Warner: OPM Cyberattack 'Part of Troubling Pattern'

U.S. Sen. Mark R. Warner (D-VA), a member of the Senate Select Committee on Intelligence, released the following statement after the administration announced that roughly 4 million current and former federal employees have had sensitive personal information exposed by a hack:

“Today’s reported breach is part of a troubling pattern by this agency in failing to secure the personal data of federal employees – the second major breach in a year. Cyberattacks present a critical threat to our national security and our economy. We cannot afford to keep dragging our feet in addressing the escalating threats posed by hackers out to steal individuals’ personal information.”

The bipartisan Cybersecurity Information Sharing Act, which passed the Intelligence Committee in March, includes an amendment by Sen. Warner that would require the intelligence community to produce a comprehensive accounting of the threat from cyberattacks and cybercrime, how the United States can better share intelligence with partner nations, what new technologies could help, and the extent to which prompt reporting of data breaches can help combat this threat.

Congressman Gerry Connolly (D-11th) also weighed in: “Thursday’s report of a second data breach at OPM is very disturbing,” said Congressman Gerry Connolly, who represents Northern Virginia’s 11th congressional District. “Based on the cyber-signatures and method of attack, all indications point to Chinese hackers. But there is a lot we don’t know yet and the investigation is ongoing. In this instance, the Department of Homeland Security initially detected malicious activity in April and determined in May that OPM systems were breached.

“While improvements have been made to protect federal government computer systems from such cyberattacks, this latest breach is one more reason federal agencies must continue to implement more proactive cyber-security measures,” he said. “Such measures should include aggressive implementation of the Federal Information Security Modernization Act (FISMA), which requires the government to universally adopt precisely the type of proactive measures that detected this most recent data breach.

“We must also work toward more dynamic security options which conduct continuous, 24-7 monitoring of government computers to discover malicious indicators of cyberattacks in real time,” Connolly said.

Last December, Sen. Warner successfully amended The Intelligence Authorization Act of 2015 last December directing the President to address problems related to cyber criminals known to be operating in Ukraine, which international law enforcement authorities have identified as a major center for hackers and cyberthieves. The amendment encouraged the President to take steps to make America safer from cybercrimes emanating from Ukraine, including improved intelligence and law enforcement cooperation, improved extradition procedures to ensure that cybercriminals face justice after causing damage to American consumers.

In addition, Sen. Warner chaired the first hearing in Congress in the aftermath of a breach of the retailer Target. On the heels of that hearing, Sens. Warner and Mark Kirk (R-IL) called for the private sector to cooperate in creating Information Sharing and Analysis Centers (ISACs) to share information on data breaches, something the retail and financial services industries now have pursued on a voluntary basis. Additionally, Sens. Warner and Kirk introduced legislation in the last Congress to strengthen consumer protections for debit cardholders by capping liability for fraud at $50, the same amount as for credit cards. Sen. Warner currently is working on legislation to require enhanced private sector data security measures and consumer breach notification.

Sen. Warner is currently preparing to introduce data breach legislation that would create a comprehensive, nationwide and uniform data breach standard requiring timely consumer notification for breaches of financial data and other sensitive information.