S. Hrg. 107–205 HOW SECURE IS OUR CRITICAL INFRASTRUCTURE? HEARING BEFORE THE COMMITTEE ON GOVERNMENTAL AFFAIRS UNITED STATES SENATE ONE HUNDRED SEVENTH CONGRESS FIRST SESSION SEPTEMBER 12, 2001 Printed for the use of the Committee on Governmental Affairs ( U.S. GOVERNMENT PRINTING OFFICE 76–799 PDF WASHINGTON : 2002 For sale by the Superintendent of Documents, U.S. Government Printing Office Internet: bookstore.gpo.gov Phone: toll free (866) 512–1800; DC area (202) 512–1800 Fax: (202) 512–2250 Mail: Stop SSOP, Washington, DC 20402–0001 VerDate 11-MAY-2000 09:07 Aug 06, 2002 Jkt 000000 PO 00000 Frm 00001 Fmt 5011 Sfmt 5011 76799.TXT SAFFAIRS PsN: SAFFAIRS COMMITTEE ON GOVERNMENTAL AFFAIRS JOSEPH I. LIEBERMAN, Connecticut, Chairman CARL LEVIN, Michigan FRED THOMPSON, Tennessee DANIEL K. AKAKA, Hawaii TED STEVENS, Alaska RICHARD J. DURBIN, Illinois SUSAN M. COLLINS, Maine ROBERT G. TORRICELLI, New Jersey GEORGE V. VOINOVICH, Ohio MAX CLELAND, Georgia PETE V. DOMENICI, New Mexico THOMAS R. CARPER, Delaware THAD COCHRAN, Mississippi JEAN CARNAHAN, Missouri ROBERT F. BENNETT, Utah MARK DAYTON, Minnesota JIM BUNNING, Kentucky JOYCE A. RECHTSCHAFFEN, Staff Director and Counsel JINNETT RONA-FINLEY, Detailee, CIA KIERSTEN TODT COON, Congressional Fellow for Senator Lieberman HANNAH S. SISTARE, Minority Staff Director and Counsel ELLEN B. BROWN, Minority Senior Counsel ROBERT J. SHEA, Minority Counsel MORGAN P. MUCHNICK, Minority Professional Staff Member DARLA D. CASSELL, Chief Clerk (II) VerDate 11-MAY-2000 09:07 Aug 06, 2002 Jkt 000000 PO 00000 Frm 00002 Fmt 5904 Sfmt 5904 76799.TXT SAFFAIRS PsN: SAFFAIRS C O N T E N T S Opening statements: Page Senator Lieberman ........................................................................................... 1 Senator Thompson ............................................................................................ 3 Senator Levin .................................................................................................... 5 Senator Bennett ................................................................................................ 6 Senator Dayton ................................................................................................. 7 Senator Bunning ............................................................................................... 8 Senator Carper ................................................................................................. 26 WITNESSES WEDNESDAY, SEPTEMBER 12, 2001 Hon. Roberta L. Gross, Inspector General, National Aeronautics and Space Administration ..................................................................................................... 9 Joel C. Willemssen, Managing Director, Information Technology Issues, U.S. General Accounting Office ................................................................................... 11 ALPHABETICAL LIST OF WITNESSES Gross, Hon. Roberta L.: Testimony .......................................................................................................... 9 Prepared statement .......................................................................................... 33 Willemssen, Joel C.: Testimony .......................................................................................................... 11 Prepared statement .......................................................................................... 43 APPENDIX Christopher Darby, CEO, @stake, Inc., Peiter Zatko, Chief Scientist and VP of Research and Development, @stake, Inc., and Chris Wysopal, Director of Research and Development, @stake, Inc., prepared statement ................... 77 Chart: Critical Infrastructure Protection Organization, September 2000 (sub- mitted by Senator Bennett) ................................................................................. 78 ‘‘Critical Infrastructure Protection: Significant Challenges in Protecting Fed- eral Systems and Developing Analysis and Warning Capabilities, GAO Highlights, September 2001 ................................................................................ 