[Congressional Record Volume 153, Number 133 (Monday, September 10, 2007)]
[Senate]
[Page S11304]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]




                             CYBER ATTACKS

  Mr. BENNETT. Mr. President, I rise to make note of an event that the 
newspapers have talked about and then passed over, but one we should 
pay a great deal more attention to. This has to do with the number of 
increasing cyber attacks that have occurred where hackers have gotten 
into computers and upset their ability to function. I am not talking 
about the kind of hackers who break into a computer to leave behind an 
obscene message simply to demonstrate that they could do it. These are 
amateurs. I am talking about attacks that appear to be state sponsored.
  The Nation of Estonia had its computers shut down for a period of a 
week, unable to perform any kind of connection with the outside world, 
almost as if it were a test on the part of some nation state to 
determine whether they could perform this kind of activity. Now we have 
had further demonstrations of their ability to do it in government 
computers. This has been going on for years. I remember, when I was 
connected with the Y2K issue as chairman of the Senate's committee on 
that problem, going over to the Pentagon and standing in the room where 
we watched the cyber attacks come in. The officials in the Pentagon 
would identify for me the countries from which they were coming. They 
would say: Those are attacks coming from the Philippines. Those are 
attacks, probing, trying to get into our computers. They come from 
South Korea. These are coming from whatever other country. That does 
not mean the attacks originated in any of those countries. It is 
entirely possible in today's world for someone to have a sophisticated 
computer attack in one nation and route the attacks through a second or 
even third or fourth nation as cutouts so the victim of the attack will 
not be able to know the original source.
  The recent attacks that have occurred against our Government 
computers clearly come from a higher level of sophistication than those 
I saw 3 or 4 years ago.
  I pursued an interest in this issue and then became consumed with 
other Senate business--that happens to us--and said, a few years later: 
I probably need to check into this to see what has happened. So I went 
back to the National Security Agency, I went back to the Pentagon, I 
made contact again with people at the CIA and said: What is going on in 
the world of cyberattacks and cyberterrorism?
  I was startled that everything had progressed two, three, four, five 
generations beyond what it had been just a few years before. It is a 
classic sword-and-shield confrontation. The attack comes--representing 
the sword--we create firewalls--representing the shield--and then a new 
sword is invented and a new shield is called for. This game has been 
going on now to an escalated level where now we are seeing 
sophisticated nation state-sponsored attacks, and they break through 
occasionally, and they get a little space in the newspaper and maybe a 
mention on the evening news, and then we go about business as usual.
  I am as guilty as anyone else of going about business as usual. I 
want to get back into this issue, dig a little deeper, and find out 
what is going on because eventually this will be the ultimate 
battlefield. Eventually, the people who wish this country ill will not 
come at us with tanks and aircraft carriers or cruise missiles; they 
will come at our computers. Our military is the most sophisticated in 
the world, but if you shut down their ability to communicate through 
satellites and by computers, our military becomes crippled and 
impotent. I remember when I went through basic training being told that 
an army has to do three things: It has to move, shoot, and communicate. 
Those who are mounting these cyberattacks are developing the capability 
to prevent us from communicating. We need to spend more time and effort 
looking at this issue.
  I have one suggestion for the executive branch. During the Clinton 
administration, the highest official dealing with this issue was in the 
White House. After President Bush became the President, that official 
reported to Condoleezza Rice in her role as National Security Adviser. 
I sat down with Condoleezza Rice to talk about this issue, to try to 
bring her up to date on what I thought was important. She was very 
polite, but I became quickly aware she knew more about this issue than 
I did. She was not patronizing about it, but she was up to speed and up 
to date on it, and I felt reassured that the White House had that level 
of understanding.
  Well, she has now gone on to other duties, and the highest official 
now is in the Department of Homeland Security. I am not sure that is 
the place where it needs to be. It may very well be that it needs to go 
back into the White House at the high level it held at one point in the 
past.
  I will be discussing this and other issues relating to this question 
in the months to come. I appreciate the opportunity of alerting my 
fellow Senators to this very important but often overlooked issue.
  I yield the floor.
  I suggest the absence of a quorum.
  The ACTING PRESIDENT pro tempore. The clerk will call the roll.
  The bill clerk proceeded to call the roll.
  Mrs. MURRAY. I ask unanimous consent that the order for the quorum 
call be rescinded.
  The ACTING PRESIDENT pro tempore. Without objection, it is so 
ordered.

                          ____________________