As submitted for the record:
Good morning and welcome.
Cybersecurity is one of the most significant issues facing the country, as it affects every sector—from manufacturing to finance to government to energy. In July 2012, General Keith Alexander, then Director of the National Security Agency, stated that the loss of industrial information and intellectual property through cyber espionage constituted the “greatest transfer of wealth in history.” Of course, espionage is just one of the many cyber threats we face. Today’s hearing looks at the broad cybersecurity threat landscape, which can be broken down into four categories: criminal attacks, malicious attacks, industrial espionage, and cyber warfare.
The mission of this Committee is to enhance the economic and national security of America and promote more efficient, effective, and accountable government. Ensuring an effective cyber deterrence and response strategy is key to achieving this goal. Before we can begin to discuss solutions, we must first understand the threats and trends associated with these threats.
The potential negative consequences of cybersecurity threats have no limit. Recently, a cybercriminal scammed two leading American technology companies out of $100 million. Another spoofed incoming calls to 911 call centers and blocked emergency communications for hours. A popular television show was leaked prior to its release date after a ransom fee was not paid. And, an organized cyberattack on critical infrastructure facilities was linked to power outages in Ukraine.
Emerging trends include the rise of ransomware and botnets as easy-to-use tactics that offer big rewards for cybercriminals. Ransomware, which consists of malware that encrypts data until the user pays a fee, is becoming more profitable and popular, even among less-sophisticated criminals. Internet of Things devices have been used to block access to some of the world’s most popular website and can be compromised in a variety of cyber-attacks. Email is routinely used as a way to deceive users into opening the door for criminals to steal data and money.
Regardless of the motivations or identities of the attackers, cyber threats are real and growing. As a country, we must acknowledge and assess these threats and decide how to effectively respond.
I want to thank the witnesses for their thoughtful testimony, and I look forward to this important discussion.