OFFICIALS LEGISLATION INTEREST GROUPS PUBLIC STATEMENTS COMMITTEES VETOES

Cybersecurity

Floor Speech

Date: Oct. 26, 2009
Location: Washington, DC
Issues: National Security Senior Citizens Technology and Communication Defense Entitlements and the Safety Net

Mr. BURGESS. I thank the Speaker for the recognition.

I come to the floor tonight to talk about cybersecurity. We all hear about data breaches. They're so common, it seems like you can hardly pick up the newspaper without reading about another occurrence. And unfortunately, the rate at which they're occurring is also increasing. A report in 2009 found that more electronic records were breached in 2008 than in the previous 4 years combined. Almost 10 million United States adults were victims of identity theft in 2008. These are expensive. A 2009 report found that the average cost of a data breach had risen to $202 per customer from last year's $197. Over $600 is lost out of pocket per second to identity fraud, costing consumers and businesses over $52 million a day.

Examining some of the sources of the breaches, 29 percent come from government and military, 28 percent are from educational institutions, 22 percent in general business, 13 percent in health care companies, 8 percent in banking, credit card and financial services. Within the government itself, on the May 2008 Federal Security Report Card, the Department of Interior, the Department of Treasury, the Department of Veterans Affairs and the Department of Agriculture all scored failing grades.

Within the military, the personnel data of tens of thousands of United States soldiers has been downloaded by unauthorized computer users. The data included Social Security numbers, blood type, cell phone numbers, e-mail addresses and the names of soldiers' spouses and children. A 2006 Department of Veterans Affairs data breach put almost 30 million veterans' names, addresses and Social Security numbers at risk.

Within the retail segment, in 2009, a Miami man was charged in the largest case of computer crime and identity theft ever prosecuted. He, along with two unknown Russian coconspirators, were charged with taking more than 130 million credit card and debit card numbers from late 2006 to early 2008, and they did it as an inside job. They reviewed lists of Fortune 500 companies, decided where to aim; they visited the stores to monitor the payment systems used; they placed sniffer programs on corporate networks; and the programs intercepted credit card transactions in real time and

transmitted the numbers to computers in the United States, Netherlands and the Ukraine. An expert said the case provided more evidence that retailers and banks needed to strengthen, needed to harden, industry standards.

And finally, educational institutions. As I noted earlier, second only to government and data breaches are educational institutions, probably the most disturbing statistic. In 2007, the number of data security breaches in colleges and universities increased almost two-thirds from 2006, and the number of educational institutions affected increased by almost three-quarters. In August of 2005, hackers stole almost 400,000 electronic records of current, former and prospective students in my congressional district at the University of North Texas. The hackers got away with names, addresses, telephone numbers, Social Security account numbers and possibly credit card numbers.

So what can we do? Of the breaches, 87 percent are considered avoidable if reasonable controls had been in place. Madam Speaker, now is the time for Congress to enact a meaningful national standard to protect commercial and government data. This requires leadership at the top levels of an organization to take an active role in ensuring that their systems are secure. Federal Government subcontractors that have access to sensitive and personally identifiable information should be required to comply with the same standards as Federal agencies and departments. Finally, we must all be involved from the top down and the bottom up. We must encourage leaders of government agencies and private enterprises to actively manage and rigorously protect the data collected and stored within their institutions. We must make this a priority, and Congress should take up and pass House Concurrent Resolution 193.

This bipartisan resolution, introduced by myself and CHARLIE GONZALEZ of Texas, expresses the Sense of Congress for the need to pass meaningful legislation to protect commercial and government data from data breaches. There are a lot of disturbing statistics. Let's take action now so that the occurrence, cost and individuals affected do not continue to increase.


Source
arrow_upward