[Congressional Record Volume 147, Number 178 (Thursday, December 20, 2001)]
[Senate]
[Pages S13919-S13920]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]




                        TECHNOLOGY AND TERRORISM

  Mr. HATCH. Mr. President, it is becoming increasingly clear that 
American technological supremacy will be an invaluable asset in our 
efforts to combat international terrorism and protect our citizens from 
further attack. The technological advantages we now enjoy--in weapons, 
in communications infrastructure, and in detection systems--must be 
both aggressively pursued and zealously guarded.
  For example, the recent anthrax attacks in this country highlight the 
need for the prompt deployment of effective technology to track the 
origins of the dangerous biochemical substances that threaten our 
security. This lack of important information hampers our ability to 
track down, capture, and punish terrorists and their supporters. The 
technology to accomplish this goal exists, and can be quickly and 
inexpensively modified to law enforcement and public safety 
requirements. However, the government needs to make this a priority.
  Although we have long held concern for the impact of hazardous 
materials on the public, the terrorist attack of September 11 and 
subsequent attacks require a heightened response. The weaponization of 
Chemical, Biological, Radiological and Nuclear (``CBRN'') materials 
demands an accounting of these high-risk materials, particularly as 
they accumulate at seemingly innocent locations. Tracking CBRN 
materials is an important step in anticipating and preventing their 
misuse and thereby thwarting terrorist activity.
  We currently have the capability for sophisticated materials 
management that connects people, places, processes, and products in a 
manner critical to security. The federal and local governments should 
work to put in service high-risk material tracking systems that provide 
the basis for powerful, instantaneous decision making. The government 
control centers can observe the global position of hazardous materials 
provided by producers and users in all our allied nations. In less 
accessible locations, the information could be collected through 
satellite technology.
  Such a hazardous materials management system should: provide for data 
collection and for authorization at customs operations and border 
controls; use sophisticated bar code and embedded chip data 
transmitting devices; employ handheld capabilities to manage field 
operations and material logistics; have multi-language capability and 
global reach; integrate with e-solutions and Defense Department 
Enterprise Resource Planning systems; and make use of data mining and 
knowledge management principles.
  Our Nation should immediately move to identify and track the movement 
or accumulation of CBRN materials. We must monitor CBRN materials at 
all global locations, including where they are produced, transported, 
used, staged and/or stored. And we must track, consolidate and analyze 
the CBRN material movements as the basis for a legitimate solution to 
the threats posed to Americans and our citizens abroad.
  At the same time that we use technology to better protect Americans, 
we must make certain that our technological infrastructure is protected 
from attack. To that end, critical infrastructure should undergo 
automated electronic testing of their internal and external network 
assets on a frequent and recurring basis. This testing should include 
written or electronic reports detailing the methods of testing used and 
the results of all tests performed, so that trend-line analysis of 
network security posture can be conducted.
  The Policy on Critical Infrastructure Protection: Presidential 
Decision Directive 63 (``PDD-63'') provided a starting point for 
addressing cyber risks against our Nation. This directive identified 
the critical sectors of our economy and assigned lead agencies to 
coordinate sector cyber security efforts. This directive presents the 
vision that ``the United States will take all necessary measures to 
eliminate swiftly any significant vulnerability to both physical and 
cyber attacks on our critical infrastructures, including especially our 
cyber systems.''
  I believe that we can prepare a defense for our critical 
infrastructure much like we prepared for problems associated with the 
year 2000 computer bug. First, we need, as the President recently 
appointed, an executive agent for cyberspace security, who has the 
power necessary to cause mandatory private and public interaction and 
coordination. Second, we must consider empowering and funding each PDD-
63 lead agency to establish quantitative baselines of the external and 
internal network security posture of their portion of critical 
industries. This can be done through automated electronic testing. 
Third, we must identify vulnerable critical systems within the critical 
infrastructures and secure them to the extent possible through software 
updates, patches, and other correcting configuration issues. Fourth, we 
should mandate continued automated electronic reassessment of systems, 
especially after upgrades or patches are applied. This will provide 
quantitative views of security over time. We must also enforce 
electronic documentation of reassessments and hold businesses and 
vendors accountable for failure to adhere to security mandates. 
Finally, we must expand our domestic partnerships to global public/
private partnerships, including both coalition governments and 
multinational corporations. I would also think that the broadening of 
mandates in these partnerships should consider standards for layered 
security, penetration testing, and demonstrate a commitment to the 
development and installation of wireless equivalency protocols.
  We must make use of every tool at our disposal in our fight against 
terrorism. We must take advantage of American ingenuity and our 
technological supremacy as we work to rid the world of terrorism. In 
addition, it is critical that we protect our critical

[[Page S13920]]

technological infrastructure from those who would use our technology 
against us.

                          ____________________