One day after acknowledging a massive security breach at the Office of Personnel Management, the White House on Friday defended President Obama’s record on data security, and tried to turn it around on Congress by saying members have failed to pass a cybersecurity bill.
House Speaker John Boehner’s office responded by calling the attempt to place the blame on Congress “disgusting.”
White House press secretary Josh Earnest was asked several times Friday about the data breach, but responded by urging reporters to take a look at Obama’s schedule over the past four or five months. During that period after the holiday break, Obama laid out a point-by-point breakdown of the cybersecurity legislation he wanted Congress to pass.
Obama even pushed for that bill during his State of the Union address as well, Earnest said.
In addition, Earnest noted that Obama convened a cybersecurity summit earlier this year and issued an executive order in response to the Sony Pictures hack by North Korea, which gave the Treasury Department new authority to use financial sanctions to hold hackers accountable.
Despite all of these steps by the president, he said, Congress has failed to act.
“Since the president submitted those three specific [components of cybersecurity] legislation, we’ve seen very little action from Congress,” he said. “… We need Congress to come out of the dark ages and join us in the 21st century to make sure we have a modern cyber-system.”
“We haven’t seen Congress do a single thing,” he said. “This is a significant matter that poses a significant threat both to our national security and our economy.”
Boehner’s office responded with a statement from spokesman Cory Fritz, who said the White House needs to own up to the huge violation of privacy that could affect up to 4 million current and former federal employees.
“Where is the leadership?” asked Fritz. “The federal government has just been hit by one of the largest thefts of sensitive data in history, and this White House is trying blame anyone but itself. It’s absolutely disgusting.”
The House did pass a bill in April that would provide legal protections for companies to share access to their computer systems and information about breaches of their networks with federal investigators. The Senate version of the bill, however, has stalled.
While the data breach and the bill are clearly related issues, it’s not at all clear that passing it would have prevented the attack, as Earnest seemed to be suggesting. Still, Earnest insisted that legislative action is needed to require the kind of information-sharing the administration would like to see between law enforcement officials and the private sector.
Often, he said, private companies experience a certain type of computer system hack, and knowing how the perpetrators executed it could help warn other companies, as well as the federal government, in working to prevent those types of attacks before they occur.
“[It’s] too early to determine what precisely would have prevented this particular cyber intrusion, but what is beyond argument is that these three pieces of legislation that the president sent to Congress five months ago would significantly improve the cybersecurity of the U.S,” he said.
Earnest said he didn’t know if the current government computer protection apparatus, known as the Einstein system, would have prevented the attack.
The federal government was planning to implement a new version of that systems, the Einstein 3.0, by 2018 but has since accelerated its implementation to next year, he said.
