Mobile Menu - OpenMobile Menu - Closed

Cybersecurity

Date: 
Thursday, September 15, 2005 - 12:00am
Location: 
Washington, D.C.
How Can the Government Help Address Vulnerabilities in Critical Industries?

Opening Statement By Hon. Bart Gordon

Today's hearing has two important purposes: To assess progress in improving the security of computer systems on which critical industries rely and to explore why progress has been so slow.

Networked information systems are key components of many of the Nation's critical infrastructures, including electric power distribution, banking and finance, water supply, and telecommunications. Computer system vulnerabilities persist worldwide, and the initiators of random cyber attacks that plague the Internet remain largely unknown.

But we know that many international terrorist groups now actively use computers and the Internet to communicate, and they are clearly capable of developing or acquiring the technical skills to direct a coordinated attack against networked computers in the United States. The disruptions and economic damages that could result from a successful cyber attack to one or more of our critical infrastructures could be substantial. And damage to water supply systems or to chemical processing plants, for example, could also create life threatening consequences.

Following the events of 9/11, ensuring the security of critical infrastructures has become a national priority, but progress in securing the cyber infrastructure has simply been too slow.

A presidential directive from the Clinton Administration, PDD 63, instituted policies and established new organizations to improve the nation’s ability to detect and respond to cyber attacks, including mechanisms to improve communication between the public and private sectors regarding cyber security matters. Subsequently, the new Department of Homeland Security was charged to be the government's focal point for cyber security. And yet, in a report released this summer, GAO found that the Department of Homeland Security has not yet developed national cyber threat and vulnerability assessments or government/industry contingency recovery plans for cyber security. This is simply not good enough.

Recent events make all too clear that inadequate recovery plans, either by design or execution, have dire consequences for the health and well being of our citizens. Inaction can be an enemy just as lethal as terrorists.

GAO stresses that to be successful in meeting its responsibilities, the department will need to achieve organizational stability for cyber security activities, including an elevation of this function within the department. In addition, GAO indicates the department must work to develop effective partnerships with stakeholders, and then achieve two-way information sharing with these stakeholders.

Today, we have an opportunity to hear from some of the stakeholders about what is being done within their industry sectors to improve cyber security, where they now stand, and what could be done to accelerate progress. I am interested in hearing about their relationship to and interactions with the Department of Homeland Security and in their views on how the government can be more effective in achieving the overall goal of cyber security for critical infrastructures. We need to understand what the fundamental impediments are to securing cyber space and to take appropriate action to overcome them.

Mr. Chairman, I want to thank you for calling this hearing, and I look forward to our discussion with the panel.

Witnesses

Panel 1

1 - Donald "Andy" Purdy
Director (Acting) National Cyber Security Division Department of Homeland Security National Cyber Security Division Department of Homeland Security
Download the Witness Testimony

2 - John Leggate
Chief Information Officer British Petroleum, Inc. British Petroleum, Inc.
Download the Witness Testimony

3 - David Kepler
Corporate Vice President, Shared Services, and Chief Information Officer Dow Chemical Co. Dow Chemical Co.
Download the Witness Testimony

4 - Andrew Geisse
Chief Information Officer SBC Services, Inc. SBC Services, Inc.
Download the Witness Testimony

5 - Gerald Freese
Director, Enterprise Information Security American Electric Power American Electric Power
Download the Witness Testimony

Transcript
Link to Government Printing Office PDF file Link to text version Link to text version with speaker index
Serial 109-25
109th Congress