as prepared for delivery
I’d like to begin by thanking my colleagues, Dr. Ehlers, Mr. Wu, Mr. Smith, Chairman Gordon, and Mr. Hall for their contributions to the good bipartisan bill we are considering today.
Almost a year ago President Obama called for a comprehensive 60 day review of U.S. cyberspace policy. This call, and the expert recommendations contained in the report that resulted, led to a series of hearings on various aspects of cybersecurity R&D, including the state of research programs, partnerships with the private sector, the IT workforce, and how both NIST and the NSF are responding to the review.
H.R. 4061 is built upon these hearings, and addresses the some of the issues raised in the 60-day review. Specifically, it aims to build strong public-private partnerships, improve the transfer of cybersecurity technologies to the marketplace, train an IT workforce for both the public and private sectors, and coordinate and prioritize Federal cybersecurity R&D.
Information technology is an integral part of our daily lives. Computers, cell phones, and the Internet have greatly increased our productivity and connectivity. Unfortunately, this connectivity and the dependence of our critical infrastructures on information technologies have increased our vulnerability to cyber attacks. One month ago we saw a coordinated foreign attack on Google’s websites. Last week 49 members of this body had their computer systems infiltrated by a group based in Brazil. Last year the Pentagon reported more than 360 million attempts to break into its networks.
But it’s not just the Pentagon or the House of Representatives that need to worry about cyber security. Cybercrime is a problem for businesses large and small, and for every single American. The FTC estimates that identity theft costs consumers about $50 billion annually, and that even more alarmingly, it’s the fastest growing type of fraud in the United States. These aren’t just individual criminals. Increasing globalization and the internet means that sophisticated organized crime groups can mine information, selling it both nationally and internationally.
Improving the security of cyberspace is of the utmost importance and it will take the collective effort of the Federal government, the private sector, our scientists and engineers, and every American to succeed.
Last fall, under the leadership of Congresswoman Clarke, we passed a resolution recognizing National Cybersecurity Awareness Month. Among other things this resolution contributed to an important education and awareness campaign, a National effort to make people aware of the problem and to make them think about what I like to call practicing good “computer hygiene”. However, Federal leadership not only needed to increase public awareness, but also in research, education, and in demonstrating how to secure our own systems.
The first step is education, and by that I mean everything from educating individuals to companies to the next generation of IT professionals. H.R. 4061 addresses these problems by building on existing partnerships, such as the NSF sponsored Center for System Security and Information Assurance at Moraine Valley Community College in Palos Hills Illinois. This single school in my district has trained more than 600 cybersecurity faculty since 2003, individuals who are now teaching at community colleges and technical training programs nationwide.
H.R. 4061 taps into this network of community colleges and universities by providing scholarships to students pursuing degrees in cybersecurity in exchange for their service in the federal IT workforce. This approach not only provides for the immediate workforce needs of the Federal government, but it also builds a pipeline for private industry.
In order to realize the full benefits of information technology we need not only a highly skilled IT workforce, but also advances in basic R&D. Cyber threats are constantly evolving and cyber security R&D must evolve in concert through a combination of near term fixes and long-term projects that build a more secure foundation. And because people are perhaps the ‘weakest link’ in many IT systems, our research strategy needs to include the social and behavioral sciences that can help us better understand how humans interact with technology.
In conclusion, H.R. 4061 is a necessary first step toward securing our public, private, and personal IT systems, and as Chairman Gordon mentioned it is supported by a number of national organizations. It is a good bipartisan bill, and I urge my colleagues to support H.R. 4061.
I yield back the balance of my time.