TMCnet News
Cybercrime: Updating the Computer Fraud and Abuse Act to Protect Cyberspace and Combat Emerging ThreatsSep 09, 2011 (Congressional Documents and Publications/ContentWorks via COMTEX) -- Mr. Chairman, thank you for holding today's hearing to discuss the emerging challenge of cybersecurity. Given the growth of the internet and our society's increased dependence on computer systems, this is a very important topic. Cyber criminals are no longer confined by the borders of their community, their state, or even their country. Cyberspace has allowed criminals to steal money, steal personal identities, and commit espionage without even leaving their home. Cyber criminals are now using the internet to conspire with other cyber criminals. They collaborate to install malicious software, commit network intrusions, and affect account takeovers. Cyber criminals also target the Point of Sale computers at restaurants and retailers in order to steal millions of credit card numbers, as they did to companies such as TJX, BJ's Wholesale Club, OfficeMax, Boston Market, and Sports Authority. Moreover, there are on-line criminal forums that traffic in stolen credit card numbers, such as the notorious CarderPlanet forum that traffic in stolen credit card numbers. Cyber criminals also continue to engage in phishing attacks, denial of service attacks, and web applications attacks. Cyber criminals are smart and they learn from their mistakes. They learn from evaluating other cyber-attacks and they learn from successful prosecutions of their peers. Cyber criminals design relentless new computer viruses, or malware, as they attempt to stay one step ahead of anti-virus programs. All of these attacks are serious and dangerous threats to our nation. However, I fear that the threats we haven't heard about or even thought about are likely to be even more dangerous and devastating. We must take these cyber-attacks seriously and ensure that our critical systems infrastructure is well protected from cyber criminals. Accordingly, the federal government must take every single breach of our computer systems or potential vulnerability seriously. For example, I have asked the Department of Defense Inspector General to properly investigate serious allegations that Department of Defense employees purchased child pornography online and were never adequately investigated by the Defense Criminal Investigative Service. These allegations include Defense Department employees possibly purchasing child pornography from their work computers. I remain deeply concerned that Defense Department employees who purchased child pornography continue to work in key positions and retain high level security clearances--putting the federal government and our military computer systems at risk for intrusion. I want to know what the Defense Department is doing to stop this sort of behavior, whether these individuals will be brought to justice, and whether government systems could be compromised because of this criminal behavior. Aside from this example, I generally support the effort the administration has undertaken to work toward a bi-partisan solution on cybersecurity. However, I have some concerns with parts of the administration's proposal. I also have serious reservations about how these sweeping policies will be implemented and how much they will add to an already large government bureaucracy. On top of these concerns, I also question the wisdom of the administration in some of the personnel appointments they have made to critical positions. For example, the administration recently hired an individual at the U.S. Cyber Command, an agency charged with securing our military's computer networks. I am concerned that the Obama administration seemingly failed to conduct an adequate background investigation of this individual's qualifications. If they had, I'm confident they would have easily seen that she played a role in the Clinton Administration's alleged loss of subpoenaed emails during an investigation of the 1996 presidential campaign, or that she allegedly paid a diploma mill thousands of dollars for a bachelors, masters and doctorate degree in computer science. Ensuring that our nation's most sensitive networks are safe from international cyber espionage should not be assigned to someone who obtained their degrees from a diploma mill. These types of personnel decisions weaken our ability to protect our nation from cyber-attack, essentially putting us at risk. Further, they raise questions about whether the administration is truly serious about protecting our nation's critical infrastructure and military computer systems. External threats continue to target our infrastructure, whether that is the financial services industry or the retail industry. According to a recent data breach study conducted by the U.S. Secret Service and Verizon, 92 percent of data breaches were from "external agents". I appreciate that the Secret Service continues to aggressively combat worldwide financial and computer cybercrimes. In 2010, the Secret Service arrested more than 1,200 suspects for cybercrime violations involving over $500 million in actual fraud loss and prevented another $7 billion in potential losses. I plan to ask the Secret Service and the Department of Justice witnesses how we can improve our protection of cyberspace. I am eager to understand how they are proactively engaging the emerging threat of cybercriminals. I also want to know more about why they feel they need new criminal laws, new bureaucracies, and thousands of pages of regulations that could hamper virtually all businesses--large or small--across the country. I look forward to hearing the testimony of the witnesses, and working with the Chairman and members of the committee on this important topic. Thank you. Read this original document at: http://grassley.senate.gov/news/Article.cfm?customel_dataPageID_1502=36843 |