Editor’s Note: The Senate Committee on Homeland Security and Governmental Affairs held a hearing this morning, ‘Homeland Threats and Agency Responses.” Prepared statements by Chairman Carper and by the witness are available here. Below are the cybersecurity-related sections of the statements by Secretary Napolitano and FBI Director Mueller.
DHS Secretary Janet Napolitano
Safeguarding and Securing Cyberspace
Our daily life, economic vitality, and national security depend on a safe, secure, and resilient cyberspace. A vast array of interdependent IT networks, systems, services, and resources are critical to communication, travel, powering our homes, running our economy, and obtaining government services. While we are more network dependent than ever before, increased interconnectivity increases the risk of theft, fraud, and abuse.
Cyber incidents have increased significantly over the last decade and the United States continues to confront a dangerous combination of known and unknown vulnerabilities in cyberspace, strong and rapidly expanding adversary capabilities, and limited threat and vulnerability awareness. There have been instances of theft and compromise of sensitive information from both government and private sector networks. Last year, the DHS U.S. Computer Emergency Readiness Team (US-CERT) received more than 100,000 incident reports, and released more than 5,000 actionable cybersecurity alerts and information products.
DHS is the Federal government’s lead agency for securing civilian government computer systems and works with our industry and Federal, state, local, tribal, and territorial government partners to secure critical infrastructure and information systems. DHS analyzes and mitigates cyber threats and vulnerabilities; distributes threat warnings; provides solutions to critical research and development needs; and coordinates the vulnerability, mitigation, and consequence management response to cyber incidents to ensure that our computers, networks, and information systems remain safe. DHS also works with Federal agencies to secure unclassified Federal civilian government networks and works with owners and operators of critical infrastructure to secure their networks through risk assessment, mitigation, and incident response capabilities.
With respect to critical infrastructure, DHS and the sector specific agencies work together with the private sector to help secure the key systems upon which Americans rely, such as the financial sector, the power grid, water systems, and transportation networks. Protecting critical infrastructure requires taking an integrated approach toward physical and cyber security and ensuring that we can utilize our established partnerships with the private sector to address cyber security concerns. We do this by sharing actionable cyber threat information with the private sector, helping companies to identify vulnerabilities before a cyber incident occurs, and providing forensic and remediation assistance to help response and recovery after we learn of a cyber incident.
In addition, DHS S&T works collaboratively across Federal agencies, private industry, academic networks and institutions, and global information technology owners and operators to research, develop, test, and transition deployable solutions to secure the Nation’s current and future cyber and critical infrastructures. DHS, in collaboration with the Department of State and other departments/agencies, also works with international partners on cyber threats and other cybersecurity issues, as appropriate.
To combat cyber crime, DHS leverages the skills and resources of the U.S. Secret Service (USSS) and ICE, who investigate cyber criminals and work with the Department of Justice, which prosecutes them. Within DHS, cyber crime investigations are directly led by the USSS and involve numerous partners at the Federal, state and local level as well as the private sector. In FY 2011 alone, USSS prevented $1.6 billion in potential losses through cyber crime investigations. Additionally, ICE HSI cyber crime investigations relating to child exploitation in FY 2011 resulted in 1,460 criminal arrests, 1,104 indictments and 928 convictions. One significant child exploitation investigation conducted by ICE HSI was Operation Delego, which resulted in prosecutors bringing charges against 72 individuals for their alleged participation in an international criminal network that sought the sexual abuse of children and the creation and dissemination of child pornography. To date, 43 of these individuals have been convicted.
DHS recognizes that partnership and collaboration are crucial to ensuring that all Americans take responsibility for their actions online. To that end, we are continuing to grow the Department’s Stop.Think.Connect.™ Campaign, which is a year-round national public awareness effort designed to engage and challenge Americans to join the effort to practice and promote safe online practices.
The Department of Defense is a key partner in our cybersecurity mission. In 2010, I signed a Memorandum of Understanding with then-Secretary of Defense Robert Gates to formalize the interaction between DHS and DOD, and to protect against threats to our critical civilian and military computer systems and networks. Congress mirrored this division of responsibilities in the National Defense Authorization Act for FY 2012. We are currently working with the Defense Industrial Base to exchange actionable information about malicious activity.
As much as we are doing, we must do even more. All sides agree that Federal and private networks must be better protected, and information about cybersecurity threats must be shared more easily while ensuring that privacy and civil liberties are protected through a customized framework of information handling policies and oversight. DHS is committed to ensuring cyberspace supports a secure and resilient infrastructure, enables innovation and prosperity, and protects privacy and other civil liberties by design.
The Administration sent Congress a legislative package in May 2011 that included the new tools needed by homeland security, law enforcement, intelligence, military and private sector professionals to secure the Nation, while including essential safeguards to preserve the privacy rights and civil liberties of citizens. Since that time, Administration officials have testified at 17 hearings on cybersecurity legislation and presented over 100 briefings, including two all- Member Senate briefings and one all-Member House briefing.
