This PDF is the testimony of Gregory T. Nojeim before the Senate Committee on the Judiciary, Subcommittee on Terrorism and Homeland Security on "Cybersecurity: Preventing Terrorist Attacks and Protecting Privacy in Cyberspace."
It is clear that the United States faces significant cybersecurity threats from state actors, from private actors motivated by financial greed, and from terrorists. Just last week, the news magazine 60 Minutes brought the cybersecurity threat into Americans’ living rooms, reporting that cyber thieves had stolen millions of dollars from banks and key secrets from the government. Earlier this year, the Wall Street Journal reported that computer hackers had penetrated systems containing designs for a new Air Force fighter jet and had stolen massive amounts of information. U.S. intelligence agencies, which have developed capabilities to launch cyber attacks on adversaries’ information systems, have sounded alarms about what a determined adversary could do to critical information systems in the U.S.
It is also clear that the government’s response to this threat has been woefully inadequate. While we welcome the leadership of Secretary Napolitano and Deputy Undersecretary Reitinger, the Department of Homeland Security has been repeatedly criticized4 for failing to develop plans for securing key resources and critical infrastructure, as required in the Homeland Security Act of 2002. President Obama’s national security and homeland security advisors completed a cyberspace policy blueprint on April 17, making many useful recommendations, but implementation of those measures has been slowed by the Administration’s failure to appoint the cybersecurity official in the White House who could drive policy development and coordinate implementation of a government‐wide plan.
The Subcommittee can play an important role in addressing some of the gaps in cybersecurity policy.