Sunday, May 01, 2016
Billy Long: Every effort must made to safeguard taxpayer data from cyberattackers
After an online hacker breached the Food and Drug Administration’s (FDA) internal network in October of 2013, the House Committee on Energy and Commerce, which I sit on, began an investigation into the vulnerability of federal agency networks. The invasion did not ultimately result in major harm to the system and its users. Our investigation, however, resulted in the unveiling of several other information security incidents that had occurred at the FDA, the National Institutes of Health (NIH), and the Department of Health and Human Services (HHS).
The results of the report are alarming, and cite numerous occasions where predators were able to breach these systems over the past few years. More troubling though, is that these hackers were often using relatively unsophisticated methods to do so. Our examination also revealed non-public studies by the Office of Inspector General (OIG) showing a litany of deficiencies across HHS’s online security systems.
The American people should be appalled by these findings. Our government holds troves of sensitive personal data that they shouldn’t have to worry about falling into the hands of a hacker and, when considering yet another recent data breach at the Office of Personnel Management (OPM), should be calling for far more effective data safeguards.
These breaches could have been avoided but happened due to a lack of understanding the importance of information security. Ultimately, the report targeted the bureaucratic relationship between other senior HHS officials and the Chief Information Security Officer (CISO) as the culprit. As it stands, the CISO must rely on other officers – who have other priorities – to implement suggestions to improve network security. All-too-often, this has resulted in the safety of the American people’s data being put on the backburner.
Despite the surge of red flags outlined in our report, HHS has yet to implement the necessary structural reforms among their leadership to improve security moving forward. That’s why I’ve introduced the “HHS Data Protection Act,” with Rep. Doris Matsui (CA-6), which will designate the CISO as the primary authority on all matters of information security at HHS, and restructure the agency’s chain of leadership so that no other senior officials’ directives can interfere with data security needs.
It may be impossible to prevent all cyber-attacks, but the American people deserve to know that their federal agencies and representatives in Washington are taking every precaution to stop ones that are preventable. The safeguarding of this data should be a top priority, and I will keep fighting to gain support for this legislation, and ensure that it becomes law.