|
Let
me begin by thanking the Subcommittee Chair, Mr. Stearns, for calling this
hearing on cyber security and for assembling such a distinguished panel of
witnesses. Let me also thank them, in advance, for their testimony.
Recent
events remind us how precious and essential security is – something many of us
previously had taken for granted. It is a basic component of our quality of
life.
Security
also is an essential component of sound and successful commerce – particularly
as it relates to the Internet and digital commerce. And I know that recent
events have also increased scrutiny – especially by the private sector – of
this increasingly important slice of the security umbrella.
The
Internet is becoming a larger part of American life and a necessary instrument
for American commerce. With more than 60% of Americans with access to the
Internet and a great majority of American business interconnected, a certain
level of Internet services are on the way to becoming ubiquitous.
The
success of Internet services and commerce depends directly on how security is
handled by the private sector. For
instance, how comfortable and confident consumers and businesses feel
with how information is protected, is
dependent on the level of security utilized by American business.
Unlike national security issues, which are the responsibility of the
Federal government, the structure of the Internet – primarily owned and run by
the private companies -- requires private sector innovation and leadership.
We
have seen the huge financial losses suffered by web viruses and worms.
We have witnessed the losses by denial of service attacks. Successful cyber attacks can cost companies by disrupting
service, exposing them to bad publicity, or manipulating or destroying sensitive
company data.
More
importantly, successful attacks not only threaten the attacked company and its
network but also the company’s suppliers, partners, and relationship with its
customers. It also effects the non-Internet-driven portion of the
company. In essence, attacks create
a certain domino effect, which sends economic harm cascading through businesses
and Americans’ lives.
In
my opinion, the vast majority of American companies are doing a great deal to
improve and maintain security in their networks and to ensure the security of
information and materials they have.
Even
so, there are certain security vulnerabilities in the nature of the Internet and
within the networks owned and operated by individual companies.
There are some weak points in the inherent architecture.
Networks of large American companies will always be targets of criminal
attacks, whether by small time hackers or sophisticated terrorists.
However,
nobody should take away from this hearing the notion that there is a perilous
state in the way companies protect their networks and information.
Their ability to create cutting-edge protections against ever-changing
threats is simply amazing.
While
more work must be done, much work has already been accomplished, just not spoken
about -- and understandably so. Companies are leery about highlighting how
secure their networks are for fear of inviting determined attackers.
I
hope that some of today’s panelists can speak to the work that their companies
are doing to improve the security of their and their clients’ networks.
I hope they can elaborate a bit on recognition of the relevant issues,
assessment testing, deploying necessary resources, and taking corrective
measures. Moreover, as security
becomes more of a necessity rather than cost-drag on industry, we need to know
whether there is a sufficient market developing for solutions and products to
improve the Internet security of all companies.
I
am also hopeful that this hearing will shed light on what vulnerabilities exist
today, what steps are being taken by the private sector to address these
vulnerabilities, and what role, if any, the federal government – specifically
the Congress – can play to promote increased awareness and action on these
issues.
|
