SECURITY IN CYBERSPACE
PERMANENT SUBCOMMITTEE ON INVESTIGATIONS
(Minority Staff Statement)
JUNE 5, 1996
U.S. SENATE PERMANENT SUBCOMMITTEE ON INVESTIGATIONS
SECURITY IN CYBERSPACE
JUNE 5, 1996
The computer age arrived with great promise and expectation. Just four years ago, the
Internet hosted one million users. Today that number exceeds 58 million, and is growing at an
estimated rate of 183% per year. Advances in computing and networking have affected virtually
every aspect of our society, including civilian government, the military, communications,
transportation and commerce. Government is more efficient and connected, business is more robust
and able to provide more services, and individuals now have access to large caches of information
and each other.
The computer age has also brought with it vulnerabilities and weaknesses. As we rush to
connect to the information superhighway, are we sufficiently questioning the vulnerabilities created
by our growing dependency on computers and networks? As the most critical pieces of our national
infrastructure become dependent upon these information networks, have we ensured they are secure
The purpose of this report is to examine the vulnerabilities of our national information
infrastructure and efforts by our government to promote its security. To prepare this
Statement, the Permanent Subcommittee on Investigations (Minority) Staff, at the direction
of the Subcommittee's Ranking Minority Member, Senator Sam Nunn, spent approximately
8 months interviewing representatives from industry and government, as well as private
individuals expert in the field of information security. The
Staff also examined the international aspects of this issue with numerous briefings from
The Staff's conclusions, which are set forth throughout this report, can be
summarized as follows:
- Our government and our private sector have become increasingly dependent on computers and
networks such that our nation has created a critical information infrastructure that supports the
most essential functions of our society.
- Today, our information infrastructure is increasingly vulnerable to computer attack from a
variety of bad actors including foreign states, subnational groups, criminals and vandals.
Anecdotal evidence documents that these adversaries are organized and already regularly
exploiting these vulnerabilities.
- The technology that allows this array of bad actors to exploit networks is becoming more
available and user-friendly. Vulnerabilities in hardware and software are giving hackers - no
matter their motive - greater opportunities and abilities to successfully attack our information
infrastructure. Recent Defense Department studies suggest that computer attackers successfully
intrude on DoD unclassified but sensitive networks more than 65% of the time.
- Computer hackers use different routes of attack, often crossing national boundaries and using
private and public computer network systems. This presents complex and novel legal and
jurisdictional issues that hinder the detection of and response to computer intrusions.
- Our government and private industry's inability to foster a culture that promotes computer
security is greatly exacerbating the vulnerabilities of our information infrastructure.
- Our government has been unable to adequately define the scope of the threat posed by
computer attacks because the intelligence community has failed to dedicate sufficient
resources to data collection and analysis.
The private sector - including the commercial and financial world - has been unwilling to report
their own vulnerabilities for fear of inspiring customer insecurity. As a result, enormous
losses occur that escape the attention of the law enforcement and intelligence communities.
One informal estimate by a group of computer security firms documents losses among just
their clients at over $800,000,000 in one year alone.
- The U.S. government has recently recognized the potential severity of this problem and is only
now beginning to address its very serious ramifications to our national security.
- Our nation is in need of a comprehensive strategy that addresses the vulnerability of our
- Our failure to recognize this threat and respond with sufficient resources, will have severe
consequences for our nation's security as we become more connected and more dependent
upon our information infrastructure.