The problems that surround cyber attribution came into sharp relief in recent weeks, as the Department of Homeland Security and FBI attempted to pin attribution for the hacking of Democratic party organizations on hackers affiliated with the government of Russia, with only mixed success.
Attribution was again an issue after The Washington Post -citing the DHS and FBI report- said Russians had hacked their way into the U.S. electrical grid by way of a Vermont utility. That report was eventually walked back as more evidence emerged about the incident. Pointing the finger of blame – it turns out – is easier said than done in matters of cyber espionage and cyber war.
Now the folks over at Cyberscoop point to a new bill designed to boost the government’s ability to do cyber attribution and foster government-industry ties.
New cybersecurity legislation aims to bolster the U.S. government’s attribution capabilities as well as a foster an increasingly close relationship between government, industry and academia.Attack attribution has been at the center of a global debate over alleged Russian hacking of American political targets during the 2016 U.S. elections. Even the many officials and experts who agree that Russia was responsible say that the publicly-released evidence has been underwhelming, due in large part to the protection of sources and methods by American intelligence.
Increased capability in this arena could alter the ultimate outcome of future attacks.The Rapid Innovation Act of 2017, co-sponsored by Texas Republican Reps. John Ratcliffe and Michael McCaul, would make innovation in cybersecurity a responsibility of the Department of Homeland Security’s undersecretary for science and technology.
The bill, which emerged from the Homeland Security Subcommittee on Cybersecurity, passed the House last week and is now headed to the Senate. Ratcliffe is the subcommittee’s chairman, and McCaul is the full Homeland Security panel’s chairman.