|
Thank you, Mr.
Chairman, and I want to echo your comments regarding the need for all Federal
agencies to start devoting the attention and resources necessary to secure their
computer systems from attacks or misuse. The government must do more to protect
the sensitive personal, financial, proprietary and national security-related
data on its systems.
I also want to
stress how valuable the work of this Subcommittee has been in moving the ball
forward on these issues. There should be little doubt in anyone’s mind that,
absent the aggressive oversight of this Subcommittee, agencies such as EPA, DOE,
HCFA (now known as CMS) and others would not have taken many of the actions that
they recently have taken to improve the security of their sensitive data and
systems. While none of them are yet perfected, and none will likely ever be
perfected due to rapidly changing technology, keeping the pressure and the focus
on these issues is critically important to our nation and to its citizens.
As for the Commerce
Department – which is the focus of our hearing today – the GAO and Inspector
General audit findings are alarming. Ethical hackers from GAO and the Inspector
General’s office were able to have their way with the Department’s various
computer systems -- violating the integrity of the Department’s computer
networks virtually at will.
While these findings
are quite troubling, they don’t surprise me at all, based on the Committee’s
work at other agencies. When an Administration, such as the Clinton
Administration, devotes so little attention and resources to a particular
matter, we shouldn’t be surprised to find that such problems are so pervasive.
It is clear to me that, despite what the former President might have said
about the importance of computer security, his Administration failed to take actions
to make the protection of our nation’s critical cyber assets a true priority.
That is why I am so
pleased to see that the new Secretary of Commerce is taking a different
approach. He’s instituted a new management structure – with increased
authority, responsibility, and accountability for the Department’s information
officers. He’s allocated more resources to these security functions at the
Department level. And, probably most importantly, the Secretary has made clear
to his Under Secretaries that they will make computer security a priority
as an integral part of their programmatic missions, and will allocate additional
resources as necessary to get the job done.
In this vein, we are
pleased to have the newly-confirmed Deputy Secretary of the Department here
today to testify, signaling the importance of this topic to the Secretary and
the level at which these issues are now being handled within the Department.
Let me finish just
by emphasizing that good computer security is not a simple fix. While it takes
consistent and sustained leadership, particularly in the beginning, effective
long-term information security programs require the implementation of sound
processes and policies that can carry on absent, or despite of, particular
personalities. I hope the Commerce Department, and all Federal agencies, keep
this principle in mind as they take these long-overdue steps to improve the
security of the sensitive data which the American people have entrusted them to
protect.
I thank the
Chairman, and yield back the balance of my time.
|
