Misguided Cybersecurity Oversight
Jared Ferris /
Despite multiple recently released reports detailing cybersecurity vulnerabilities within federal agencies, Congress is still trying to give the Federal Trade Commission (FTC) greater regulatory power over data breaches. In response, the banking industry is fighting back.
In a letter to the Senate Banking Committee, representatives from the financial service industry warn lawmakers not to “mandate or embrace any one solution or technology…as the answer to all concerns.”
The letter warns that “threats to data security are ever changing and unpredictable,” and thus there is no universal solution. It also adds that “no one organization or sector alone can meet the challenges of sophisticated cyber-crime syndicates, so robust communities of trust and collective protection must constantly be developed.”
The financial service industry acknowledges that protecting the cyber “eco-system is a shared responsibility of all parties involved.” Indeed, truly cooperative policies within the private sector that enable information sharing rather than mandate it are the best way forward. This is further underscored by a recent report on the government’s cybersecurity track record released by the minority staff for the Senate’s Homeland Security and Governmental Affairs Committee.
Federal agencies are unable to prevent breaches into their own systems, and the report lists weaknesses “disturbingly common in many critical systems throughout government.” Despite the billions and billions of dollars devoted to cybersecurity, “agencies—even agencies with responsibilities for critical infrastructure, or vast repositories of sensitive data—continue to leave themselves vulnerable, often by failing to take the most basic steps toward securing their systems and information.”
Highlights from the report include:
- The Department of Homeland Security has failed to use “the sort of basic security measure just about any American with a computer has performed”;
- “Civilian agencies don’t detect roughly 4 in 10 intrusions”;
- “Every year since 2008, [the Government Accountability Office] has identified about 100 cybersecurity weaknesses at the IRS which compromise the agency’s computers and data, often repeating weaknesses it cited the previous year”; and
- Some offices have “effectively gone rogue—by buying and deploying their own computers and networks without the knowledge or involvement of the department’s so-called IT experts” because of the “perceived ineptitude” among IT staff.
For over a decade, the federal government has repeatedly failed to implement its own mandate for security, and as the report recommends, “for the country’s citizens and businesses to take the government’s effort seriously, the federal government should address the immediate danger posed by the insecurity of its own critical networks.” Congress should fix the problems with the government’s cybersecurity before it tries to force regulation onto the financial service industry.
Jared Ferris is currently a member of the Young Leaders Program at The Heritage Foundation. For more information on interning at Heritage, please click here.