Government Experts Confirm Nation's Critical Infrastructure Vulnerable to Cyber Threats

July 26, 2011

WASHINGTON, DC - The House Energy and Commerce Subcommittee on Oversight and Investigations today launched the first of a series of hearings to examine current cyber threats and vulnerabilities to our nation's infrastructure. The hearing entitled, "Cybersecurity: An Overview of Risks to Critical Infrastructure" heard testimony from government experts on the Department of Homeland Security's role and ability to protect government and private networks.  In February 2011, the Director of National Intelligence noted that there has been a dramatic increase in cyber activity targeting U.S. computers and systems in the last year, including more than tripling of the volume of malicious software since 2009. Today's testimony from DHS officials comes just days after the administration's top cyber chief, the director of the U.S. Computer Emergency Readiness Team, abruptly resigned.

Roberta Stempfley, Acting Assistant Secretary of DHS' Office of Cyber Security and Communications told the subcommittee, "The United States faces a combination of known and unknown vulnerabilities, strong and rapidly expanding adversary capabilities, and a lack of comprehensive threat and vulnerability awareness.  Within this dynamic environment, we are confronted with threats that are more targeted, more sophisticated, and more serious. Sensitive information is routinely stolen from both government and private sector networks, undermining confidence in our information systems and the sharing of information.  As bad as the loss of precious national intellectual capital is, we increasingly face threats that are even greater.  We face threats that could significantly compromise the accessibility and reliability of our information infrastructure."  

Gregory Wilshusen, Director of Information Security Issues for the Government Accountability Office, testified on our infrastructure vulnerabilities, stating, "The threats to information systems are evolving and growing, and systems supporting our nation's critical infrastructure are not sufficiently protected to consistently thwart the threats.  While actions have been taken, the administration and executive branch agencies need to address the challenges in this area to improve our nation's cybersecurity posture, including enhancing cyber analysis and warning capabilities and strengthening the public-private partnerships for securing cyber-critical infrastructure. Until these actions are taken, our nation's cyber critical infrastructure will remain vulnerable."

Oversight and Investigations Subcommittee Chairman Cliff Stearns (R-FL) also expressed concerns, stating, "Since September 11, our infrastructure systems have become even more automated and more reliant on information systems and computer networks to operate. This has allowed our systems to become more efficient, but it has also opened the door to cyber threats and cyber attacks. Our systems are interconnected and depend on one another to operate.  A vulnerability in one critical infrastructure naturally exposes other critical infrastructures to the same threats and risks, either because they are linked together through information systems or because one infrastructure depends on another to operate."

Recent reports have underscored how threats and risks to cybersecurity have created vulnerabilities in our nation's critical infrastructures and information systems. Just last week, the Department of Homeland Security sent out a bulletin about potential insider threats to utilities.  That bulletin also detailed efforts to infiltrate and obtain information about the utility's infrastructure to use in coordinating and conducting a cyber attack.  In March 2011, the computer systems of RSA were breached.  RSA manufactures tokens for secure access to computer networks. Sensitive information about these tokens was stolen, and later used to hack into the network of Lockheed Martin, a Department of Defense contractor.

Preserving our nation's cybersecurity is of critical importance to full committee Chairman Fred Upton (R-MI) who stated, "Protecting critical infrastructure is a complicated issue. We are talking about facilities and frameworks owned by private companies, and by federal, state, and local governments. They are interconnected - electricity powers water systems that cool nuclear reactors, for example.  They are vulnerable to threats from a number of different sources, including nationstates, criminals, and hackers.

###