Political turmoil at the White House managed to overshadow a recent cyberattack that targeted about 200,000 thousand computers, including many throughout the United Kingdom’s National Health Service.
The massive attack took hospitals offline, forcing surgeries to be canceled and ambulances to be rerouted.
The malware also hit FedEx, Nissan and other corporations, as well as the Russian Central Bank.
U.S. Sen. Chris Coons called it “troubling.”
“What I find concerning is reports that the North Koreans may have had a hand in the spreading of that attack,” said Coons, D-Delaware.
If North Korea were involved, he said, it means one of the least-sophisticated nations on Earth is capable of disrupting the economy and health care systems of technologically-superior countries.
The North Koreans “are not among the most sophisticated actors in cyber, but they have dedicated resources to it and have developed an ability beyond their military capabilities,” Coons said, adding that the attack highlights his bipartisan effort to rework the way Congress deals with cyberterrorism.
Congress currently lacks a protocol for dealing with online threats, so there isn’t a direct focus on the issue. Instead, several committees each claim a little control, resulting in a fragmented approach that Coons said is inadequate.
“One of our challenges is the overlapping jurisdiction between Intelligence, Armed Services, Commerce — there’s a lot of different committees that can — and should — step up to cyber issues,” he said.
Last year, lawmakers passed a bill to improve coordination between the federal government, corporations, as well as state and local governments, on cyberthreats and attacks.
Constant vigilance essential
But U.S. Rep. Donald Payne, who serves on the Homeland Security Committee, said Congress’ work will never be never finished when it comes to addressing cyberthreats.
“Absolutely, it’s an evolving threat, so you mitigate one area — and then it’s somewhere else,” said Payne, a Democrat. “it’s a constant evolution of trying to stay on top of it.”
But there’s another problem: a lack of skilled workers. A recent survey from the Information Security Certification Consortium forecasts that, by 2022, 1.8 million cybersecurity jobs worldwide will be unfilled. Many of those positions will be in the U.S., Payne said, which highlights the need for increased education spending, rather than the steep cuts President Donald Trump has proposed.
“Hopefully, the American people realize that they were sold a bag of goods by this president. He’s done nothing in that area of jobs,” Payne said.
U.S. Rep. Lou Barletta, however, said Trump fully comprehends national security needs and will not let the country’s defensive forces falter.
“I don’t see the United States in any way not taking cyberattacks and cybersecurity seriously,” said the Pennsylvania Republican. “As a member of the Homeland Security Committee, I can tell you that’s simply not true. The technology we’ll be investing in and the personnel, we’ll make sure we protect America.”
Delaware’s other Democratic senator also serves on his chamber’s Homeland Security Committee, and he said the problem with cyberattacks is that they keep coming … and evolving.
“The folks that are making the attacks in this country and around the world don’t just come up with an approach — malware or whatever — and say, ‘Oh, that’s all we need,'” said U.S. Sen. Tom Carper. “They keep updating it. Because as soon as they update their methods, we update our defenses — and so we will continue to do that.”
He said lawmakers can’t be content with a measure addressing cyberterrorism passed during the last Congress.
“If we stay on our toes, we can limit the damage,” Carper said. “If we don’t — and just spike the football and say that’s all we need to do — we’ll get creamed. So it’s an ongoing battle that just doesn’t stop.”
But, he said, lawmakers also will have to push federal agencies to keep the pressure on.
“One of our obligations is to do oversight and to make sure what we put in place to strengthen our defenses against the attacks is to make sure it’s working,” Carper said.