[Congressional Record Volume 161, Number 114 (Tuesday, July 21, 2015)]
[Senate]
[Pages S5200-S5201]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]




                             CYBER SECURITY

  Mr. DAINES. Mr. President, the headlines in the past few months have 
been enough to paint a startling picture of how our Nation is handling 
technology and security these days.
  Before I came to Congress, I spent 12 years working in the technology 
sector, but it doesn't take an extensive background in these fields to 
see that in the ever-changing realm of technology and online 
communication, America's constitutional freedoms and civil liberties 
are at risk and our security as a nation is under attack.
  When it comes to protecting American citizens' privacy and personal 
information, we as a nation need to respond to the new threats our 
enemies are posing and the new tactics they are using and demand equal 
vigilance from those in our government who claim they have American 
safety at heart.
  The modern battlefield is changing. We see it changing before our 
very eyes, and America needs to adapt. With the incredible advantages 
that modern technology offers, also with that come greater risks as 
well as greater responsibility. Our enemies, America's enemies, are 
utilizing social media in particular to recruit others to their side to 
plot against our rights, our freedoms, our American way of life.
  As Michael Steinbach, the Assistant Director at the FBI's 
Counterterrorism Division, said to the House Homeland Security 
Committee just last month: ``The foreign terrorist now has direct 
access into the United States like never before.''
  We know for a fact that ISIS aggressively uses social media to spread 
its propaganda, to target individuals in our own country, and to urge 
them to attack us on our own soil.
  In March of this year, the New York Times reported that ISIS's use of 
social media, including Twitter and high-quality online recruiting 
videos, has been ``astonishingly successful,'' and the speed at which 
modern social media moves means America must move faster.
  In fact, we read about the recently foiled terrorist attack in 
Boston, where Islamic extremists planned to behead law enforcement 
officials. It shows us the importance of engaging these online 
terrorists, their propaganda machines, interpreting their encrypted 
communications, and cracking down on the spread of online terrorist 
networks--but how can we fight back against these cyber threats from 
abroad when our own government officials show themselves to be woefully 
incompetent?
  We in this country spent months debating the National Security 
Agency's bulk collection of Americans' metadata, and in the meantime, 
while we are having this debate, Chinese hackers stole millions of 
Americans' personal information. In fact, it is estimated now those 
Chinese hackers broke into the Office of Personnel Management--
basically the HR system of the Federal Government--and stole over 20 
million records of employees of the Federal Government.
  This recent breach of Federal employees' information may possibly be 
rooted in a phishing email. In fact, in a recent article in Ars 
Technica on June 8, they said:

       It may be some time before the extent of the breach is 
     known with any level of certainty. What is known is that a 
     malware package--likely delivered via an e-mail ``phishing'' 
     attack against OPM or Interior employees--managed to install 
     itself within the OPM's IT systems and establish a back-door 
     for further attacks. The attackers then escalated their 
     privileges on OPM's systems to the point where they had 
     access to a wide swath of the agency's systems.

  These hackers broke into the computers at the Federal Government's 
Office of Personnel Management. They were downloading the very forms 
Federal employees use to gain national security clearances.
  In fact, earlier this month USA TODAY said:

       The hackers took millions of the forms used by people to 
     disclose intimate details of their lives for national 
     security clearances. The information could be used to unmask 
     covert agents or try to blackmail Americans into spying for 
     an enemy.

  In fact, I was one of those millions of Americans--as were other 
Members of Congress--whose personal information was compromised in this 
breach, and I demanded accountability from the Director and others at 
the OPM, but we also need to address the systemic problems with cyber 
security in this country directly.
  The outdated security systems at the OPM and other agencies of the 
Federal Government recently hacked show that America is not up to speed 
with the kinds and the levels of cyber threats our country is facing. 
Let me give an example. In the publication Ars Technica of June 8, 
2015, it says:

       The OPM hack is just the latest in a series of Federal 
     network intrusions and data breaches, including recent 
     incidents at the Internal Revenue Service, the State 
     Department, and even the White House. These attacks have 
     occurred despite the $4.5 billion National Cybersecurity and 
     Protection System program and its centerpiece capability, 
     Einstein. Falling under the Department of Homeland Security's 
     watch, that system sits astride the government's trusted 
     Internet gateways. Einstein was originally based on deep 
     packet inspection technology first deployed over a decade 
     ago, and the system's latest $218 million upgrade was 
     supposed to make it capable of more active attack prevention. 
     But the track flow analysis and signature detection 
     capabilities of Einstein, drawn from both DHS traffic 
     analysis and data shared by the National Security Agency, 
     appears to be incapable of catching the sort of tactics that 
     have become the modern baseline for state-sponsored network 
     espionage and criminal attacks. Once such attacks are 
     executed, they tend to look like normal network traffic.
       Put simply, as new capabilities for Einstein are being 
     rolled out, they're not keeping pace with the types of 
     threats now facing federal agencies. And with the data from 
     OPM and other breaches, foreign intelligence services have a 
     goldmine of information about federal employees at every 
     level of the government.

  And this just at a time when the threats to our Nation are at very 
high levels.
  The article continues:

       It's a worrisome cache that could be easily leveraged for 
     additional, highly-targeted cyber-attacks and other 
     espionage. In a nation with a growing reputation for state of 
     the art surveillance initiatives and cyber warfare 
     techniques, how did we become the ones playing catch up?

  But this isn't just about being sloppy or being slow; this is a 
matter of national security. America needs to get smart on cyber 
security and tech issues and to hold officials accountable for their 
behavior because there is just too much at stake if we fail. The 
American people will pay the price for a failure to adapt to this 
rapidly changing world of technology, this rapidly changing world of 
media, this rapidly changing world of information gathering, and for 
sheer carelessness on the part of those in authority.
  Private sector innovation and progress can help America compete. As a 
member of the committee on commerce and having spent 28 years in the 
private sector--the last 12 years with a cloud computing startup which 
we took public and which became a great cloud computing company, with 
offices all over the world but based in my home State of Montana--I 
admit I had to smile when I saw that so many Congressmen want to 
regulate the private sector to protect the private sector from private 
threats. Well, again, in 28 years of serving in the private sector, I 
never once had my information breached. I never once had a letter from 
my HR department saying my information had been comprised. It wasn't 
until I became a Federal employee, elected to Congress a few years

[[Page S5201]]

ago, that my information was compromised. The private sector runs a 
whole lot faster than the public sector.
  I think the government needs to look within to make sure we can be at 
the forefront of cyber technology and security, but these efforts will 
be thoroughly wasted if the Federal Government does not take the 
necessary precautions and procedures to protect the American people.
  Mr. President, I yield the floor.
  The PRESIDING OFFICER. The Senator from Alaska.

                          ____________________