The House subcommittee on Oversight, Investigations, and Management conducted hearings Tuesday to better understand the nation's current state of cybersecurity.
Leading the charge with decidedly alarmist rhetoric was Republican Representative Michael McCaul if Texas, who boldly pronounced, "there are no shells exploding or foreign militaries on our shores. But make no mistake: America is under attack by digital bombs."
"China's cyber warfare capabilities and the espionage campaigns they have undertaken are the most prevalent of any nation state actor," McCaul continued.
Chief among McCaul's concerns is the notion that the Chinese government is actively engaged in "cyber espionage" conducted by "established cyber war military units" which he believes have "laced the U.S. infrastructure with logic bombs."
"We have been fortunate that up until this point, cyber attacks in our country have not caused a cataclysmic event that could bring physical harm to Americans. But that is not for a lack of effort on the part of those who mean to destroy our way of life. Every day nations and 'hacktivist' groups penetrate our public and private computer networks. The degradation of our national security and intellectual property from cyber theft threatens to weaken us where we have been historically strong: in our ingenuity and creativity," McCaul stated.
In slightly more measured testimony on the state of security for critical infrastructure, Shawn Henry, former executive assistant director of the FBI’s Criminal, Cyber, Response and Services Branch, said he believes it is "difficult to say with confidence that our critical infrastructure--the backbone of our country's economic prosperity, national security, and public health--will remain unscathed and always be available when needed."
“The threat has reached the point that a determined adversary will access any system that is directly accessible from the network. They will keep coming until they come in,” Henry continued.
“I don’t worry about China and Russia. They aren’t going to start a war just for fun. I don’t know if we can say that for Iran and North Korea," James Lewis of the Center for Strategic and International Studies testified.
The biggest threat, according to Lewis, is the lack of an appropriate defensive posture where network security is concerned. "The greatest threat to cybersecurity in the United States is complacency,” he said.
Stephen Flynn of Northeastern University’s George J. Kostas Research Institute for Homeland Security advocated mandatory security initiatives to reduce vulnerabilities. “At the end of the day, purely voluntary approaches will not get us where we need to be," Flynn testified.
McAfee Chief Technology Officer Stuart McClure agreed, stating "we know what to do to solve the problem. It’s a matter of getting people to do it.”
House Republican Leadership this week have taken it upon themselves to commit to focusing on a select number of bills out of dozens that address security for information systems.
Legislation that will be considered this week in the House include the following:
- Cyber Intelligence Sharing and Protection Act (H.R. 3523)
- Federal Information Security Amendments (H.R. 4257)
- Cybersecurity Enhancement Act (H.R. 2096)
- Advancing America’s Networking and Information Technology Research and Development (NITRD) Act (H.R. 3834)