On the verge of the American Revolution, Paul Revere alerted Americans of the British invasion; his legendary feat is now immortalized (with some poetic license) in the words “One if by land, two if by sea.”
Centuries later, with rapidly advancing technology, our enemies are increasingly attempting to reach our shores and disrupt our way of life through another route: cyberspace.
Russia’s apparent hacking into US electrical companies is just the latest example of the threats we face. Hacks have become so prevalent that they are often referred to by brand names: Equifax, Anthem, Yahoo and more.
Of course, the foundation of our democracy — our free and fair elections — have been targeted as well. Russia has attempted to undermine our elections for years through disinformation and direct infiltration. They did it in 2016, and they are attempting to do it again this year. That’s why our country — both the Department of Homeland Security and private companies and individuals — need greater awareness and better tools to protect themselves, tools that we are trying to create with new bipartisan legislation.
Most Americans are somewhat aware of the risks of being hacked, but what most don’t fully realize is how many routine parts of their daily lives are targets — including bank accounts, smartphones, and even their cars and homes.
Anyone can be a target — and our country itself is at risk, whether from hackers attempting to steal private information and money from individuals or companies, foreign governments attempting to steal American innovation and secrets, or terrorists attempting to hijack our defense systems and power grid.
Everything from Americans’ personal information, our health care and financial systems, our power grid, our election infrastructure, and more are at risk.
That’s why intelligence chiefs spanning the past three presidential administrations now say a cyberattack is the greatest threat facing the United States.
At the recent Department of Homeland Security National Cybersecurity Summit, DHS Secretary Kirstjen Nielsen warned, “Cyberthreats collectively now exceed the danger of physical attacks against us.”
Similarly, at a Senate hearing a few months ago, Jeh Johnson, DHS Secretary during the Obama administration, emphasized the need to strengthen our cyberdefenses, stating, “Nothing less than the health and strength of our democracy depends on this.”
There’s a consensus that our information and infrastructure need a better defense, which is why we have been working on bipartisan solutions to make a real and immediate difference, starting with strengthening our federal government’s resiliency to attacks.
Earlier this year, a bipartisan bill we authored called the Hack DHS Act passed the Senate unanimously, and it is expected to pass the House Committee on Homeland Security soon. That legislation would establish a “bug bounty pilot program” — based on similar programs at major tech companies — to utilize “white hats,” or ethical hackers, to identify vulnerabilities in DHS’ networks. Once the flaws are identified, the department can strengthen and update its IT infrastructure before being breached. The House should pass this needed bipartisan legislation as soon as possible so it can be signed into law.
We also need to strengthen DHS’ ability to thwart cyberattacks targeted at our government and private companies. Just a few weeks ago, we introduced the DHS Cyber Incident Response Teams Act, which would strengthen the department’s so-called “cyber hunt” and “cyber incident response” teams that work to help prevent and mitigate cyberattacks on federal agencies and the private sector.
These teams, for example, analyze internet traffic to pre-emptively identify hacking attempts before they occur, and they help companies and government agencies determine what happened after an attack in order to harden defenses going forward. This bipartisan bill would make these teams permanent, which will help ensure they continue even through leadership changes at the department, helping to attract the best talent to the agency and ensuring that this vital mission is not compromised.
The DHS Cyber Incident Response Teams Act would authorize the program that acts as the tip of DHS’ spear in responding to cyberthreats, and strengthen its mission and structure to ensure it is best positioned to protect and respond to cyberthreats.
This legislation would also encourage better coordination between the private sector and the cyber response teams. With our adversaries using constantly evolving technology, it is difficult to thwart cyberattacks, and that challenge is made harder when there isn’t robust information sharing between the government and the private sector.
Our legislation would ensure our resources and partners are best positioned to protect our country from these invisible adversaries. There is no time to wait. As Director of National Intelligence Dan Coats said recently, “The warning lights are blinking red” in cyberspace.
We must do more to ensure we are prepared to stop these attacks. The two of us are committed to providing our federal government with the resources to protect our country and the American people against these evolving threats — and we are committed to working in a bipartisan manner to get it done.
Rob Portman is a United States senator from Ohio. Maggie Hassan the junior United States senator from New Hampshire.