[Congressional Record Volume 153, Number 161 (Tuesday, October 23, 2007)]
[Extensions of Remarks]
[Pages E2211-E2212]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]




 SUPPORTING THE GOALS AND IDEALS OF NATIONAL CYBER-SECURITY AWARENESS 
                                 MONTH

                                 ______
                                 

                               speech of

                           HON. JACK KINGSTON

                               of georgia

                    in the house of representatives

                       Tuesday, October 16, 2007

  Mr. KINGSTON. Mr. Speaker, I wanted to talk a little bit about my 
dad. My dad is 89 years old. He has never owned a credit card. He has 
never even had a digital telephone. He doesn't have a computer. He 
doesn't have Internet. He is not interested in any of it. And yet, as 
removed as he might be from computer technology on a day-to-day basis, 
as it would appear in his personal life, the truth of the matter is, no 
one is isolated from high tech today.
  His veterans payments, his Social Security payments, his bank 
transfers, his Medicare, all of this comes to him through computer 
networks. If anybody messes up those computer networks, my 89-year-old 
dad will not get the services that he needs. That's why this is so 
important today.
  I am proud that in 2002 Armstrong Atlantic State University in 
Savannah, Georgia, began its Regional Center for Cyber-security 
Education and Training. This was part of the G-8 Summit which was held 
in Savannah, Georgia, in 2004, and they played a key role in the law 
enforcement efforts surrounding the G-8.

[[Page E2212]]

  Since then, Armstrong Atlantic State University has taken on partners 
of Washington Group International and Bridgeborn, and they are offering 
all kinds of computer security training programs, from simulating and 
modeling to visualization, covert channels, cyber-security and security 
of networks.
  Why is this important? Now, Mr. McCaul said there are 200 million 
U.S. citizens connected to the Internet. The number of people with 
access has increased over 182 percent from 2000 to 2005. In 2006, total 
non-travel-related spending on the Internet is estimated to be over 
$100 billion. That is a 24 percent increase over 2005. In 2005, the FBI 
has estimated that American businesses lost $67 billion because of 
computer crime.
  The United States is the location of 40 percent of the known command-
and-control servers; and because of that, we are the target of attack 
after attack. Most of these are executed by botnets, which are a 
collection of broadband-enabled PCs hijacked during virus and worm 
attacks and seeded with software that connects back to a server to 
receive communications from a remote attacker. In other words, the 
botnets all work together to simultaneously, consistently and 
constantly attack computer networks, such as the Department of Defense, 
the Centers for Disease Control, and the Department of Energy.
  In fact, in America our governmental computers alone get millions of 
attacks each and every day. It is something that we all should be very 
concerned about. The United States was the top country of attack 
origin, making up 33 percent of the worldwide attack activity.
  Personal information, for example, on veterans in May 2006 was taken 
home with a Veterans Administration employee. Approximately 26.5 
million veterans had their own personal information compromised simply 
because one employee took a laptop home. Now 25 years ago that may have 
required a truckload to carry that many files home. But just think 
about it, all he did was take a laptop home. And if the employee's 
house had not been broken into and the laptop stolen, we still might 
not have known about it. In mid-June of 2006, the Department was 
spending approximately $200,000 a day just to operate a call center to 
explain to veterans how this might affect their service. Of course, 
there are class action lawsuits that have followed, and there will be a 
lot more discussion about that.
  In September 2000, a 16-year-old young man by the name of Jonathan 
James, who lived in Florida, hacked into a Pentagon system that 
monitors threats from nuclear weapons and a NASA system that supports 
the international space station. This gave him access to over 3,000 
government e-mail messages. He was able to illegally access a total of 
13 NASA computers and downloaded software which supported the 
International Space Station's physical environment, including control 
of the temperature and humidity within the living space.
  In February 2001, Gary McKinnon of London took a poorly secured 
Windows system of NASA and the Pentagon and 12 other military 
operations and caused almost $1 million worth of damage by just 
basically playing around, stealing passwords and deleting files.
  We know that in March 2000, Max Ray Butler, a 27-year-old computer 
expert working as an FBI informant, was indicted on 15 criminal counts 
for allegedly hacking into the U.S. Department of Defense, NASA, and 
Air Force computer systems. In 2007, he was once again indicted on 
charges of identity theft and wire fraud.
  The list goes on and on, even to the extent that you have folks in 
China purposely attacking American systems, including the Pentagon. I 
will submit some of these for the Record, but the list goes on and on. 
That is why it is very important for us to support this legislation and 
have Members talking about it and knowledgeable.
  If you think about cyber-security now, the cost of it is more than 
what it is for the illegal drug trade in America. Cyber-crime 
outstripped illegal drug sales worldwide and analysts estimate online 
fraud will bring in $105 billion in 2007. This is a huge problem, but 
it is kind of a quiet problem and this resolution helps raise its 
visibility.

     Submissions of examples for the Record
       June 2007: China's army hacked into a computer network at 
     the Pentagon. Computer specialists with the People's 
     Liberation Army (PLA) penetrated an unclassified network used 
     by policy aides to U.S. Defense Secretary Robert Gates in 
     June, resulting in a weeklong shutdown of the system.
       May 2000: Montreal teenage hacker pleaded guilty to 
     illegally penetrating the computer systems of several 
     Canadian and foreign institutions, including NASA, Harvard 
     University and the Massachusetts Institute of Technology, 
     among others.
       October 2002 to March 2003: Raymond Paul Steigerwalt, 21, 
     infected DOD server with TK worm. The worm exploited well-
     known vulnerabilities in Microsoft's IIS Web Server to spread 
     across the Internet and install backdoors under the control 
     of hackers onto infected systems.
       July 2006: State Department had large-scale computer break-
     ins worldwide that appeared to target its headquarters and 
     offices dealing with China and North Korea. Hackers stole 
     sensitive U.S. information and passwords and implanted 
     backdoors in unclassified government computers to allow them 
     to return at will.

                          ____________________