“On two separate occasions in 2004, for example, it was reported that viruses were found in top-secret computer systems at the Army Space and Missile Defense Command.”

“The apparent lack of a sense of national urgency to address this problem only gives those who would wish us harm an extra advantage. “

Madam Speaker, in August 2006, four of the computers in my personal office were compromised by an outside source.  This source first hacked into the computer of my foreign policy and human rights staff person, then the computers of my chief of staff, my legislative director, and my judiciary staff person.  On these computers was information about all of the casework I have done on behalf of political dissidents and human rights activists around the world.  That kind of information, as well as everything else on my office computers – e-mails, memos, correspondence and district casework – was open for outside eyes to see.

 

            “I am aware that computers in the offices of several other Members were similarly compromised, as well as a major committee of the House — the Foreign Affairs Committee.  It is logical to assume that critical and sensitive information about U.S. foreign policy and the work of Congress to help people who are suffering around the world was also open to view from these official computers.

 

            “In subsequent meetings with House Information Resources and FBI officials, it was revealed that the outside sources responsible for this attack came from within the People’s Republic of China.  These cyber attacks permitted the source to probe our computers to evaluate our system’s defenses, and to view and copy information.  My suspicion is that I was targeted by Chinese sources because of my long history of speaking out about China’s abysmal human rights record.

 

            “My office’s computers were cleaned and returned to me by House Information Resources, but ever since this happened, I have been deeply concerned that this institution is not adequately aware of or protected from these types of threats.

 

            “I have also learned that this threat exists not only here in the Capitol complex, but also when Members travel overseas.  I have been told that, particularly in countries in which access to information is tightly controlled by the government, Members are at risk of having their conversations and information recorded or stolen from their cell phones and Blackberry devices.

 

            “As I have shared my office’s experience with other Members, it has become clear to me that many Members, committees and other offices of the House do not fully understand the extent of this threat against the security of their offices and how to protect themselves from it.

 

            “I have no information to confirm this, but it would seem realistic that the Senate could also be at risk.  The committees in both chambers on Government Reform, Intelligence, Judiciary, Armed Services, and Homeland Security should be having hearings on this threat.

 

            “That is why I am here today on the House floor.  I am speaking out about the threat of cyber attacks from China and other countries on the entire U.S. government, including our military, because of my deep concern about maintaining the security and integrity of our government.

 

            “Computer systems control all critical infrastructures, and nearly all of these systems are linked together through the Internet.  This means that nearly all infrastructures in the United States are vulnerable to being attacked, hijacked or destroyed by cyber means.

 

            “The U.S. government has recognized cyber vulnerabilities and threats to critical infrastructures for over a decade going back to the President’s Commission on Critical Infrastructure Protection (PCCIP) in 1997.

 

            “However, despite all the activity, reports, funding, and growth in the Department of Homeland Security, little seems to have changed in terms our vulnerability to cyber incidents.

 

            “If a major cyber attack or incident were to occur, I have read that many analysts are skeptical that the U.S. government could adequately recover and reconstitute the Internet.       

      

            “According to a report from the Congressional Research Service, “U.S. counterintelligence officials reportedly have stated that about 140 different foreign intelligence organizations regularly attempt to hack into the computer systems of U.S. government agencies and U.S. companies.”   

 

            “This happens with alarming frequency, according to a recent Business Week article titled, “The New E-spionage Threat.”  This article states that U.S. government agencies reported almost 13,000 cyber security incidents in fiscal year 2007 – triple the number from just two years earlier. 

 

            “Lieutenant General Charles E. Croom, who heads the Pentagon’s Joint Task Force for Global Network Operations, said that incursions on the military’s networks in 2007 were up 55 percent from the previous year.

            “The May 31 cover story in the National Journal titled, “The Chinese Cyber-Invasion,” reported that “electronic devices used by U.S. Commerce Secretary Carlos Gutierrez and his party during a December 2007 visit to China were invaded using spyware that could steal information.”   

 

            “Gutierrez was in China with a high-level delegation to discuss trade-related issues such as intellectual property rights, consumer product safety and market access.  The Associated Press also reported on this breach.   Why did we learn about this in the press instead of from our own government officials?  Did our government do anything about this attack?

 

            “Our military computer networks are a frequent target of foreign cyber espionage, according to CRS.  In order to take advantage of technological innovation, DOD uses Commercial-Off-The-Shelf (COTS) hardware and software in its core administrative functions as well as in the complex combat and weapons systems of all services.

 

            “However, DOD officials and other analysts have said that COTS products lack necessary security but that requiring these products to meet military requirements for security would be too costly and difficult for most vendors.  

 

            “DOD has compensated for these vulnerabilities through additional layers of protective measures; however, despite these measures, DOD systems and computers belonging to DOD contractors remain vulnerable, according to CRS.

 

            “On two separate occasions in 2004, for example, it was reported that viruses were found in top-secret computer systems at the Army Space and Missile Defense Command.

 

            “China in particular is actively engaged in espionage against the United States.  I recently had the opportunity to read the U.S.-China Economic and Security Review Commission’s 2007 Classified Report to the Congress, and found the report’s conclusions to be very alarming.

 

            “The report addresses Chinese activities in the areas of espionage, cyber warfare, and arms proliferation.  I strongly urge all Members of the House to read this report, as it gives a clear picture of the threat that China poses to our national security.

 

            “In fact, the Pentagon’s 2008 annual report to Congress stated that “in the past year, numerous computer networks around the world, including those owned by the U.S. government, were subject to intrusions that appear to have originated within the PRC.” 

