Senator Robert F. Bennett
Senate Special Committee on the Year 2000 Technology Problem
Opening Statement at the Joint Economic Committee
February 23, 2000
Good morning. Before we begin, I would first like to thank Chairman
Mack for asking me to chair this hearing on such a critically important
topic to our country: "Cyber-threats and the US Economy". The high-technology
sector continues to lead America's vigorous economic expansion. Currently,
it generates over one-third of real economic growth in the United States
and accounts for approximately 8 percent of our nation's employment.
This year, Internet transactions are expected to total $8 billion. Future
predictions of transaction totals grow to $327 billion by 2002 and $1.5
trillion by 2003.
No top-down or strategic plan was responsible for the success of US
high-tech industries such as semiconductors, software, and biotechnology.
Instead, decentralized sources of financing for entrepreneurs, and open
and competitive markets, have ensured that diverse innovative approaches
are pursed. Many high-tech entrepreneurs have created vast businesses
and thousands of new jobs in a few years, beginning with little more
than a good idea. For example, a few university computer scientists
with the idea of building devices to connect computers into large networks
founded Cisco Systems in the mid-1980s. Cisco, with just $69 million
in 1990 sales, exploded into a worldwide business with sales of over
$8 billion and 19,000 employees by 1998.
Traditional businesses have quickly reached for and embraced new high
technology and the Internet, integrating them into the core of their
business processes and capabilities. They have gained efficiencies and
reaped many benefits as their growth rapidly escalates. Just-in-time
inventories and lean manufacturing processes are examples of just how
efficient many business lines have become since the introduction of
information technology into every facet of the supply chain. Critical
functions and services are increasingly using and thus dependent on
Along with the astonishing growth and movement onto the Internet, there
is an associated growth of real vulnerabilities and credible threats
to the economic stability and well being of the United States. Such
threats may be ubiquitous, as in hacker-instigated denial-of-service
attacks on multiple targets, or focussed, as in the use of a range of
tools by foreign governments for political purposes. An emerging type
of threat may be the use of this electronic media to effect the physical
infrastructure, which is increasingly dependent upon the use of networked
systems. For example, a power and telecommunications failure, instigated
via a computer network could cause a halt in commercial activities,
and thus poses a threat to national economic security.
Recently, hackers used a distributed denial-of-service attack targeting
a number of online companies, such as Yahoo, CNN.com, eBay, E-Trade,
Buy.com, Amaxon.com, ZDNet.com, and others, causing service disruptions
that lasted from minutes to several hours!. Estimates are that each
one of these attacks can cost tens of millions of dollars in lost potential
sales, or in the example of E-Trade, inability to trade stocks whose
value may be changing rapidly. One estimate by the Yankee Group sets
the total cost above the $1 billion mark.
These types of denial-of-service attacks serve to soften public confidence
in the Internet and transacting commerce over it. A recent survey by
PC Data Inc., a market research firm, finds approximately 45% of Internet
users indicated they are less likely to transmit credit-card numbers
over the Web due to these recent attacks. Nonetheless, these attacks
are only the tip of the iceberg. They are the part of the iceberg that
is visible above the water - in clear view. But as everyone knows, the
largest part of the iceberg, and possibly the most dangerous, lies beneath
the surface of the water and is difficult to detect. This is true also
with the range of threats to the Internet and those that rely upon it.
Attacks on American defense and industrial facilities in cyberspace
are as real and dangerous as any conventional threat to economic prosperity
and national security. As we look forward to the year 2000 and beyond,
a new landscape for Congress and the nation is emerging. It is a landscape
in which policymakers must work to protect private industry's high-tech
infrastructure and safeguard the federal government's ability to meet
the defense challenges of the next millennium - with the goal of deterring
our adversaries from understanding and manipulating the industrial and
economic underpinnings of our national security.
Cyber threats do not constitute a new weapon, but a new place. Forget
everything that Rand McNally ever taught you about how the world looks
because, in the world of interconnected, interdependent computers, no
one really knows what the world looks like - at least not anymore. Every
day, someone at Lucent tries to map cyberspace. Let me assure you it
looks nothing like the "old place" - the "old world." Instead, it is
a tangled mass of color-coded networks much like an abstract painting.
This was not a map as you and I know it, but a momentary snapshot of
a cyber-world still being built and that changes rapidly. When you begin
looking at the new geography, the political and spatial worlds blur.
Countries, as we know them, begin to fade.
As Thomas Friedman observed in his book the Lexus and the Olive Tree,
the globalization of the world economy and the integration of markets
and technologies "is enabling individuals, corporations, and nation-states
to reach around the world farther, faster, deeper, and cheaper than
ever before." While cheap global reach has tremendous benefits from
a commercial perspective, it also offers a highly unique set of strategic,
asymmetric threats to U.S. economic and national security interests.
A clear understanding of privacy, security, and reliability in cyberspace
President Clinton's Presidential Decision Directive 63 (PDD 63), signed
in May 1998, required the Executive Branch to assess the vulnerabilities
of computer-based systems and to remedy deficiencies in order to become
a model of information security. PDD 63 called for the development of
a detailed federal plan to protect U.S. critical infrastructures and
to defend America against information warfare. Due in the fall of 1998,
the National Plan for Information Systems Protection was finally released
early this month. As the Plan notes, it is in fact an invitation to
a dialogue - an important first step. It signals that for the first
time the Administration may be serious about protecting Americans in
the information-age. However, there is much work to do if it is to succeed.
A sound appreciation for the range of credible threats will support
the work yet to come.
I look forward to hearing from our distinguished witnesses today and
the light they will shed on cyber-threats implications and challenges
for both the public and private sectors as well as necessary next steps
for successfully addressing them within this new landscape.