House Democrats on Tuesday blamed themselves and their fellow members of Congress for making bad cyber policy that has allowed America’s enemies to take advantage of vulnerabilities in the nation’s security.
Democratic members of the House Oversight and Reform Committee acknowledged that the legislative branch had failed to do its job in a way that would protect Americans from damaging hacks and cyberattacks.
Rep. Jim Cooper, Tennessee Democrat, said he was frustrated that Congress’ legislative solutions to cyber problems would always be late in coming and slow to implement.
“If I were the average person sitting back home watching this hearing, I think I would doubt that any of our nation-state adversaries were shaking in their boots, especially now that they’ve franchised a lot of their activities to criminal gangs that are even doing things like conducting ransomware attacks on small businesses across America,” Mr. Cooper said at Tuesday’s oversight committee hearing.
Rep. Gerald E. Connolly, Virginia Democrat, agreed and said Congress’ failure to prioritize cybersecurity policy in years past had reflected poorly on the legislative branch.
“I do think we in Congress need to take responsibility for the fact that, frankly, this is a much-neglected subject,” Mr. Connolly said.
Democrats’ self-reckoning on cybersecurity came during a broad examination of whether and how to change the Federal Information Security Modernization Act (FISMA), which requires federal civilian agencies to have a program to protect their information and details the agencies’ responsibilities.
A series of hacks and cyberattacks that waylaid the federal government last year helped prompt Congress to review the law, which was created in 2002 and updated in 2014. Last year, the Biden administration said Russian hackers were responsible for the SolarWinds hack of computer network management software that was discovered in 2020 and which ultimately compromised nine federal agencies.
Ransomware attackers have disrupted operations at schools, hospitals and local government agencies over the last year as well.
Mr. Cooper made clear he does not think Congress was solely responsible for America’s cyber chaos and placed some blame on companies and entities working with the government.
“Companies sell us software that turns out to be easily hackable, we get hacked, and then they sell us more software that’s also easily hackable,” Mr. Cooper said. “And people know out there that the federal government is one of the biggest, dumbest customers in the world. We also have the slowest reaction time so that makes the breaking and entry even more violative, even more dangerous for us.”
Democrats and Republicans are working together to review FISMA, but not every Republican sounded confident that they could trust their Democratic colleagues to put policy over politics. Rep. Jody Hice of Georgia questioned why the witnesses participating in Tuesday’s hearing were not from the Biden administration.
“I must admit that I’m confused and I’m sure some of my other colleagues also share in some of my confusion as to specifically why the majority has failed to invite administration witnesses to testify concerning their experience operating on the cyber front lines,” Mr. Hice said. “No doubt we have an esteemed group of witnesses who are with us here today and they have a lot of federal years of experience but nonetheless the agency operators currently battling threats from our adversaries are inexplicably absent.”
Rep. Carolyn B. Maloney, New York Democrat and the oversight committee chair, countered that lawmakers heard from administration officials last fall and had consulted with more officials in developing potential changes for FISMA.
To placate Mr. Hice’s concerns, Ms. Maloney suggested lawmakers could simply hold more hearings.
“We have already heard from government, we can have them in and hear again, or we can have just a panel [or] committee discussion, but we’ve already consulted them,” Ms. Maloney said.