The House Subcommittee on Information Technology grilled the heads of three federal agencies regarding progress they had made in their cybersecurity programs after the major data breach of the Office of Personnel Management (OPM).
The heads of the Department of Agriculture, the National Aeronautics and Space Administration (NASA) and the Social Security Administration each testified regarding progress of their programs. Each said their agencies have made progress by hiring new cybersecurity experts, implemented the latest technologies and begun training programs for their staff to help defend against cyberattacks.
However, the consensus from each agency was that the government’s information technology systems are severely outdated and greater funding is needed to upgrade them.
Government IT – Reliable But Out of Date
“I think our IT systems are sort of the equivalent of B-52s, reliable but outdated and vulnerable,” said Robert Klopp, deputy commissioner and chief information officer for the Social Security Administration.
Jonathan Alboum, the chief information officer for the Department of Agriculture, specifically requested $10 million dollars to do so.
While representatives who attended the hearing agreed more could be allocated to cybersecurity, they stressed greater consequences to agencies who do suffer a cyber breach.
“One thing that is very frustrating is in Washington you see there seems to be no penalty for failure,” said Rep. Rod Blum, R-Iowa. “In fact, the answer usually to failure is to spend more money, we’re not spending enough of the taxpayer money.”
The problem is that the nature of cyber attacks is that they’re numerous and constantly changing. The OPM, which suffered a cyber breach earlier this year that compromised the personal information of up to 20 million government employees and contractors, faces about 10 million digital attacks each month.
“Unfortunately there is no single approach or tool that can project, counter and mitigate the wide range of attacks that threaten networks,” said Renee Wynn, NASA chief information officer.
The Department of Agriculture has implemented an anti-phishing campaign that educates employees on how to spot phishing emails, said Jonathan Alboum, the chief information officer for the Department of Agriculture. So far, it has helped reduce the click through rate on tested phishing messages by more than 50 percent he said.
The agency also issued personal identification cards to help fight cybersecurity, with use increasing from 6 percent to about 96 percent.
The hearing was in response to the data breach of the Office of Personnel Management (OPM) last April and the agencies’ compliance with the Federal Information Security Management Act (FISMA) and Federal Cybersecurity Enhancement Act.