author photo
By Bruce Sussman
Thu | Jan 9, 2020 | 8:19 AM PST

In this year's defense bill, the U.S. Congress finally included language designed to help protect the power grid from cyberattacks.

But it took more than three years to get to that point.

The reason? The language had to pass through several committees for review, something a group of senators are now characterizing as dangerous.

They're calling for a single cybersecurity committee oversight committee in each chamber of Congress to speed up cybersecurity legislation.

Senator Angus King, an Independent from Maine, was speaking this week about the problem.

Fifth Domain reports:

"I've made speeches on the floor where I've said, look, I don't want to go home and after a catastrophic cyberattack and say 'Well, we knew it was coming and we might have been able to do something about it but, I'm sorry, we had four different committees that had jurisdiction and we just couldn’t do it,'" he said. "That's not going to satisfy my constituents."

Cybersecurity action in Congress this week

A number of cybersecurity related happenings are underway in Congress right now. Here are two noteworthy items.

5G Security Bill

The House has introduced the 5G Security Bill, H.R. 2881, which would:

"...require the President  to develop a strategy to ensure the security of next generation mobile telecommunications systems and infrastructure in the United States and to assist allies and strategic partners in maximizing the security of next generation mobile telecommunications systems, infrastructure, and software, and for other purposes."

Elections cybersecurity testimony

Also, voting systems CEOs testified before a congressional committee on Thursday, January 9, 2020.

It was interesting to hear Dominion Voting Systems CEO John Poulos talk about some of the cybersecurity measures his company has implemented:

"Dominion works hard to promote a company culture of security. This includes annual, mandatory background checks and cybersecurity awareness training for all employees. Dominion is committed to investing in security and innovation efforts, tracking risk and threat information, developing new capabilities and successfully supporting our customers.

Dominion has also adopted advanced digital protections while employing a Defense-in-Depth approach to our internal infrastructure. Multiple layers of protection are in place spanning user endpoints, network and systems infrastructure and cloud systems, along with multi-factor authentication.

We conduct continuous vulnerability scanning on our company network and utilize third-party services for threat hunting and breach detection.

Specifically, we have implemented email verification records for Sender Policy Framework ('SPF'), DomainKeys Identified Mail ('DKIM'), and Domain-based Message Authentication ('DMARC') to protect communications with associates and customers."

[RELATED: Implementing DMARC web conference]

You can watch the election security hearing, anytime, on YouTube:

 

Comments