Washington, DC – Senate Governmental Affairs Committee Chairman Fred Thompson (R-TN) reminded a packed hearing room today that the federal government?s underlying information infrastructure is “riddled with vulnerabilities which represent severe security flaws and risks to our national security, public safety, and personal privacy.”
“Year after year, expert witnesses have told this committee that an underlying cause of federal information security vulnerabilities is inadequate security program planning and management,” said Thompson. “What is most alarming to me is that after all this time, and all these reports and expert testimony, there is still no organization-wide approach to preventing cyber attacks. And the security program management is totally inadequate. This is yet another example of how difficult it is to get the federal bureaucracy to move, even in an area important as this.”
Ranking Member Joseph Lieberman (D-CT) added, “there are many reasons federal, computer-based information is inadequately protected. But the underlying problem, according to GAO, is poor management. In some ways, this is a ?cultural? problem. Our concentration on security simply hasn?t grown at the same pace as our reliance on computers.”
Kevin Mitnick, a self-described reformed hacker, testified that all computer systems, government and industry, are vulnerable to attack. Mitnick, who served 59 months and 7 days for breaking into Digital Equipment Corporation?s computers said, “If someone has the time, the money and motivation, they can get into any computer.”
Also testifying were Jack Brock with the Government Accounting Office (GAO) and the Inspector General of NASA, Roberta Gross. Both expressed support for the Thompson/Lieberman bill (S. 1993) which mandates good management practices. Brock said, “We support S. 1993. It provides a better management framework for addressing information security issues and provides a mechanism for independently checking how those issues are being addressed.”
The third and final panel offered an industry perspective with testimony from Ken Watson, Manager of Critical Infrastructure Protection at Cisco Systems, Inc. and James Adams, CEO of Infrastructure Defense, Inc., a security consulting company. Adams added, “By stepping up to the plate and tackling computer security with an innovative, bold approach, the Thompson-Lieberman bill significantly boosts the chances of reversing the current bureaucratic approach to a dynamic problem.”