| By Morgan Chalfant
The Equifax data breach and the Department of Homeland Security’s (DHS) cybersecurity efforts will have the attention of cyber-minded lawmakers in Washington in the coming week.
Equifax, one of the three major credit reporting agencies in the United States, has been under massive scrutiny this month after acknowledging a data breach in which hackers stole sensitive information on as many as 143 million Americans.
On Wednesday, the Senate Banking Committee has scheduled a hearing on the Equifax breach, which is supposed to feature testimony from Richard Smith, the embattled former CEO of the company who resigned on Tuesday amid the backlash.
Meanwhile, the Department of Homeland Security is also facing criticism in another cyber controversy after notifying 21 states that their election systems were targeted by Russian actors ahead of the 2016 presidential election.
Both Wisconsin and California charged this week that they received misleading information from Homeland Security officials. California’s secretary of state said in a statement that DHS subsequently told state officials that Russian scanning activity occurred on the state’s Department of Technology network, not its election infrastructure—and called the initial notification “bad information.”
According to ABC News, Texas officials are also claiming that DHS’s assessment was wrong and that their systems were not targeted.
Homeland Security officials reached out to the states on Sept. 22, though the department left it up to the individual states to disclose details of their discussions.
The department has stood by its assessment in the face of criticism.
“DHS has made an effort to respond quickly to questions and requests for further information from states following Friday’s calls, and we have provided additional information and clarity to a number of states,” a DHS spokesman told The Hill on Thursday.
“The Department stands by its assessment that Internet-connected networks in 21 states were the target of Russian government cyber actors seeking vulnerabilities and access to U.S. election infrastructure,” the spokesman added.
The issue could come up at a forthcoming hearing scheduled by the House Homeland Security Committee. A subcommittee is supposed to hear from officials at the National Protection and Programs Directorate (NPPD)–the entity within the department responsible for guarding federal networks and critical infrastructure from physical and cyber threats—on the department’s cybersecurity mission on Tuesday.
The hearing will also likely feature discussions about an ongoing effort in Congress, spearheaded by Homeland Security Chairman Michael McCaul (R-Texas), to reorganize and elevate the department’s cybersecurity wing.
The committee advanced legislation in July that would replace NPPD with a new, operational agency to handle cyber and critical infrastructure protection. The bill faces quite a few hurdles before becoming law—it must clear other House committees before going to the floor for a vote, and companion legislation must be moved in the Senate.
Additionally, the House Oversight Committee has rescheduled a hearing on the cybersecurity of Internet of Things (IoT) devices, which will now take place on Tuesday.
Those hungry for more details on probes into Russian interference can look out for an update on the Senate Intelligence Committee’s investigation on Wednesday afternoon, when committee leaders Sens. Richard Burr (R-N.C.) and Mark Warner (D-Va.) are planning to hold a press conference.
The news briefing will take place less than a week after representatives from Twitter briefed staff from both the House and Senate Intelligence Committees on their internal review into disinformation networks and Russia-linked accounts on the platform.
Cyber should get attention across the country beginning next week, with the start of National Cybersecurity Awareness Month.
Officials, trade groups, and businesses will be looking to highlight cybersecurity threats as well as best practices for individuals and organizations to secure their data systems.
The U.S. Chamber of Commerce, for example, is kicking off the month by hosting its annual cybersecurity summit called “Get Your Hack Together.” The Chamber also has a string of regional events planned throughout October as part of a broader cybersecurity awareness campaign.
Tom Gann, chief public policy officer at cybersecurity firm McAfee, told The Hill that the national awareness month is “is a timely opportunity to remind people of the importance of being cyber secure.”
“Of course, current headlines couldn’t make it any clearer that we need to help citizens, businesses and governments strengthen their security posture, which is critical for consumer privacy, our national security and the global economy,” Gann said.
In case you missed them, here are some of our recent pieces:
Bill would require Pentagon to assess security risks to electric grid
Apple update flaws left Mac firmware vulnerable
Senate passes small business cybersecurity legislation
Obama DHS officials pitch election cybersecurity fixes to Congress
Former Trump official Epshteyn testifies in House Russia probe
Senate panel invites Facebook, Google to testify in Russia probe
GOP chairman probes Russian use of Facebook ads to influence US energy market
Grassley slams FBI for not complying with Judiciary
Tillerson’s No. 2 faces questions over State cyber closure |