The Cybersecurity Act of 2012 would have begun to address vulnerabilities in the Nation’s critical infrastructure systems. This legislation was the result of years of work. It reflected input from the Administration, the private sector, privacy experts, and Members of Congress from both sides of the aisle. Numerous current and former homeland and national security officials had and authorities we need to continue to protect cyberspace while also protecting privacy and civil rights.
FBI Director Robert S. Mueller, III
As this Committee knows, the cyber threat has evolved and grown significantly over the past decade. Foreign cyber spies have become increasingly adept at exploiting weaknesses in our computer networks. Once inside, they can exfiltrate government and military secrets, as well as valuable intellectual property — information that can improve the competitive advantage of state-owned companies.
Unlike state-sponsored intruders, hackers for profit do not seek information for political power; rather they seek information for sale to the highest bidder. These once-isolated hackers have joined forces to create criminal syndicates. Organized crime in cyber space offers a higher profit with a lower probability of being identified and prosecuted. And hacker groups such as Anonymous and Lulz-Sec are pioneering their own forms of digital anarchy.
With these diverse threats, we anticipate that cyber security may well become our highest priority in the years to come. Computer intrusions and network attacks are the greatest cyber threat to our national security. That is why we are strengthening our cyber capabilities, in the same way we enhanced our intelligence and national security capabilities in the wake of the September 11th attacks.
We are focusing the Cyber Division on computer intrusions and network attacks. Such intrusions pose the greatest cyber threat to our national security. We will re-unite non-intrusion programs currently run by the Cyber Division, including Innocent Images and Intellectual Property Rights, with their counterparts in the Criminal Investigation Division. And because even traditional crime is now facilitated through the use of computers, we are enhancing the technological capabilities of all FBI investigative personnel. We are also hiring additional computer scientists to provide expert technical support to critical investigations in the field.
As part of these efforts, we are creating two distinct task forces in the field. First, we will have Cyber Task Forces that will be focused on intrusions and network attacks. The current cyber squads in each of our Field Offices will form the nucleus of these task forces. We must also work together to protect the most vulnerable among us: our children. To that end, we will also create Child Exploitation Task Forces in each field office, which will focus on crimes against children. As we have in the past, we welcome the participation of our federal, state and local partners, as we move forward, with these initiatives.
We are also increasing the size and scope of the National Cyber Investigative Joint Task Force – the FBI-led multi-agency focal point for coordinating and sharing of cyber threat information. The National Cyber Investigative Joint Task Force brings together 18 law enforcement, military, and intelligence agencies to stop current and predict future attacks. With our partners at DOD, DHS, CIA, and the NSA, we are targeting the cyber threats that face our nation. The Task Force operates through Threat Focus Cells – specialized groups of agents, officers, and analysts that are focused on particular threats, such as botnets.
With our partners at the Department of Homeland Security and the National Cyber- Forensics Training Alliance, we are using intelligence to create an operational picture of the cyber threat – to identify patterns and players, to link cases and criminals.
The FBI also has 63 Legal Attaché offices around the world, through which we share information and coordinate investigations with our international counterparts. We also have Special Agents embedded with police departments in Romania, Estonia, Ukraine, and the Netherlands, working to identify emerging trends and key players in the cyber arena.
Together with our intelligence community and law enforcement agency partners, we are making progress toward defeating the cyber threat – through our use of human sources, technical surveillance, and computer science.
In April 2011, with our private sector and law enforcement partners, the FBI dismantled the Coreflood botnet. This botnet infected an estimated two million computers with malware that enabled hackers to seize control of the privately owned computers, to steal personal and financial information. With court approval, the FBI seized domain names and re-routed the botnet to FBI-controlled servers. The servers directed the zombie computers to stop the Coreflood software, preventing potential harm to hundreds of thousands of users.
And last fall, we worked with NASA’s Inspector General and our partners in Estonia, Denmark, Germany, and the Netherlands to shut down a criminal network operated by an Estonian company by the name of Rove Digital. The investigation, called Operation Ghost Click, targeted a ring of criminals who manipulated Internet “click” advertising. They redirected users from legitimate advertising sites to their own advertisements and generated more than $14 million in illegal fees. This “click” scheme impacted more than 100 countries and infected four million computers, half a million of which were here in the United States. We seized and disabled rogue servers, froze the defendants’ bank accounts, and replaced the rogue servers with legitimate ones, to minimize service disruptions. With our Estonian partners, we arrested and charged six Estonian nationals for their participation in the scheme.
We must continue to share information with our partners in law enforcement, in the Intelligence Community, and in the private sector. We must segregate mission-centric data from routine information. We must incorporate layers of protection and layers of access to critical information. And when there is a compromise, we must limit the data that can be gleaned from it.
We must also work together to determine who is behind any given computer intrusion or network attack. We can use the ability to attribute an attack to a specific attacker to help deter future attacks. We cannot simply minimize vulnerabilities and deal with the consequences. Collectively, we can improve cyber security and lower costs – with systems designed to catch threat actors, rather than simply to withstand them.
Leave a Reply