Congress is way behind on cybersecurity knowhow, the chairman of the Senate Committee on Homeland Security and Governmental Affairs said Thursday, adding that ignorance — and the difficulty of shaping meaningful legislation — often paralyzes lawmakers on the issue.
Sen. Ron Johnson, R-Wis., pressed experts Thursday to raise the public profile of America’s cyber vulnerabilities to help create more pressure on lawmakers to fill that knowledge gap when it comes to future cybersecurity legislation.
“We have to make sure the American public is fully aware of the threat and the risk, so [they] can put pressure on the political process to start responding and pass common sense legislation that’s sorely needed,” Johnson said Thursday during remarks at the American Enterprise Institute.
Last year, Johnson worked with Sen. Tom Carper, D-Del., on the Federal Cybersecurity Enhancement Act, which extended the Department Homeland Security’s Einstein intrusion detection system to all federal agencies. Language from that bill eventually made its way into the Cybersecurity Information Sharing Act that passed as part of the $1.1 trillion omnibus spending bill in December.
Johnson applauded the work done by Carper, as well as Senate Intelligence Committee leaders Dianne Feinstein, D-Calif., Richard Burr, R-N.C., and Saxby Chambliss, R-Ga., on the legislation that eventually became CISA, but added it was “as good as we were going to get coming out of the Senate,” partly due a lack of cybersecurity expertise on Capitol Hill.
“We just don’t have the knowledge to start talking about in detail what we are going to do in a 400-page bill on cybersecurity,” Johnson said, adding the danger of unintended — and unwelcome — consequences from such legislation was very high. “These are incredibly complex issues, so we have to be very careful about what kind of laws we pass.”
Johnson used a Gilligan’s Island reference to explain how he feels technology is moving too fast for both lawmakers and the greater public to understand, which has caused the government to be slow in their reaction to the growing number of breaches.
“Most of us are Gilligan, there aren’t a whole lot of Professors,” he said. “As technology moves forward, it’s leaving the vast majority of the population behind in how does all of this work.”
He even lumped himself into the Gilligan group, admitting that he relies on his kids to set up his own iPad.
A lack of knowledge combined with a reluctance to start fighting on Capitol Hill has led to a “denying of reality,” according to Johnson.
“The reason is why you have this denying of reality is that if you accept reality or talk about it — if you acknowledge these realities, you have to do something about it,” he said.
“Doing something about it is not particularly easy.”
Nonetheless, Johnson wants to continue moving forward on legislation, touting a data breach law that would codify a national uniform standard for companies to notify the public when personal information is stolen, for instance by credit card hackers.
“I don’t think companies can really try and respond to 50, 100, a couple thousand jurisdictions in terms of what their requirements are,” he said. “That should be so easy to accomplish. We haven’t been able to.”
After his remarks, the senator told FedScoop that his committee is taking a look at the government’s response to the Juniper Networks backdoor and how that may affect the federal government’s IT systems. The House Committee on Oversight and Government Reform issued a letter earlier this week calling on agencies to turn over their response plans in the wake of the discovery.
Johnson said the Senate committee had not determined whether they will hold any hearings on the Juniper situation.
“It’s an incredibly serious issue,” Johnson said. “This is bad news.”
Even with the aversion to bad news, Johnson called on experts to stress the need to take action before a really attack that might cripple the country.
“If there is one message I want to convey to what we need to do as a nation, we have got to raise the profile of the serious threats we face in terms of our basic infrastructure,” he said.
Contact the reporter on this story via email at firstname.lastname@example.org, or follow him on Twitter at @gregotto. His OTR and PGP info can be found here. Subscribe to the Daily Scoop for stories like this in your inbox every morning by signing up here: fdscp.com/sign-me-on.