WASHINGTION, DC - Sen. Tom Carper (D-Del.), a senior member of the Senate Homeland Security and Government Affairs Committee released the following statement on yesterday's announcement by Deputy Defense Secretary William Lynn III that in 2008 the U.S. military was the victim of a serious cyber attack:
"Yesterday's revelation by the Department of Defense that in 2008 foreign intelligence agencies compromised classified and unclassified networks of our nation's military by relying on unsuspecting U.S. Soldiers to plug in infected thumb drives -- although a new type of attack at the time -- is sadly old news.
"More disturbing is what the Department of Defense and the National Security Agency have not told the American public -- that nearly every critical system and network that runs the nation's financial systems, air traffic control, electric grid, and other vital networks are just as vulnerable. In fact, foreign intelligence agencies likely have targeted these systems and at times compromised them. Some have argued that the threat of a cyber attack isn't real, or is being over-hyped, but if the International Space Station orbiting around the Earth can be compromised by software intended to steal NASA's scientific information, as acknowledged in 2008, what makes people think a similar type of attack can't also be used to take down other critical networks? This latest revelation underscores the scary reality of how vulnerable we really are to cyber criminals, terrorists, and nation-states seeking to use technology to steal from us or do us harm.
"Unfortunately, Americans often don't have the knowledge and skills necessary to defend against these sophisticated 21st Century attacks. For years, agencies like the National Security Agency have needlessly obscured the frequency and significance of attacks like those recently publicly revealed by the Department of Defense out of fear that this attention would entice even more bad guys to attack our vulnerable networks. The problem with keeping the public in the dark about this threat is that the bad guys have already set up shop inside our networks.
"That's why I partnered with my colleagues on the Homeland Security and Governmental Affairs Committee to introduce legislation that will not only defend against these types of attacks, but prevent them before they even happen. We won't be as safe as we should be until we ensure that a fully capable civilian agency is at the helm of our cyber security efforts, working as an open and transparent partner with the private sector to defend our nation from these types of attacks.
"Further, just two weeks ago my home state of Delaware graduated twenty highly-skilled cyber guardians from an intense first-of-its-kind week long summer camp that taught students the skills needed to defend against these sophisticated types of attacks. This is a good first step, but we need a more robust effort from the federal government to build the defenses and train the defenders we need to protect our vital networks. That's why it's so important for Congress and the Administration to come together and deal with this threat, before it's too late."
Sen. Carper has been a national leader on cyber security issues and, as chairman of a key Senate Homeland Security subcommittee, has chaired several hearings over the past three years examining ways to more effectively secure the U.S. from cyber attacks. These hearings culminated in June 2010 when the Homeland Security and Governmental Affairs Committee passed comprehensive cyber security legislation, the Protecting Cyberspace as a National Asset Act of 2010 (S.3480). Sponsored by Sens. Tom Carper (D-Del), Joe Lieberman (ID-Conn.) and Susan Collins (R-Maine), this legislation aims to modernize, strengthen, and coordinate the security of the federal, civilian and private sector critical infrastructure networks. One key provision in the bill would also provide the Department of Homeland Security the authority to develop and bolster cyber security challenges across the nation in order to identify, educate, and train the future cyber security workforce.