Critical Information Infrastructure Protection: the Threat Is Real Hearing
Total Page:16
File Type:pdf, Size:1020Kb
S. HRG. 106±858 CRITICAL INFORMATION INFRASTRUCTURE PROTECTION: THE THREAT IS REAL HEARING BEFORE THE SUBCOMMITTEE ON TECHNOLOGY, TERRORISM, AND GOVERNMENT INFORMATION OF THE COMMITTEE ON THE JUDICIARY UNITED STATES SENATE ONE HUNDRED SIXTH CONGRESS FIRST SESSION ON EXAMINING THE PROTECTION EFFORTS BEING MADE AGAINST FOR- EIGN-BASED THREATS TO UNITED STATES CRITICAL COMPUTER IN- FRASTRUCTURE OCTOBER 6, 1999 Serial No. J±106±53 Printed for the use of the Committee on the Judiciary ( U.S. GOVERNMENT PRINTING OFFICE 68±563 WASHINGTON : 2001 VerDate 11-MAY-2000 09:42 Jan 26, 2001 Jkt 000000 PO 00000 Frm 00001 Fmt 5011 Sfmt 5011 OCT6.TXT SJUD2 PsN: SJUD2 COMMITTEE ON THE JUDICIARY ORRIN G. HATCH, Utah, Chairman STROM THURMOND, South Carolina PATRICK J. LEAHY, Vermont CHARLES E. GRASSLEY, Iowa EDWARD M. KENNEDY, Massachusetts ARLEN SPECTER, Pennsylvania JOSEPH R. BIDEN, JR., Delaware JON KYL, Arizona HERBERT KOHL, Wisconsin MIKE DEWINE, Ohio DIANNE FEINSTEIN, California JOHN ASHCROFT, Missouri RUSSELL D. FEINGOLD, Wisconsin SPENCER ABRAHAM, Michigan ROBERT G. TORRICELLI, New Jersey JEFF SESSIONS, Alabama CHARLES E. SCHUMER, New York BOB SMITH, New Hampshire MANUS COONEY, Chief Counsel and Staff Director BRUCE A. COHEN, Minority Chief Counsel SUBCOMMITTEE ON TECHNOLOGY, TERRORISM, AND GOVERNMENT INFORMATION JON KYL, Arizona, Chairman ORRIN G. HATCH, Utah DIANNE FEINSTEIN, California CHARLES E. GRASSLEY, Iowa JOSEPH R. BIDEN, JR., Delaware MIKE DEWINE, Ohio HERBERT KOHL, Wisconsin STEPHEN HIGGINS, Chief Counsel and Staff Director NEIL QUINTER, Minority Chief Counsel and Staff Director (II) VerDate 11-MAY-2000 09:42 Jan 26, 2001 Jkt 000000 PO 00000 Frm 00002 Fmt 0486 Sfmt 0486 OCT6.TXT SJUD2 PsN: SJUD2 C O N T E N T S STATEMENTS OF COMMITTEE MEMBERS Page Kyl, Hon. Jon, U.S. Senator from the State of Arizona ........................................ 1 Feinstein, Hon. Dianne, U.S. Senator from the State of California .................... 4 CHRONOLOGICAL LIST OF WITNESSES Statement of Hon. Robert F. Bennett, a U.S. Senator From the State of Utah ...................................................................................................................... 5 Panel consisting of John S. Tritak, director, Critical Infrastructure Assurance, Office, Washington, DC; and Michael A. Vatis, director, National Infrastruc- ture Protection Center, Washington, DC ........................................................... 6 Statement of Jack L. Brock, Jr., director, Government-Wide and Defense Information Systems, Accounting and Information Management Division, U.S. General Accounting Office, Washington, DC; accompanied by Jean L. Boltz .................................................................................................................. 35 Prepared statement of Richard C. Schaeffer, Jr., director, Infrastructure and Information Assurance Office of the Assistant Secretary of Defense .............. 56 ALPHABETICAL LIST AND MATERIAL SUBMITTED Bennett, Hon. Robert F.: Testimony ...................................................................... 5 Brock, Jack L., Jr.: Testimony .......................................................................................................... 35 Prepared statement .......................................................................................... 44 Schaeffer, Richard C., Jr.: Prepared statement .................................................... 56 Tritak, John S.: Testimony .......................................................................................................... 6 Prepared statement .......................................................................................... 9 Vatis, Michael A.: Testimony .......................................................................................................... 14 Prepared statement .......................................................................................... 18 (III) VerDate 11-MAY-2000 09:42 Jan 26, 2001 Jkt 000000 PO 00000 Frm 00003 Fmt 5904 Sfmt 5904 OCT6.TXT SJUD2 PsN: SJUD2 VerDate 11-MAY-2000 09:42 Jan 26, 2001 Jkt 000000 PO 00000 Frm 00004 Fmt 5904 Sfmt 5904 OCT6.TXT SJUD2 PsN: SJUD2 CRITICAL INFORMATION INFRASTRUCTURE PROTECTION: THE THREAT IS REAL WEDNESDAY, OCTOBER 6, 1999 U.S. SENATE, SUBCOMMITTEE ON TECHNOLOGY, TERRORISM, AND GOVERNMENT INFORMATION, COMMITTEE ON THE JUDICIARY, Washington, DC. The committee met, pursuant to notice, at 10:01 a.m., in room SD±226, Dirksen Senate Office Building, Hon. Jon Kyl (chairman of the subcommittee) presiding. Also present: Senators Feinstein, and Bennett (ex officio). OPENING STATEMENT OF HON. JON KYL, A U.S. SENATOR FROM THE STATE OF ARIZONA Senator KYL. The hearing before the Senate