A governmentwide inspector general would have a broader view of cyber deficits than individual agency IGs, Sen. Sheldon Whitehouse, D-R.I., says.
The government should consider appointing a roving inspector general’s office for cybersecurity to conduct all mandatory information security audits as well as to conduct penetration testing and other one-off cyber tests, Sen. Sheldon Whitehouse, D-R.I., suggested Tuesday.
That roving office would be far more equipped to manage governmentwide cybersecurity deficits than allotting oversight responsibilities to several dozen agency inspector general offices, Whitehouse said.
That was just one of several suggestions lawmakers offered in a wide-ranging hearing of two Senate Judiciary panels.
Sen. Chris Coons, D-Del., urged a permanent select Senate committee for cybersecurity made up of the chairs and ranking members of all the standing committees with cyber authority that could cut through some of the jurisdictional jockeying that currently undermines cyber legislation.
Whitehouse urged a full review of whether a government cybersecurity framework, created by the National Institute of Standards and Technology, is working sufficiently to protect industry at this point or if it should be updated.
He also urged that government examine more closely at the possibility of allowing companies that are being attacked by hackers to “hack back.” Whitehouse didn’t advocate hacking back but said the government should consider whether it might be helpful in narrow circumstances.
Intelligence and Homeland Security officials have historically warned against private-sector hack backs out of concern the companies would not take broader foreign policy concerns into account or would mistakenly go too far and draw the nation into a broader conflict.