people must practice strong "personal cyberhygiene."
"I know that sounds a little strange, but that is the world we live in," he said.