 

            “News reports and CRS have divulged that in 2004, an attack code named “Titan Rain” accessed sensitive data files stored on the computer networks of Lockheed Martin, Sandia National Labs, and NASA.  This cyber attack went undetected for many months, and the hackers that carried out this attack were believed to be in China.

            “In 2006, a lengthy cyber attack against the U.S. Naval War College in Rhode Island prompted officials to disconnect the entire campus from the Internet.  In 2007, officials temporarily disconnected part of the Pentagon’s unclassified network from the Internet in responseto a similar attack against the Pentagon.  

 

            “In fact, according to CRS, “DOD officials acknowledge that the Global Information Grid, which is the main network for the U.S. military, experiences more than three million daily scans by unknown potential intruders.” 

 

            “According to the Business Week article, in 2007, the U.S. government launched a classified operation called “Byzantine Foothold” to combat sophisticated new attacks that were compromising sensitive information at the State Department and at defense contractors such as Boeing, the source of which U.S. officials allege is China.

         

            “Business Week’s article states that computer attacks have targeted sensitive information on the networks of at least seven federal agencies: the Defense, State, Energy, Commerce, Health and Human Services, Agriculture, and Treasury departments.  Defense contractors Boeing, Lockheed Martin, General Electric, Raytheon, and General Dynamics have also been targeted.

 

            “Not long ago, few people within the U.S. government or in universities were systematically studying how a massive failure of our infrastructure could seriously disrupt our economy and way of life.

 

            “Few understood that we could be vulnerable to damaging attacks launched from overseas using only computers via cyberspace.

 

            “The Critical Infrastructure Protection (CIP) Program at George Mason University and James Madison University, which is now six years old, was formed in response to this gap in our knowledge about cyber threats.

 

            “At my request, the CIP Program began producing a monthly topical publication on homeland security issues that is required reading in the Pentagon, Homeland Security, DOE and state and local homeland security agencies.

 

            “Despite everything we read in the press, our intelligence, law enforcement, national security and diplomatic corps remain hesitant to speak out about this problem.  Perhaps they are afraid that talking about this problem will reveal our vulnerability.  In fact, I have been urged not to speak out about this threat.

 

            “But our adversaries already know we are vulnerable.  Pretending that we are not vulnerable is a mistake.

 

            “As a nation, we must decide when we are going to start considering this type of activity a threat to our national security, a threat that we must confront and from which we must protect ourselves.

                                             

            “The apparent lack of a sense of national urgency to address this problem only gives those who would wish us harm an extra advantage.

 

            ‘The Government Accountability Office reported in 2007 that no comprehensive strategy exists yet to coordinate improvements of computer security across the federal government and the private sector.

 

            “I strongly believe that the appropriate officials, including those from the Department of Homeland Security and the FBI, should brief all Members of Congress in a closed session regarding threats from China and other countries against the security of House technology, including our computers, Blackberry devices, and phones.

 

            “The potential for massive and coordinated cyber attacks against the United States is no longer a futuristic problem.  We must prepare ourselves now and develop procedures for responding to this threat.

 

            “In recent testimony before the U.S. Senate Armed Services Committee, Director of National Intelligence Mike McConnell expressed concern not only about sources capturing sensitive information, but also about them altering it.

 

            “Director McConnell testified that  “If someone has the ability to enter information in systems, they can destroy data.  And the destroyed data could be something like money supply, electric-power distribution, transportation sequencing, and that sort of thing.

 

            “Members need to know how best to protect themselves, their staff and their official business from these threats.  I have experienced this threat first hand, as have others in Congress, and am deeply worried that this institution is not adequately protected.

 

            “Congress should take a lead in protecting our government and indeed our country from the threat posed by cyber espionage activities.

 

            “James Lewis, the director of the Technology and Public Policy program at the Center for Strategic and International Studies, remarked last year in testimony before the House Committee on Homeland Security that  “[i]f gangs of foreigners broke into the State or Commerce Departments and carried off dozens of file cabinets, there would be a crisis.  When the same thing happens in cyberspace, we shrug it off as another of those annoyingcomputer glitches we must live with.” 

 

            “The apparent complacency in both the private and public sectors toward this threat is astonishing!  We now know about the threat.  We must speak out about how to protect ourselves, and formulate a comprehensive strategy with which to respond.

 

            “Stephen Spoonamore, CEO of a cyber-security firm called Cybrinth, put the matter succinctly in the National Journal article:   “By not talking openly about this, they are making a truly dangerous national security problem worse. . . Secrecy in this matter benefits no one. Our nation’s intellectual capital, industrial secrets, and economic security are under daily and withering attack.  The oceans that surround us are no protection from sophisticated hackers, working at the speed of light on behalf of nation-states and mafias.  We must cease denying the scope, scale, and risks of the issue.  I, and a growing number of my peers, believe our nation is in grave and growing danger.” 

 

            “Mr. Spoonamoore is right.  We are making this dangerous national security problem worse by not discussing it openly.

 

            “I believe this institution, as my resolution states, should get the facts, and armed with these facts, should take the necessary action to protect the safety and integrity of the House.

 

            “In 1789, British Parliament member William Wilberforce, speaking to his colleagues about the slave trade, said “having heard all this, you may choose to look the other way, but you can never again say that you do not know.” 

 

            “We cannot afford to look the other way when foreign sources are threatening to compromise our government institutions, our economy, our very way of life through cyber espionage.  We cannot sit by and watch.”