ATA FEB 2010–IC STATEMENT FOR THE RECORD
Far-Reaching Impact of the Cyber Threat
The national security of the United States, our economic prosperity, and the daily functioningof our government are dependent on a dynamic public and private information infrastructure,which includes telecommunications, computer networks and systems, and the informationresiding within. This critical infrastructure is severely threatened.This cyber domain is exponentially expanding our ability to create and share knowledge, butit is also enabling those who would steal, corrupt, harm or destroy the public and private assetsvital to our national interests. The recent intrusions reported by Google are a stark reminder of the importance of these cyber assets, and a wake-up call to those who have not taken thisproblem seriously. Companies who promptly report cyber intrusions to government authoritiesgreatly help us to understand and address the range of cyber threats that face us all.I am here today to stress that, acting independently, neither the US Government nor theprivate sector can fully control or protect the country’s information infrastructure. Yet, withincreased national attention and investment in cyber security initiatives, I am confident theUnited States can implement measures to mitigate this negative situation.
The Evolving Threat and Future Trends
The United States confronts a dangerous combination of known and unknown vulnerabilities,strong and rapidly expanding adversary capabilities, and a lack of comprehensive threatawareness. Malicious cyber activity is occurring on an unprecedented scale with extraordinarysophistication. While both the threats and technologies associated with cyberspace are dynamic,the existing balance in network technology favors malicious actors, and is likely to continue todo so for the foreseeable future. Sensitive information is stolen daily from both government andprivate sector networks, undermining confidence in our information systems, and in the veryinformation these systems were intended to convey. We often find persistent, unauthorized, andat times, unattributable presences on exploited networks, the hallmark of an unknown adversaryintending to do far more than merely demonstrate skill or mock a vulnerability. We cannot becertain that our cyberspace infrastructure will remain available and reliable during a time of crisis. Within this dynamic environment, we are confronting threats that are both more targetedand more serious. New cyber security approaches must continually be developed, tested, andimplemented to respond to new threat technologies and strategies.We face nation states, terrorist networks, organized criminal groups, individuals, and othercyber actors with varying combinations of access, technical sophistication and intent. Manyhave the capabilities to target elements of the US information infrastructure for intelligencecollection, intellectual property theft, or disruption. Terrorist groups and their sympathizers haveexpressed interest in using cyber means to target the United States and its citizens. Criminalelements continue to show growing sophistication in their technical capability and targeting.Today, cyber criminals operate a pervasive, mature on-line service economy in illicit cybercapabilities and services, which are available to anyone willing to pay. Globally, widespreadcyber-facilitated bank and credit card fraud has serious implications for economic and financial