 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
Cyber Security: Private-Sector Efforts Addressing Cyber Threats.
Subcommittee on Commerce, Trade, and Consumer Protection
Prepared Statement of The Honorable Cliff Stearns
Good
afternoon and welcome to the Subcommittee on Commerce, Trade and Consumer
Protection's hearing on cyber security. I am pleased that we are joined today
by a group of distinguished witnesses and look forward to having their
testimony. The witnesses today collectively represent the best minds on the
issue of cyber security and I am confident they will help us better understand
the issue and its increasing significance. In
the aftermath of the tragic events of September 11th, we as a nation,
it seems, have become obsessed with security and that is understandable. So, it
is understandable that our hearing today will also be colored, to some extent,
by the horrific events of September 11th and new worries over cyber
terrorism. Still, I do want to
emphasize that the problems that give rise to cyber security concerns predate
September 11th and cyber terrorism worries. Most important those
problems have begun to increase in shear numbers and magnitude at an alarming
rate. Let me explain. In just over a year and as a result of only three cyber
attacks, the I Love You and Code Red viruses and February 2000 denial of service
attacks, in excess of $10 billion was lost. The number of cyber attacks, as
reported by the Computer Emergency Response Team (CERT) at the Carnegie Mellon
University, is expected to nearly double this year from last year to some
40,000. In
a survey of 538 computer security professional both within the government and
private sector released this past March and conducted by the Computer Security
Institute with participation of the FBI's field office in San Francisco, %85
of the respondents said that they had detected computer security breaches
between March 2000 and 2001. Some %58 of those respondents had detected ten or
more incidents of vandalism, theft of information, financial fraud and denial of
service attacks. Quite significantly, %64 of respondents had acknowledged
financial losses due to cyber attacks or worse, breaches of their information
systems. Cyber
attacks and breaches of our nation's information systems are especially
worrisome when we realize that most aspects of our daily lives, from the mundane
to the profane, are touched, either directly or indirectly, by various
information systems, storing, processing and exchanging information via the
electronic medium, the most visible of which is the Internet. Just about every
thing we do involves the processing and exchange of information electronically.
Therefore, cyber threats to the nation's information systems be they viruses,
worms, denial of service attacks or something as yet not thought of, must be
taken very seriously. If there are concerted attacks yielding substantial
breaches of our nation's information systems not only will we face staggering
financial losses, we may also face more instances of tragic loss of live. As our
information systems infrastructure has become interoperable, easy to access and
use for sake of increasing efficiency and productivity, it has become more
vulnerable to cyber attacks. The greater the degree of interconnection and
interdependence between the various information systems, the higher the cost of
disruption due to cyber attacks. The Internet has tremendously accelerated this
move towards increased interconnectivity and interdependence among and ease of
access to information systems. And as such, the Internet connection of an
information system containing, mission-critical information such as financial
data and intellectual property, has become a frequent point of cyber attacks.
The
custodian of the nation's information systems, the ones underpinning our
economic welfare, is private industry. Companies large and small have
historically made great strides in protecting their mission-critical information
and operating systems. However, the cyber security challenges that they face
have both increased in number and magnitude as the importance of information
systems to our economic welfare has increased and with the advent of the
Internet. We will hear today that private industry is rising to these new
challenges, but that still more work needs to be done.
For example, even though horrific events of September 11, 2001 have put
additional pressure on companies to reexamine their security procedures and
practices, according to a recent poll of 150 chief information officers (CIO) by
CIO Magazine, almost %40 of America's larger companies still do not have
cyber-security experts on staff or under contract. Cyber security measures can
not be an after thought when designing, operating and managing mission-critical
information systems. As
for cyber terrorism, since September 11th we have learned that
determined terrorists do have the wherewithal to undertake the unexpected.
Terrorists and their recruits also have grown up in the digital age and thus
most probably possess the technical skills to undertake concerted and effective
cyber terror attacks. And as the real and virtual worlds have become more
closely intertwined, cyber terrorism can potentially engender greater pain and
tragedy and thus become more attractive to unscrupulous terrorists. I'll end by borrowing Ms. Davidson's most instructive words, "The price of cyber security, as with liberty, is eternal vigilance." As we all know freedom is not free.
|
|||||||||||
|
