SOUTH PORTLAND — With no action on a cybersecurity bill in Congress, U.S. Sen. Angus King held a briefing Tuesday at Texas Instruments to share federal pointers on how small businesses can protect themselves from a costly data breach.
The briefing to about 150 people, many working in IT in Maine, detailed guidelines developed by the U.S. Department of Commerce in 2014 in response to a 2013 executive order signed by President Obama.
“So far, we’ve been dodging bullets,” King said Tuesday morning, referring specifically to a massive data breach at the Office of Personnel Management revealed in June. “That was a serious hit, but it didn’t bring down the economy. What keeps me up is an attack on the financial system or electrical system or gas pipeline system that could bring this country down just like a military attack.”
King voted as a member of the Senate Intelligence Committee to pass a bill creating a law allowing private companies to redact and share information with other companies and the U.S. government for cybersecurity purposes.
The bill that cleared committee in a 14-1 vote did not make it to the Senate floor, but King said he expects a vote on the legislation later this year.
King said Tuesday that he will continue to press Congress to pass such legislation as businesses in various sectors — health care, finance, education, consumer products — have expressed concern to his office about data breaches or cyber-attacks of the kind that have hit major U.S. retailers in recent years.
Maine State Chamber of Commerce President Dana Connors said that Tuesday’s briefing provided businesses guidance in protecting from cyber-attacks.
“Maine is home to some of the best and most innovative businesses in the country, but they recognize that, like everyone else, they’re not immune to the threat of a cyber-attack,” Connors said in a prepared statement.
A study by antivirus software maker McAfee and the Center for Strategic and International Studies estimated that economic losses from cybercrime total more than $445 billion per year globally.
The Maine Credit Union League estimated that data breaches in the past year have cost its members about $2.5 million, between replacing credit and debit cards and covering fraudulent payments.
King was joined Tuesday by the Homeland Security Department’s Assistant Secretary for the private sector, Jose Raul Perales, and the department’s Northeast Cyber-Security Advisor Michael Leking.
Perales said the department has advocated and developed protocols for the private sector but also brought executives from companies like Disney in to provide recommendations.
“Why Disney?” Perales said Tuesday morning. “Who has the longest queues in the world?”
Perales said DHS plans to launch pilot projects in a few airports later this fall based on recommendations from a range of private sector leaders to make the airport screening process more efficient. On cybersecurity, Perales said the department hopes to develop a similar relationship with the private sector.
The Commerce Department in 2014 released details of a voluntary program that aims to get owners and operators of Internet network infrastructure to adopt a set of cybersecurity standards.
For small businesses and startups, the Department encourages businesses to assess its risk, using questions in five different areas:
— addressing known software vulnerabilities using the National Vulnerability Database ( nvd.nist.gov).
— determining what threats or incidents it tracks directly and which monitoring activities it outsources to other vendors.
— determining whether any essential business functions could be affected by a cyber-attack and creating contingency plans and procedures for such an attack.
— taking part in industry or regional groups that share information on cybersecurity strategies.
— use existing programs such as the Department of Homeland Security’s Enhanced Cybersecurity Services and its Critical Infrastructure Information Sharing and Collaboration Program.
The Homeland Security Department also refers business owners to a free 30-minute online training from the U.S. Small Business Administration on cybersecurity measures.
The Maine Cyber Security Cluster at the University of Southern Maine also has a guide for small businesses seeking to evaluate and protect themselves from cyber-attacks. It also maintains a news group of reported vulnerabilities atgroupspaces.com/CyberSecurityOrg.
The University of Maine System last year was the first public university system in the country to receive a stamp of approval from the U.S. National Security Agency and Homeland Security for its cybersecurity programs.
Perales said the briefing in Portland was part of an effort by federal homeland security administrators to increase collaboration from the private sector in protecting infrastructure from cyberattacks.
“We need the talent and creativity of all of you to help us in this mission,” Perales said.