Judiciary Commit- tee, Subcommittee on Technology, Terrorism, and Government In- formation will please come to order. Today's hearing is on the subject of the critical information infra- structure and protection of the infrastructure and the threat there- to. Our panelists this morning, we will have two panels, and on the first panel, we have Mr. John S. Tritak, who is Director of the Crit- ical Information Assurance Office in Washington, and Mr. Michael Vatis, the Director of the National Infrastructure Protection Center here. The second panel will be Mr. Jack Brock, Director of Informa- tion Management Issues at the General Accounting Office. I appre- ciate the attendance of the witnesses here. I am informed that other members of the subcommittee will be arriving, but in view of the schedules of everyone concerned, I am going to begin the hearing right on time and we will move forward from there. Let me first of all make a brief opening statement and then call upon our two witnesses to make an opening statement, after which we will have a series of questions. At our hearing today, we are going to examine a growing public policy concern, the threat of hostile attack on our Nation's critical information infrastructure and the adequacy of the Federal Gov- ernment's response to this threat. This is the fourth public hearing that our subcommittee has held on the topic in the last 2 years, and given the importance of the subject, it will not be our last. The President's top advisors recently issued a report on preserv- ing America's privacy and security in cyberspace. As the report points out, the enormous success the United States has enjoyed over the past century was due in part to the ability of our Nation (1) VerDate 11-MAY-2000 09:42 Jan 26, 2001 Jkt 000000 PO 00000 Frm 00005 Fmt 6633 Sfmt 6633 OCT6.TXT SJUD2 PsN: SJUD2 2 and its leaders to deal with the latest technological trends in a way that enhanced the security and prosperity of successive generations of Americans. At critical junctures in our history, wise government policies with regard to innovative technology have resulted in un- precedented success. During the industrial age, the arrival of World War II signaled an urgent need for increased production and scientific advances. The success of America's war effort in defeating fascism rested largely on the strength of our industrial might and the successful collaboration between our government and industry. We not only protected America's security, but also vaulted the U.S. economy to unprecedented heights in the post-war period. Today, the industrial age has become the information age and computers facilitate the instant exchange of vast amounts of data and ideas. Who would have predicted just a few decades ago that a small Defense Department research effort would result in the creation of the Internet and revolutionize our society. As we approach the dawn of the new millennium, America again faces a time of pivotal change. Information technology presents both an opportunity and a threat to our society, which is increas- ingly dependent upon computers and communications equipment, what we call our critical information infrastructure. As most Amer- icans have learned recently, with the preparations for Y2K to make sure there are no major disruptions in services, virtually every key service is dependent upon computers, from electric power grids, to phone systems, to air traffic control, water and sewer service, medi- cal devices, banking, and the list goes on and on. Unfortunately, very few of these critical computer networks were designed with good security measures. The changes in our society also must be viewed in context with America's changing geopolitical role in the post-Cold War world. The United States is the world's only superpower and our armed forces enjoy technological superiority on the battlefield. Nations and terrorist groups that are hostile to our interests are increas- ingly choosing not to confront our strengths directly, that is, by try- ing to field fleets of advanced fighter planes or ships on par with ours, but rather are seeking to exploit our vulnerabilities, looking hard for an Achilles heel. According to the National Security Agency, over 100 countries are working on information warfare techniques. One recent case il- lustrates the danger of this threat. According to Newsweek maga- zine, computer systems at the Defense and Energy Departments have been the subject of a sustained computer hacking effort from Russia. These attacks have resulted in the loss of vast quantities of data, possibly including classified naval codes and information on missile guidance systems. These computer attacks have reportedly been very subtle. For ex- ample, the London Sunday Times interviewed an engineer at the Space and Naval Warfare Systems Command in