A Bipartisan Bill Aims to Solve the Government’s Cybersecurity Problem
By Vincent Torres
During the 2013 government shutdown, a cyber-attack occurred when Chinese hackers breached the Federal Election Commission’s computer network. The hackers crashed computer systems that disclose how billions of dollars are raised and spent each election cycle by candidates, parties and political action committees.
To prevent events like the one in 2013 from ever happening again, a bipartisan bill was introduced that would create an exchange program between the federal government and private firms. This program aims to bring more expertise on the subject of cybersecurity to the federal workforce. The bill was drafted by Minnesota Democratic Sen. Amy Klobuchar and South Dakota Republican Sen. John Thune on Monday, Feb. 11.
The bill is meant to address the cybersecurity shortage in the workforce that has been plaguing the United States government and was introduced as a result of the 2019 government shutdown which affected the Government's ability to spend money on crucial aspects of its staff.
"Our country’s cybersecurity should be a top priority, but currently, our government needs additional cybersecurity experts to ensure we are not vulnerable to attacks from adversaries and cybercriminals,” Klobuchar said in a statement. “This bipartisan legislation will allow our Federal agencies to work with private sector experts at the top of the cybersecurity field to help ensure that our networks are protected.”
Reports indicate that during the government shutdown, over half of the government workforce was furloughed, Klobuchar said. That included the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency. While that agency's employees were on a leave of absence, nearly 80 government websites were rendered vulnerable, insecure and inaccessible because the website’s security certificates had expired. The government shutdown may have enabled cybercriminals and adversaries to attack and breach its extremely weak system. This was brought to the Department of Defense’s attention in a letter drafted by Klobuchar and other senators.
Digital security certificates are important for protecting transmissions over the internet from hackers and foreign governments, Klobuchar said in a press release. These certificates are necessary for browsers to be able to verify that they are communicating securely with an authentic website, as opposed to a malicious site run by a hacker. Digital certificates must be renewed and replaced before they expire.
However, according to Klobuchar’s letter to the Department of Defense, many agencies in our government are still updating the certificates manually. Due to the government shutdown, the employees who would normally renew and replace these certificates were furloughed. As a result, visitors to these government websites were warned not to log in or perform any sensitive operations on these sites, as authentication credentials are not secure and could be intercepted by malicious actors.
"This is a great opportunity for federal government agencies to tap into the vast cybersecurity resources that exist in the private sector and academia, as well as bolster the capabilities of their counterparts,” Thune said.
Essentially the bill would enable the government to recruit cyber experts from not only the private sector but academia as well. These experts would work in the federal government for up to two years. On top of the experts from the private sector and academia, federal agencies would create a program in which their employees would be trained to do similar work in the private sector. The goal would be to teach them best practices, which can then be used to amp up the government's cybersecurity in the long-run.
"With each passing day, the impact of the government shutdown on our nation's security grows,” said Suzanne Spaulding, a former undersecretary at the Department of Homeland Security. "Meanwhile, our adversaries are not missing a beat, and the daily attacks on our systems continue. Cybersecurity is hard enough with a full team. Operating at less than half strength means we are losing ground against our adversaries."