Colorado Statesman - Colorado Congressmen Call for Cybersecurity Measures After Hack Attacks

By Tom Ramstack

Ongoing accusations by the Obama administration that the Russian government should be blamed for hacking the computers of presidential campaigns is reviving calls by federal lawmakers for improvements to internet security.

Among them is Colorado Republican U.S. Sen. Cory Gardner, who pledged to introduce a bill imposing stiff sanctions on Russian cyber-criminals.

"Russia's interference with American democracy is a direct threat to our political process and it may only be the tip of the iceberg," Gardner said in a statement. "It is imperative that Russia's behavior is met with strength in the form of aggressive sanctions to show the world that its cyber-crimes will not be tolerated."

Gardner said his bill would require the Obama administration to investigate anyone suspected of threatening U.S. cybersecurity and to pursue sanctions against them.

He is chairman of the Senate Foreign Relations subcommittee on East Asia, the Pacific, and International Cybersecurity.

Gardner's threat of reprisal follows by weeks a bill introduced by Colorado Rep. Ed Perlmutter, (D-Golden), who proposes tax breaks for businesses hit by data breaches.

In the incident with the Russians, the Department of Homeland Security and the White House Office of the Director of National Intelligence issued a joint statement saying, "The U.S. intelligence community is confident that the Russian government directed the recent compromises of emails from U.S. persons and institutions, including from U.S. political organizations."

The stolen email information was posted on WikiLeaks and political websites in the United States.

The postings on WikiLeaks were anonymous but the Obama administration last week blamed the Russian government. The Russians deny the accusations.

The information included embarrassing leaks that led to the resignation of Democratic National Committee chairwoman Debbie Wasserman Schultz. Other hacked information included private emails of former Secretary of State Colin Powell and aides to Democratic presidential candidate Hillary Clinton.

The Russian hacking incident was reported shortly after internet service provider Yahoo announced that as many as 500 million of its users' accounts might have been hacked. The damage still is being assessed.

Last month, Perlmutter introduced a bill to provide incentives for businesses to fortify their computer systems against cyber-attacks.

Called the Data Breach Insurance Act, it would offer a 15 percent tax credit to companies that buy data breach insurance and adopt the National Institute of Standards and Technology Cybersecurity Framework computer standard.

The tax credit is intended to help businesses offset the cost of risk assessments, employee training and computer upgrades required to meet the national standard.

"We have seen an increase in cyber-attacks and data breaches over the last several years and each attack is incredibly disruptive, inconvenient and dangerous to consumers when their personal information is compromised," Perlmutter told The Colorado Statesman.

His bill, (H.R. 6032), is pending before the House Ways and Means Committee.

The National Institute of Standards and Technology developed its "Cybersecurity Framework" in response to a 2013 executive order from President Obama.

About 36 percent of U.S. businesses use the standard to manage their risks from hackers, according to the National Institute of Standards and Technology.

The Washington-based Bipartisan Policy Center reported that in 2014, there were 783 reported data breaches that gave hackers access to 85.6 million records in the United States. Computer giant IBM estimates businesses endure about 16,856 cyber-attacks a year, or 46 on each business every day.

One of them was Louisville, Colorado-based HyperDog Media, a web development company specializing in Search Engine Optimization.

"Several years ago, our website suffered an intrusion by an automated script," Jim Kreinbrink, HyperDog Media president, told The Colorado Statesman. "It installed code to redirect users to an online pharmacy site."

When anyone tried to visit the HyperDog Media website, they received a warning from Google not to visit the site.

"A prospective customer mentioned that we were recommended to him but he was worried when he saw Google warning him not to visit our site," Kreinbrink said.

Customers who used the Norton or Sophos AntiVirus software received similar warnings about the HyperDog Media site.

Repairing the damage from data breaches can be an extensive process that includes a need for new anti-virus software, researching links from other sites leading to the intruder and communicating with internet service providers about fixing the problem, Kreinbrink said.

By that time, a company's professional reputation could be hurt seriously, he said.

"Your email reputation may need to be restored if spam was sent out from your site," he said.

A study released last month by the Rand Corp. found that the average cost of a data breach for a company is just under $200,000.

The study was based on data from more than 12,000 cyber-attacks between 2004 and 2015.

The Rand research showed that financial service companies were most commonly hit by security breaches, followed by health care, government, education, manufacturing and information services.

Computer incidents tracked by Rand included data breaches, malicious attacks, phishing or skimming of financial information and privacy violations.

Meanwhile, the fallout continues in Washington over the Russian hacking and Yahoo data breach incidents. "The kinds of disclosures that we've seen, including at WikiLeaks, of stolen emails from people who play an important role in our political process is consistent with Russian-directed efforts," White House Press Secretary Josh Earnest said.

Source