(Washington, DC) – Today, the Committee on Science and Technology’s Subcommittee on Technology and Innovation held a hearing to discuss cyber attack attribution—determining the identity or location of an attacker or an attacker’s intermediary—and how attribution technologies can affect the anonymity and privacy of internet users.
“We are well aware of the critical role that IT networks play in managing much of our day-to-day activity—from online banking to systems that make sure there is food on grocery store shelves,” said Subcommittee Chairman David Wu (D-OR). “Our growing reliance on networks has made us more vulnerable to cyber attacks and has increased the potential for such attacks to have far-reaching and crippling effects. Now more than ever, we need to focus on the development of tools and technologies to prevent, detect, and respond to cyber attacks.”
As more and more of the Nation’s infrastructure becomes dependent on the internet, the potential impact of a successful cyber attack against the United States increases. Attribution technologies play an important role in limiting the effects of such crippling attacks.
“However, given that the internet is intended to be open and anonymous, the attribution of cyber attacks can be very difficult to achieve and should not be taken lightly,” stated Wu. “As co-chair of the Global Internet Freedom Caucus here in the House, I am very concerned about the potential implications to privacy and internet freedom posed by attribution technologies.”.
Members and witnesses also discussed what research and development is needed to address capability gaps in attack attribution and who should be responsible for completing that R&D.
Even if some critical infrastructure is privately owned, the government arguably has a responsibility to its citizens to ensure that the infrastructure is protected. Members and witnesses discussed the benefits of strengthening coordination between government and industry on the development of new attribution technologies. This collaboration would help to prevent redundancy and leverage resources.
Witnesses testified that more protocols are needed to ensure privacy and that the government needs to do a better job of protecting the privacy of users in commercial spaces, such as during online shopping and banking.
# # #