Thank you all for coming and thank you, Mr. Chairman, for your leadership on the subject of computer security – a problem that everyone?s been alerted to since several popular commercial web-sites were disabled two weeks ago but that, as the Chairman noted, we on the Governmental Affairs Committee have been scrutinizing for several years now.
The cluttered, competitive and rapidly-changing environment we now live in was illustrated beautifully, I thought, by an advertisement I saw the other day in the style of a 1940s horror movie poster. The ad shows cars burning and buildings toppling while men and women flee in terror from “The Invasion of the Dots.” I don?t think there?s any question our economy and our culture have been invaded by “dot coms.” And I think we all agree it?s been a welcome invasion – even if it has happened at break-neck speeds that are sometimes hard to keep pace with.
But now, the environment has changed again, and the “dot coms” are under invasion. And while the invasion is not exactly welcome, it is a siren call to anyone who conducts business over the web. That goes for private commerce as well as government services. Whether this most recent band of hackers are restless teenagers or self-appointed security storm troops, their handiwork should herald a new era of the computer age: An era in which electronic information must be ironclad if we are to reap the full benefits of quick, universally accessible communication that the Internet affords.
The good news is that web security is not a difficult proposition. Indeed, it is readily attainable. The software exists to prevent the kinds of breaches we have seen in recent months. It is simply a question of getting companies to install and update their security, before they turn to more profitable ventures. In the New York Times last week, David Freedman, a senior editor at Forbes ASAP, explained why entrepreneurs are reluctant to move in this direction. “Enacting security fixes often slows performance,” he wrote, “causes breaks in service, or limits what a site can do, and because the fixes are often expensive, (they) funnel money away from improvements that can provide more visible payoffs.” – i.e. immediate market share.
At this stage, government will not force companies to take better security precautions. Those are business decisions individual companies must make on their own. In fact, the less government interferes with the Net – and the freedom of expression it has spawned – the better. But, government can be an example. Regretfully, we have been a woefully poor example, so far. That?s why Chairman Thompson and I introduced the Government Information Security Act last year – to shore up a management structure to implement computer security on systems throughout government. The President has also proposed a number of innovative ideas to help the government catch up technologically
There simply is no dispute that we need better security plans at every single agency, better detection and reporting of unauthorized intrusions, perhaps more sophisticated technology to prevent intrusions and, most certainly, more people trained to operate these complex computer matrixes. The ultimate goal of our bill is to protect the integrity, confidentiality and availability of all government information – from wage and tax information the government maintains on all working Americans, to air traffic control patterns, to NASA missions and weapons deployment. And I should think that after the recent news events, that goal is more critical than ever.
Last year, government and industry cooperated successfully to defuse the Y2K problem. We?re going to have to forge those industry ties again to ensure that the freedom of expression which is the essence of the Internet is guaranteed by the freedom of operation.