87 (III) VerDate 11-MAY-2000 09:07 Aug 06, 2002 Jkt 000000 PO 00000 Frm 00003 Fmt 5904 Sfmt 5904 76799.TXT SAFFAIRS PsN: SAFFAIRS VerDate 11-MAY-2000 09:07 Aug 06, 2002 Jkt 000000 PO 00000 Frm 00004 Fmt 5904 Sfmt 5904 76799.TXT SAFFAIRS PsN: SAFFAIRS HOW SECURE IS OUR CRITICAL INFRASTRUCTURE? WEDNESDAY, SEPTEMBER 12, 2001 U.S. SENATE, COMMITTEE ON GOVERNMENTAL AFFAIRS, Washington, DC. The Committee met, pursuant to notice, at 11:06 a.m., in room SH–216, Hart Senate Office Building, Hon. Joseph I. Lieberman, Chairman of the Committee, presiding. Present: Senators Lieberman, Thompson, Levin, Bennett, Day- ton, Bunning, and Carper. OPENING STATEMENT OF CHAIRMAN LIEBERMAN Chairman LIEBERMAN. Good morning. This morning, the Senate Governmental Affairs Committee will proceed with its previously scheduled hearing—the first in what we expect to be a series of hearings and investigations on a problem that is today even more important to us than before—the security of our critical infrastruc- ture and the vulnerability of our homeland to unconventional enemy attack. The attacks yesterday struck many individual families and the broader American family. I pause for a moment here at the outset of this hearing to indicate that it also struck the family of the Sen- ate Governmental Affairs Committee. Barbara Olson, who was killed on one of the planes yesterday, had served as an assistant to Senator Nickles for some period of time in his work on this Com- mittee. On behalf of the entire Committee, I extend my condolences to her husband and her family and want them to know that they are in our prayers. Today, we do consider critical infrastructure to be a vast array of elements that form the backbone of America. The critical infra- structure is, in essence, our Nation’s skeleton, the framework underlying our well-being and our freedom. It includes tele- communications systems, air traffic control systems, electricity grids, emergency and law enforcement services, water supplies, fi- nancial networks, and energy pipelines. Today, our hearts and minds are naturally focused on yesterday’s tragedy, but it is important that the Senate continue with Amer- ica’s business, particularly as it affects America’s security. Thus, we are holding this hearing as originally planned, with the same focus that we had intended, which is to explore the extent to which our critical infrastructure is vulnerable, particularly to manipula- tions and attacks from cyberspace, the consequences of that vulner- ability and what the government is doing and must do to reduce (1) VerDate 11-MAY-2000 09:07 Aug 06, 2002 Jkt 000000 PO 00000 Frm 00005 Fmt 6633 Sfmt 6633 76799.TXT SAFFAIRS PsN: SAFFAIRS 2 that vulnerability. For as we saw tragically yesterday, our enemies will increasingly strike this mighty Nation at places where they be- lieve we are not only dependent but we are unguarded. And that is surely true of our cyberspace infrastructure today. More and more we find that everything in our lives is being oper- ated by a computer system, from Wall Street to Main Street. Where once our economy was dependent primarily on the move- ment of goods and services by road or rail, the products and serv- ices of our new economy are now just as likely to travel via the Internet as they are to move on an interstate. While it has never been easy to protect all of our critical infra- structure from conventional attacks—and, of course, they have hap- pened only rarely in our history here at home—it has become even more difficult now to safeguard our Nation from cyber attacks, which can be launched by any sophisticated computer user located anywhere in the world, let alone by a network of terrorist organiza- tions or a hostile power. Yesterday’s tragedies open a new era for our security infrastruc- ture and for our critical infrastructure here at home. Therefore, we must now have an expanded notion of precisely what is important to our national security, and that more expanded notion must en- compass much of our critical infrastructure. Thus, we must be pre- pared to defend ourselves against threats from foreign armies, but also to defend ourselves against threats from sophisticated oppo- nents who will use both conventional and cyber weapons to destroy or disrupt sectors critical to our Nation’s functioning. And, they will attack, as they did yesterday, here at home. Yesterday’s attacks demonstrate how an organized, coordinated effort can be devastating to our Nation. But make no mistake about it. Those attacks were aimed at destroying buildings, killing people, and breaking our confidence in the same way future attacks can and probably will be aimed at paralyzing our financial mar- kets, our utilities, our transportation systems, and other core as- pects of our critical infrastructure that are dependent on computer networks. Today, individuals or terrorists or nations with no chance of suc- cess against America on the battlefield can pose just as significant a threat to our society from the isolation of their homes or offices or terrorist camps. The nature of our critical infrastructure has changed that much in the information age. And while it has clearly enriched our lives, it has simultaneously left us much more dependent and more vul- nerable to attacks by insidious forces. So examining the vulnerability of our critical infrastructure is the focus of this hearing, but it is not an issue new to this Com- mittee. Two Congresses ago, we held
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages91 Page
-
File Size-