Good Morning.  I want to commend Chairman Upton for calling this hearing this morning on cybersecurity.

This Subcommittee has a long history on cybersecurity.  We held a hearing in this Subcommittee, for instance, in 1993, where we demonstrated cyber attacks on the Pacific Fleet Command, on NASA’s mission control, and on the Kremlin.  We knew in 1993, well before we enacted the Telecommunications Act, that individuals would use the Internet for nefarious purposes.

Today, we revisit the issue knowing that the Internet is even more prevalent than ever and that more individuals, businesses, critical infrastructure, public safety, hospitals, and government agencies, rely upon it. Unquestionably a major disruption of the Internet can invoke dire consequences in an emergency.  In addition, successful cyber-attacks can cause harm to individuals when security is compromised in a way that leads to identity theft, fraud, or extortion.  American consumers pay dearly for such compromises to their privacy and security every year.  So-called “bot networks” – where computers are essentially hijacked by Internet-based software implanted in your computer without your consent -- are used as vehicles for spam and fraud and denial-of-service attacks.  These acts, along with computer virus attacks, have negative financial impacts across the country that are estimated in the billions of dollars.

The Federal Communications Commission plays a vital role in preparing and responding to cyber attacks because of its responsibility over our nation’s telecommunications infrastructure.  The Network Reliability and Interoperability Council, for example was convened by the FCC in response to this Subcommittee’s inquiry into the massive Bell Atlantic telephone outage in 1991, which was caused by software glitches in digital switching systems.  That council is tasked with helping to prevent Internet disruptions from occurring and has developed a list of best practices for Internet disaster recovery in emergency situations.

The Department of Homeland Security is tasked with the lead responsibility for facilitating response and recovery efforts surrounding major Internet disruptions.  The Government Accountability Office report from June of this year concluded that although the Department of Homeland Security has begun several initiatives addressing cybersecurity and Internet security, these efforts are neither complete nor comprehensive.  As a member of the Homeland Security Committee since its establishment three years ago, I remain concerned about the Department’s lack of significant progress in the area of cybersecurity.

Obviously, many are concerned about cyber threats from Al Qaeda.  Certainly cyber-terrorism is something that is likely to be in Al Qaeda’s playbook and we should be vigilant against such threats.  Yet, beyond the daily threats to cybersecurity from hackers and spammers attempting to profit from fraud, the present threat appears to be from China.

Numerous published reports highlight how China is actively probing our Internet-based infrastructure.  Last year, the Washington Post, for example, highlighted how web sites in China are being used heavily to target computer networks in the Defense Department and other U.S. agencies.

So, based upon the GAO’s report, we clearly are still without an adequate plan for cybersecurity and we need to do a better job preparing ourselves not just for future threats, but for present practices from those who may target Americans for fraud or terrorism.

This is a timely hearing and again I want to commend Chairman Upton for calling this hearing and thank our witnesses for their time and efforts.