[Congressional Record Volume 141, Number 128 (Thursday, August 3, 1995)]
[Senate]
[Page S11341]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]


             RELEASE OF NEW OTA REPORT ON COMPUTER SECURITY

 Mr. ROTH. Mr. President, in the new hit movie, The Net, 
private information is hacked into via the Internet, turning a young 
woman's life upside-down. While The Net is a work of fiction, it is 
based on a factual premise: that information held in computer networks 
is susceptible to intrusion.
  Unknown crackers routinely scan government and private sector 
databases for military research, confidential personal information and 
other sensitive data. This jeopardizes our Nation's security and our 
individual privacy. A report issued today by the Office of Technology 
Assessment clearly states the problems facing the Federal Government in 
ensuring the integrity and usefulness of America's information 
infrastructure. Its title is Issue Update on Information Security and 
Privacy in Network Environments.
  Securing public and private databases from the mischievous and 
criminal elements of the computer community is not a simple task. The 
sheer number of break-ins and the electronic nature of this crime makes 
prosecution, and often even detection, almost impossible. It is neither 
affordable nor effective to prosecute each cracker. Defending the data 
and computer systems from infiltration has emerged as the most cost-
effective and smartest way to deal with this problem.
  The most recent issue of Defense News underscores the need for secure 
databases, as opposed to stronger enforcement. In it, Paul Strassmann, 
a distinguished visiting professor for information warfare at the 
National Defense University is quoted as saying: ``new laws are not 
likely to stop on-line criminals because the professionals are 
undetectable.'' Against this kind of threat, prevention in the form of 
securing the data is more effective than prosecution.
  Fortunately, we have already laid the groundwork to meet the 
challenge of securing sensitive Federal data. The Computer Security Act 
of 1987 established an approach for protecting the Federal Government's 
unclassified but sensitive data, and developed guidelines and standards 
to promote Federal data protection. However, the Computer Security Act 
needs to be updated and enforced for it to prevent thousands of 
computer break-ins currently occurring annually.
  The costs of not facing these challenges are enormous. As Chairman of 
the Senate Governmental Affairs Committee, my primary goal is the 
restructuring of the Federal Government to be smaller, more effective 
and less expensive. Accomplishing this goal depends on automation, and 
will require enhanced protection of computer databases and networked 
information. OTA's report highlights why the Governmental Affairs 
Committee must update the Computer Security Act for today's networked 
society.


                          ____________________