Despite having some policies in place, the U.S. government is largely unprepared for a large-scale cyberattack, though the white hat hacker community could help it identify weak points and harden security.
“No,” said Rep. Ted Lieu, D-Calif., when asked during the Def Con “Hacking Congress” panel whether the government was well-positioned to fend off attackers. “Cyber in the federal government is pretty messed up.”
While processes to respond to cyberattacks were put together under President Obama, it hasn’t been tested, said Rep. Jim Langevin, D-R.I., who pointed out that the government was caught off guard with Russia’s meddling in the U.S. presidential election. Langevin noted an uptick in cyber spending and “planning for war games.”
But there is still a knowledge gap in Congress that hampers progress. Some lawmakers would like to up their cyber fluency, relying mostly on staffers to build their knowledge base, although security researchers could fill the gaps. Calling issues around cybersecurity fairly complex, white hat security researcher Cris Thomas, aka Space Rogue, said, “It’s up to us as a community to engage with those agencies and those staffers and those Congress people to educate them.”
Critical among the tasks the nation must tackle is security of the impending 2020 election. Lieu, who long with Langevin, had visited the Def Con Voting Village, noted that voting machines remain a soft spot. “At least a third of voting machines, ones you push and that have no paper trail, are totally vulnerable,” said Lieu, urging the audience continue trying “to come up with some ideas that are affordable to election districts and would add security,” much as they had in other areas like medical devices.
In addition to enlisting the help of the security community, Lieu called on Congress to pass laws that would “mandate these private companies to do the right thing.” The House recently has passed both HR14 and the SAFE Act, only to have them languish in the Senate.