OFFICIALS LEGISLATION INTEREST GROUPS PUBLIC STATEMENTS COMMITTEES VETOES

Hearing of the House Committee on Science and Technology - Planning for the Future of Cyber Attack Attribution

Statement

By: David Wu
By: David Wu
Date: July 15, 2010
Location: Washington, DC
Issues: National Security Technology and Communication Defense

Good Morning. Thank you for being here today for this important hearing on cyber attack attribution technology.

This cybersecurity hearing is one in a series that this subcommittee had held on ways that we can protect our nation's critical cyber infrastructure. Over the last two years, we've held hearings on cyber security activities at the National Institute of Standards and Technology and the Department of Homeland Security, as well as on the administration's Cyberspace Policy Review. Just two weeks ago, we had an important hearing on the smart grid, and spent a great deal of time talking about the necessity of developing strong cyber security standards for our national energy infrastructure.

We are well aware of the critical role that IT networks play in managing much of our day-to-day activity--from online banking to systems that make sure there is food on grocery store shelves. This growing reliance on networks has made us more vulnerable to cyber attacks and has increased the potential for such attacks to have far-reaching and crippling effects. Now more than ever, we need to be focused on the development of tools and technologies to prevent, detect, and respond to cyber attacks.

History shows that one of the best deterrents to an attack is the ability to identify your attacker. During the Cold War, the United States and the Soviet Union--each with expansive offensive capabilities--were held in check by the notion that an attack would result in immediate retaliation. This was achieved because each country would have been able to precisely identify its attacker.

This method of deterrence--the ability to attribute an attack to a particular person, party, or system--can be equally vital to defending against cyber attack. While they are not the end-all solution to our cybersecurity challenges, the development of effective and reliable attribution technologies should be an essential part of our efforts to secure the nation's cyber space.

However, given that the internet is intended to be open and anonymous, the attribution of cyber attacks can be very difficult to achieve and should not be taken lightly. As co-chair of the Global Internet Freedom Caucus here in the House, I am personally very concerned about the potential implications to privacy and internet freedom posed by attribution technologies. As a result, I believe that it is absolutely imperative that we define and implement clear restrictions on how attribution technologies are developed and used to ensure that they are not misused.

I look forward to today's discussion on attribution technologies and how they may help deter cyber attacks. I am interested in discussing the proper roles of the federal government and private industry in the development of these technologies, and the research and development that is needed to fill any capability gaps. And I am particularly eager to discuss ways to ensure that attribution technologies are not used to infringe upon the safety, privacy, or individual liberties of internet users.

I would like to thank the witnesses for appearing before us today and I look forward to our discussion.


Source
arrow_upward