Agency Response to Cyberspace Policy Review
Opening Statement By Chairman David Wu
I want to welcome everyone to this morning’s hearing on the administration’s cyberspace policy review. This is the second of three hearings the Science and Technology Committee is holding on cyber security. Last week the Research and Science Education Subcommittee held a hearing on the research needs for improved cyber security, and next week my Technology and Innovation Subcommittee will hold a hearing on the cyber security activities at the National Institute of Standards and Technology and the Department of Homeland Security.
I have long been concerned by the lack of attention given to cyber security by the federal government. Previously, federal efforts were output oriented—focused on things like the number of programs, funds spent, or numbers of interagency working groups—rather than outcome driven. I am pleased that the new administration has made cyber security a top priority and is focusing efforts on achieving outcomes such as fewer breaches of federal systems, fewer cases of identity theft, and the security of smart grid systems and health IT systems.
In order to achieve those important results, it was essential to first conduct a review of our federal cyber security structure. The administration’s cyberspace review does not make any brand new recommendations. However, it is valuable as a frank assessment of current federal activities and a roadmap for what needs to be fixed. In general, the recommendations suggest improving interagency coordination and coordination with the private sector, modernizing the research agenda, and enhancing public education on cyber security.
By addressing each of these recommendations we are laying the building blocks for our new, outcomes-based approach to federal cyber security. The four agencies appearing before the Committee today have a significant role to play in creating that foundation. During today’s hearing, I hope to learn how each agency intends to improve their current cyber security efforts in response to the administration’s review. This information will help guide the Committee’s ongoing efforts to protect our nation’s data and citizens.
Opening Statement By Chairman Daniel Lipinski
Good morning. Welcome to this Research and Science Education Subcommittee hearing on cyber security research and development.
Information technology is an integral part of our daily lives. Computers, cell phones, and the Internet have greatly increased our productivity and connectivity. Unfortunately, this connectivity and the dependence of our critical infrastructures on information technologies have increased our vulnerability to cyber attacks. For example, last year the Pentagon reported more than 360 million attempts to break into its networks. Just two weeks ago, a cyber attacker accessed the design plans for the $300 billion Joint Strike Fighter project.
But it’s not just the Pentagon that needs to worry about cyber security. Cybercrime is a problem for businesses large and small, and for every single American. The FTC estimates that identity theft costs consumers about $50 billion annually, and that even more alarmingly, it’s the fastest growing type of fraud in the United States. These aren’t just individual criminals. Increasing globalization and the internet means that sophisticated organized crime groups can mine information, selling it both nationally and internationally.
In 2007, nearly 50 million credit card records were taken when cybercriminals broke into computer systems used by the retailer TJ Maxx. Some analysts put the total cost of the breach at over $4 billion, and the stolen card data was used to defraud retailers nation-wide. Wal-mart lost almost $8 million to fraudulent gift cards. Ultimately 11 people were indicted, including three U.S. citizens, two individuals from China, one from Belarus, one from the Ukraine, and one from Estonia. This is what cyber-attacks are about: it’s a world-wide challenge to law enforcement, and it can affect any American.
Improving the security of cyberspace is of the utmost importance and it will take the collective effort of the Federal government, the private sector, our scientists and engineers, and every American to be able to accomplish this.
In order to realize the full benefits of information technology we need advances in cyber security R&D. Cyber threats are constantly evolving and cyber security R&D must evolve in concert through a combination of near term fixes and long-term projects that build a more secure foundation.
People are perhaps the most important part of our IT infrastructure, and according to experts, they are also the ‘weakest link’ in many systems. Better cyber security education for both the general public and for current and future IT professionals is vital. However, there’s still a lot we don’t understand about how humans interact with technology; therefore, more research into the social and behavioral sciences has the potential to significantly improve the security of our IT systems.
Today, we will hear from witnesses who are actively engaged in efforts to improve the security of our digital infrastructure. I look forward to the witnesses providing valuable insight into the challenges we face in tackling this complex issue and the role of cyber security R&D and education in any comprehensive solution.
The Science and Technology Committee has a key role to play in improving cyber security, and to that end, we are holding a series of hearings to examine various aspects of this issue. After we focus today on R&D and education, next week our Subcommittee will hold a joint hearing with the Technology and Innovation Subcommittee to hear how federal agencies are responding to the Administration’s 60-day cyberspace policy review. And later this month, the Technology and Innovation Subcommittee will hold a hearing to assess the efforts of DHS and NIST.
There is no doubt that our use of the internet and other communication networks is continuing to grow and evolve, and that threats from individual hackers, criminal syndicates, and even other governments are growing and evolving too. I am glad that the President is taking an active role, and there is no doubt in my mind that Administration leadership will help better define and prioritize cyber-threats, coordinate the Federal response, and develop effective partnerships with the private sector. As Chairman of this Subcommittee I look forward to working with my colleagues and the Administration to ensure the development of a strong cyber security strategy.
I want to thank all of our witnesses for taking the time to appear before the subcommittee this morning and I look forward to your testimony.
Witnesses
Panel
0 - Ms. Cita Furlani
Director Information Technology Laboratory National Institute of Standards and Technology (NIST) Information Technology Laboratory National Institute of Standar
Download the Witness Testimony
0 - Dr. Jeannette Wing
Assistant Director Directorate for Computer & Information Science & Engineering National Science Foundation (NSF) Directorate for Computer & Information Science
Download the Witness Testimony
0 - Dr. Robert F. Leheny
Acting Director Defense Advanced Research Projects Agency (DARPA) Defense Advanced Research Projects Agency (DARPA)
Download the Witness Testimony
0 - Dr. Peter Fonash
Acting Deputy Assistant Secretary Office of Cyber Security Communications US Department of Homeland Security (DHS) Office of Cyber Security Communications US De
Download the Witness Testimony