McCaul: OPM hack should spur Senate to pass cyber liability protections
The breach of Office of Personnel Management databases that compromised information of more than 22 million people should convince the Senate to pass cybersecur...
The breach of Office of Personnel Management databases that compromised information of more than 22 million people should convince the Senate to pass cybersecurity legislation, Rep. Michael McCaul (R-Texas), the chairman of the House Committee on Homeland Security, said Thursday.
McCaul’s National Cybersecurity Protection Advancement Act of 2015 passed the House in April, but the Senate has not yet considered it. Senators recently have put forth other measures designed to give the Homeland Security Department more authority to protect federal networks from cyber attacks.
His bill would give liability protection to companies that share cyber threat information, in good faith, with the government or each other. Companies hold 80 percent of the malicious codes that security experts can use to stop penetrations before attacks and help patch systems afterwords, he said.
“The more access we have to those, the greater we can protect federal networks and systems from those breaches. In this case, possibly, it could have stopped it,” he said.
On the other hand, that type of information sharing might not have mattered because the OPM hackers entered the agency’s databases through legitimate credentials they stole from an OPM contractor, according to government officials. McCaul acknowledged that his bill would not be able to stop an insider threat.
“You can never completely stop an insider who steals credentials to get into systems,” he said.
McCaul is a former federal prosecutor. The hackers most likely have data from his old security-clearance applications, he said. OPM said that anyone who applied for a clearance within the last 15 years is most likely affected.
“Having worked in the federal government myself, we’re very angry the Chinese can get away with this and steal some of the most personal information of so many countless federal employees who serve the nation so well,” he said. “To have your security clearance stolen and have it in the hands of one of our enemies — it’s really disturbing.”
China is reportedly the leading suspect in the breaches, although it has not been declared in definitive language by federal law enforcement officials. McCaul said China has gained an economic advantage over the United States through its use of cyber espionage. But, he added, Russian cyber criminals and cyber Jihadists pose similarly alarming threats.
“We are very vulnerable. We are not protected in the cyber world from these attacks,” he said. He spoke at a breakfast forum hosted by Bloomberg Government.