Tuesday, August 20th 2024, 10:35 pm
Preventing federal data breaches and other cyber threats is the aim of bipartisan legislation introduced in the United States Senate last week. One of the bill's sponsors is Oklahoma Senator James Lankford, a member of the Senate Intelligence Committee.
The legislation, titled the Federal Contractor Cybersecurity Vulnerability Reduction Act of 2024, is co-sponsored by Virginia Democratic Senator Mark Warner, chairman of the Intelligence Committee. He and Lankford say the need to reduce the vulnerability of the nation’s critical infrastructure and sensitive data is very real.
"We're living in a very different world," said Senator Lankford (R-Okla.) in a Zoom interview Tuesday.
Lankford says federal agencies and their data are frequent targets of hackers, who will often try to gain access through a contractor.
"The biggest challenge that you have." said Lankford, "is often it's not Boeing, it's a subcontractor's subcontractor somewhere down the line, [but] anywhere where you've got networks that are connected to each other, if any one of those is vulnerable, all of those are vulnerable."
Vulnerability Disclosure Policies, or VDPs, are an important way agencies learn about vulnerabilities in their software, allowing IT experts to then apply the necessary patch before an attack takes place. Currently, civilian federal agencies are required to have VDPs but not federal contractors, civilian or defense.
The Lankford/Warner bill would change that.
"Yeah, we want to make sure, if there's a known vulnerability and somebody finds something, that it can get reported and that it can get fixed," Sen. Lankford explained. "Put the responsibility back on the original entity that actually wrote that code, to be able to fix it, patch it, and be able to get it done."
Lankford says he's also working on legislation to centralize federal oversight of cybersecurity, which he says would lessen the burden on contractors and private entities to pass along information about a vulnerability. But for now, he says, this legislation will help beef up the nation's cyber-defense.
"The last thing you want is for known vulnerabilities when they're discovered, to be swept under the rug," Lankford said, "and then they become huge cyber-attacks in the days ahead. That has occurred -- we want to make sure that doesn't ever happen again."
Companion legislation in the House has already advanced out of committee.
August 20th, 2024
November 14th, 2024
November 7th, 2024
October 10th, 2024
November 21st, 2024
November 21st, 2024
November 21st, 2024
November 21st, 2024