Cyber-focused lawmakers moved swiftly Thursday and Friday to respond to an enormous data breach at the credit rating agency Equifax, which could affect up to 143 million people, or about 44 percent of the U.S. population.
Rep. Ted Lieu, D-Calif., asked the House Judiciary Committee to call a hearing where representatives from the three major credit reporting agencies—Equifax, Experian and TransUnion—would testify both about the breach and about efforts to secure their computer systems against similar breaches in the future.
Sen. Mark Warner, ranking member of the Senate Intelligence Committee, also urged Congress to consider passing a uniform, national data breach notification standard. Currently, the criteria for if and when a company must notify customers about a data breach varies from state to state.
» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.
The breached information includes names, Social Security numbers, birth dates, addresses and, in some cases, driver’s license numbers, according to an Equifax fact sheet. The breach also compromised about 209,000 credit card numbers, the company said.
Equifax holds several million dollars in government contracts, according to a federal contracting database, but it’s not clear if the breach affected any data collected as a result of those contracts. Equifax had not replied by Friday afternoon to a late Thursday query from Nextgov about the issue.
Is There Honking on a Highway with 100,000 Driverless Cars?
Lawmakers cut some state-based red tape for autonomous vehicle makers. The House Wednesday passed the Safely Ensuring Lives Future Deployment and Research In Vehicle Evolution Act, or SELF DRIVE Act, which establishes a clear pecking order for which rules manufacturers should follow. It would make it the National Highway Traffic Safety Administration’s job to regulate the design, construction and performance of “highly autonomous vehicles,” while states retain rights to more operations-based regulations like licensing or safety and emissions inspections.
The bill would also dramatically increase the number of vehicles that could be tested in year, from the current 2,500 to 100,000 in four years. The bill broadly defines “highly autonomous vehicles” but excludes commercial trucks.
Last Ditch Try to Save State Cyber Office Foiled
The House Rules Committee blocked debate Wednesday an amendment that would have barred Secretary of State Rex Tillerson from shuttering the department’s 6-year-old cyber coordinator’s office, which helps negotiate international rules of the road in cyberspace.
Tillerson announced plans to close the cyber coordinator’s office and shift its responsibilities to State’s economics bureau as part of a broader program to scrub the department of special envoys and representatives. That move could roll back advances the U.S. has made in establishing global cyber norms, Cyber Coordinator Chris Painter told Nextgov in an interview.
Painter’s “leadership has given us a place at the head of the table, and we would be well-served to not give up our seat," the amendment’s sponsor, Rep. Debbie Dingell, D-Mich., said in a statement.
Lawmakers Want Bitcoin-Blocking Tax Code Changed
Rep. Jared Polis, D-Colo., and Rep. David Schweikert, R-Ariz., want the IRS to change how it taxes virtual currencies like bitcoin so people can use it for everyday purchases. The IRS classifies virtual currency as property, so transactions must be reported similar to a stock transaction. The pair’s Cryptocurrency Tax Fairness Act of 2017 Thursday would remove the reporting requirements for purchases under $600 based on a similar rule for making purchases in foreign currency.
“With this simple legislative change, anyone can make digital payments to buy a newspaper or a bike without worrying about tax code challenges,” Schweikert said in a statement.
White House, Senate Battle Over Cyber Authorities
The White House pushed back Thursday on cyber elements in the Senate version of a major defense policy bill, saying they could constrain the president and the military in a cyber emergency. The White House especially objected to a section requiring the U.S. to notify other governments whose computers have been seized by malicious hackers.
The White House also objected to a provision requiring the Pentagon to include hacks against state election systems in its annual cyber war game exercise, saying that’s inconsistent with the military’s statutory authority.
CBO Gives a Good Score to Homeland Security Re-org Bill
A plan by House Homeland Security Chairman Mike McCaul, R-Texas, to rename and reorganize the Homeland Security Department’s cybersecurity division would not significantly affect the federal budget, according to a Tuesday estimate from the Congressional Budget Office. That may give a boost to the legislation, a top priority for McCaul, which stalled last Congress amid jurisdictional disputes.
The Budget Office also found no budget impact on a separate bill that would require the government to codify when and how it decides to hoard newfound cyber vulnerabilities rather than disclose them to software makers.
About Those Ports
The House Thursday passed a bill to improve the cybersecurity of U.S. ports. Rep. Norma Torres, D-Calif, introduced the bill shortly after the notPetya malware shut down a system at the Port of Los Angeles. The bill would mandate more cyber threat information sharing, specifically designate a representative to the Homeland Security Department’s National Cybersecurity and Communications Integration Center, and requires the Coast Guard commandant to develop a detailed plan to address cybersecurity risks.
Joseph Marks and Heather Kuldell contributed to this report.