Keynote Address to Texas Infrastructure Protection Symposium
By: Congressman Lamar Smith
Thank you for that introduction President Romo, and thank you for inviting me to speak today.
I'm glad to be with such a distinguished group of people. Your work, expertise, and dedication have never been more appreciated by the American people as they have been in the past three years. You are working to save lives every day.
For those Americans who are not law enforcement or public safety professionals, critical infrastructure was one of those issues that we didn't think much about. We took it for granted. Until September 11th, 2001.
We can define "critical infrastructure" as organizations and structures so vital to our defense and economic health that they cannot be incapacitated or destroyed. This includes, but is not limited to, telecommunications, electrical power systems, gas and oil storage, transportation, banking, chemical plants, ports, water supply systems, emergency response teams, and continuity of government.
The federal government has created thirteen Information Sharing and Analysis Centers or ISACs to ensure there is public-private co-operation involving critical infrastructure.
Obviously, the number of American targets for Osama bin Laden and his like-minded fanatics to choose from is high.
Terrorists are not arbitrary in selecting their targets, and we cannot be arbitrary in protecting our nation. President Bush said it best in his State of the Union Address: "Terrorists only need to be right once; we need to be right every single time."
I'm a member of the Select Committee on Homeland Security and the Judiciary Committee, and in June, both committees approved The Faster and Smarter Funding for First Responders Act. It authorizes more than $3 billion annually to aid first responders with improved planning, equipment, training, and exercises. I expect the bill to be considered on the House floor this fall.
Funds from this legislation can strengthen terrorism preparedness exercises. Scenario-based training is essential for the future success of our counter-terrorism programs because the threat is often invisible, with complacency a friend of our enemies.
We need to remind ourselves and the American people - through the training many in this room are dedicated to - that the threat we face is real, enduring, and deadly.
UTSA's Center for Infrastructure Assurance and Security has increasingly played a national role, with Community Infrastructure Assurance Exercises conducted in various sectors and locations around the country.
In April, CIAS planned and presented a well-received two-day exercise in St. Petersburg Florida for the Financial Services Information Sharing and Analysis Center. During these two days, they engaged in real-life responses to simulated attacks on their infrastructure. A similar exercise was conducted with the Oil and Gas sector in Houston earlier this year.
Since 2001, $23 billion has been made available to state and local governments to enhance their ability to prevent, prepare for, and respond to terrorist attacks. This year President Bush requested another $5.5 billion from Congress.
Unfortunately, our first responder programs have been slow to improve homeland security because they are not risk-based, do not fund measurable goals and face administrative obstacles.
Due to these problems, between $8 billion and $9 billion remains in the pipeline. This funding bottleneck clearly indicates that first responder dollars are not reaching the men and women on the front lines - men and women here today - fast enough.
First responder grants are distributed to states based on a formula in the USA PATRIOT Act that makes little sense.
The formula guarantees each state - regardless of risk or need - .75 percent of the $2 billion available. The remaining funds are provided based solely on population.
What that means is 40% of first responder aid is tied up in payments to each of the 50 states without regard to need or risk.
In some cases, state and local governments have not requested assistance because they don't believe they are vulnerable. A Tennessee town used $30,000 in first responder money for a defibrillator. Yes, a defibrillator is equipment first responders must have to save lives. But the town mayor said it was needed for a basketball tournament.
A North Carolina county spent $44,000 on a new state-of-the-art mobile "decontamination trailer" complete with warm showers. It is highly unlikely the trailer will ever be used. The county's emergency services director admitted, "I'm not preparing for Osama because I'm not sure he's coming."
This broken formula has had consequences for Texas. In federal funding per capita for first responders our state ranks fiftieth of the fifty states.
We are slightly ahead of that other small state, California. Wyoming, the least populated state, leads the nation. Needless to say, I am committed to correcting this major first responder formula flaw.
As the first responder legislation advances, I intend to remind my Congressional colleagues about the facts concerning our state.
We have three of the top ten most populous cities in the country: San Antonio, Houston and Dallas.
We have a 1,200 mile porous border with Mexico. We have 14 maritime ports, and an airport - DFW - that is bigger than New York City's Manhattan Island.
The Faster and Smarter Funding for First Responders Act creates a First Responder Grant Board, which will evaluate grant applications based on the threat, vulnerability, and consequences of a terrorist attack. It also:
o Provides assistance to first responders serving where the risk is greatest;
o Determines the essential capabilities communities need to prepare for terrorism;
o Emphasizes an advance planning process to reduce administrative bottlenecks; and
o Encourages regional co-operation and mutual aid agreements through regional applications.
Regional co-operation, in particular, is one area where we must improve our homeland preparedness.
Currently, there is no grant program that allows inter-state or intra-state regions to work together to address their shared needs and prepare for terrorist events by applying directly for DHS grants.
For example, if a dirty bomb was detonated in Washington, D.C., the effects would reach Maryland, Virginia, and Delaware.
Yet, under current programs, this region files four separate plans and four separate applications, with no mechanism to ensure coordination or avoid costly duplications.
The serious flaws in our first responder funding did not go unnoticed by the 9-11 Commission. I'd like to quote from it:
"Recommendation: Homeland security assistance should be based strictly on an assessment of risks and vulnerabilities . . . We understand the contention that every state and city needs to have some minimum infrastructure for emergency response. But federal homeland security assistance should not remain a program for general revenue sharing. It should supplement state and local resources based on the risks or vulnerabilities that merit additional support."
