Main Nav

House Homeland Security Subcmte. Hearing on Cyber Attacks

The Subcommittee on Oversight, Investigations, and Management of the House Homeland Security Committee held a hearing this afternoon entitled "America is Under Cyber Attack: Why Urgent Action is Needed" to highlight the extent of existing cyber threats to the nation and their impact, as well as the dangers of such threats expanding dramatically without a coherent national strategy. (Note that the hyperlink in the hearing title provides access to the archived video of the hearing as well as the written testimony of the witnesses and the opening statement of the subcommittee chair.)

Witnesses included Dr. Stephen E. Flynn, founding co-director of the Kostas Research Institute at Northeastern University, who stressed the importance to national cybersecurity efforts of fully engaging colleges and universities as centers of knowledge, expertise, and technological innovation. He also highlighted the degree to which the academic community might serve as an honest broker between government and the private sector in forging cross-sector collaboration that can effectively respond to the threat of escalating cyber attacks while respecting individual privacy and civil liberties in general.

Led by James Lewis, director and senior fellow of the Technology and Public Policy Program at the Center for Strategic and International Studies, the witnesses generally emphasized the need to address the exposure of the nation's critical infrastructure, such as the electric power grid and oil and gas pipelines, to cyber attack. Along with the subcommittee chair and the ranking members of the subcommittee and full committee, they noted the degree to which cyber attacks may now have impacts in the physical world. For example, Flynn discussed a scenario developed by the National Institute of Standards and Technology (NIST) that illustrated the potential ease with which a cyber attack on the nation's power grid could be executed, leading to cascading breakdowns in other systems dependent on electrical power that could put lives in danger. Stuart McClure, chief technology officer for the Internet security company, McAfee, also cited the degree to which a diabetic's personal insulin pump could conceivably be hacked, potentially producing a direct threat to the person's life. He stated, "I can kill someone with my computer… The link between cyber and physical is here."

In the face of such warnings, subcommittee members repeatedly pressed the panelists for concrete recommendations for a national approach to securing the nation against cyber attacks, including cyber espionage not just against the federal government and the defense establishment but also ongoing theft of private sector information with direct economic value. Examples cited by the witnesses included data breach reform, both in terms of setting national standards and requiring private sector reporting; establishing and enforcing cybersecurity standards for critical infrastructure; providing incentives to foster "security by design" across technology and systems; and improved mapping of the cross-sector impacts of cyber attacks.