The Government Accountability Office's Gregory Wilshusen testified before the House Homeland Security Committee's subcommittee on Oversight, Investigations and Management about the marked increase in cyber attacks against U.S. government systems.
Wilshusen reported that significant cybersecurity events increased 680% over a five year period, from 5,503 in 2006 to 42,887 in 2011.
"These agencies and organizations have experienced a wide range of incidents involving data loss or theft, computer intrusions and privacy breaches, underscoring the need for improved security practices computer intrusions, and privacy breaches," Wilshusen testified.
Wilshusen attributed the attacks to various entities, including state-sponsored actors, criminal elements, terrorists, and emerging hacktivist movements.
Wilshusen made a point to note that securing the nation's critical infrastructure should be of the highest priority, such as those that govern communications, the power grid, water treatment facilities, and similar assets.
"Specifically, significant weaknesses in information security controls continue to threaten the confidentiality, integrity and availability of critical information and information systems supporting the operations, assets, and personnel of federal government agencies," Wilshusen said.
Wilshusen's testimony coincided with that of cybersecurity experts who also testified before Congress this week on the high probability that the Iranian government is engaged in building a cyber offensive force geared towards attacks against critical U.S. infrastructure targets.
Iran's initiative is largely thought to be in response to the Stuxnet virus attacks which caused severe damage to Iran's nuclear enrichment program and reportedly set back the nation's nuclear program by as much as several years.
Congress also heard testimony this week regarding threats posed by China's growing cyber espionage and cyber offensive capabilities.
The hearings were part of the House of Representatives unofficial "Cybersecurity Week". Republican Leadership has taken it upon themselves to commit to focusing on a select number of bills out of dozens that address security for information systems.
Legislation considered this week in the House includes the following:
- Cyber Intelligence Sharing and Protection Act (H.R. 3523)
- Federal Information Security Amendments (H.R. 4257)
- Cybersecurity Enhancement Act (H.R. 2096)
- Advancing America’s Networking and Information Technology Research and Development (NITRD) Act (H.R. 3834)