Every discussion of our risks and vulnerabilities must focus on cyber security. It's no secret that San Antonio has carved out a dominant share of the market in the cyber security field. Many of our firms have had growth rates of 200 and 300 percent since the late 1990's. And with the Air Intelligence Agency located at Lackland Air Force Base, we continue to produce exceptionally talented, capable and well-trained cyber security experts.
Cyber crime takes many forms, such as child pornography, piracy, fraud, computer security breaches and extortion. It has the potential use for both attacks and effective defenses.
Congress has addressed how we defend against cyber crime with anti-terrorism legislation. President Bush created a new Office of Cyberspace Security in the White House. In January 2003, the Administration published the National Strategy to Secure Cyberspace to provide guidelines that encourage the private sector to protect its own networks.
These are good measures that will help us promote greater vigilance. As long as there is technology, cyber crime will exist and we must be prepared to counter it.
Before September 11 our national security strategies involved troop levels, conventional weaponry, physical headquarters and a military chain-of-command.
But wars in the Information Age will be fought - and won - by cyber-space soldiers who do not require a rifle, grenade or MRE.
Changing times mean changing crimes. The mouse and keypad have the potential to be just as lethal as the bomb and bullet.
The cyber attack threat and our efforts to prevent and reduce it carry a tremendous sense of urgency.
Computer networks are increasingly susceptible to hackers, intruders and other cyber criminals. These attacks are becoming more frequent and more severe. Today, 51% originate in the United States, which far outpaces the rest of the world. And what makes them so alarming is that we do not know if the attacker is a teenager in Texas or an al Qaeda operative in Iraq at the time of an attack.
These criminals are very sophisticated in detecting flaws in software. Many organizations can have their new security networks debilitated as soon as they go online.
According to a recent survey, 64% of new attacks have targeted systems less than a year old.
In a cyber war, terrorists have the capability to hijack not just airplanes, but airports. They can hold hostage not just a few individuals, but millions. And they might manipulate the electronic infrastructures of major cities and even countries.
Today, terrorist groups are determined to disrupt our communications to increase the death toll as well as the psychological impact it would have on Americans who suddenly could not speak to one another.
This "distributed denial of service" attack can shut down the e-mail and Internet servers of the Federal Emergency Management Agency, the Red Cross, the Federal Bureau of Investigation, and the local police and fire departments.
In order to do so, terrorists hack into a large number of computers that have poor security. These computers - called "zombies" - are in small businesses, universities, and homes.
Hackers install a Zombie programmed to dial targeted emergency response systems over and over again with nonsense data. This cyber bombardment can paralyze our emergency response systems and prevent aid to people caught in life threatening situations.
It is not an exaggeration to describe this nightmare scenario as an electronic Pearl Harbor.
Cyber attacks launched by a small group of people also can devastate us financially. It is conceivable that a few individuals working together could disable millions computers at a cost of hundreds of millions to the U.S. economy. Such an operation only requires mainframes and databases, obtained by satellites and fiber optics, with the invaders themselves thousands of miles from our shores.
I want to commend CIAS for creating a "Cyber First Responder" program that helps everyone from home computer users to large corporations with training, tools, and materials to protect our information systems here in the United States.
The Homeland Security Committee is working to pass its first ever authorization legislation that improves the operations of the Department of Homeland Security. We officially define "cyber security" as the "prevention of damage to and the protection of . . . electronic communications systems . . . to ensure its availability, integrity, authentication, and confidentiality."
The legislation also elevates the cyber security mission in the Homeland Security Department to Assistant Secretary status. A new Assistant Secretary will have the ability to coordinate cyber security threats with critical infrastructure elements. This is a common sense reform since 85 percent of our critical infrastructure is owned by the private sector.
While the private sector, Congress, and the Bush administration are prepared for a cyber attack on a massive scale, we should understand that almost every cyber security defense can be penetrated. The challenge is how we manage these breaches.
There are no magical counter-measures against crime when we are walking down the street or in our homes, yet we are all reasonably safe, nevertheless.
We need to bring that same thinking to the Internet. Worms, viruses and Trojan horses will always be a cyber scourge that range from the mischievous to the malicious. Yet our networks are, to a large extent, secure.
When I chaired the Judiciary Subcommittee on Crime, Terrorism and Homeland Security, we approved cyber security legislation that is now a part of the Homeland Security Act. While the penalties and measures in the Act are strong, we should always be aware of the reality that people who intentionally crash airplanes into buildings don't care about those penalties. They are not a deterrent. It comes down to our ability and our determination to prevent or reduce a crippling cyber attack.
The key element is communication. We must know what to do and who to communicate with in its opening stages so the damage is confined to only the opening stages.
With terrorism knowing no jurisdictional boundaries, you have one of the toughest jobs in our country. Everyone here is on the front line in the war on terror. Yours is a profession that helps America preserve our freedom and protect our communities.
In his October, 2001, address to the United Nations, Mayor Rudy Giuliani said, "I ask you to look into your hearts and recognize that there is no room for neutrality on the issue of terrorism. You're either with civilization or with terrorists." We know we are with civilization. We know what we have to do, and to a large extent, we are doing it, with your help.
Thank you again for all you do.