[Pages S5200-S5201]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]

CYBER SECURITY

Mr. DAINES. Mr. President, the headlines in the past few months have
been enough to paint a startling picture of how our Nation is handling
technology and security these days.
Before I came to Congress, I spent 12 years working in the technology
sector, but it doesn't take an extensive background in these fields to
see that in the ever-changing realm of technology and online
communication, America's constitutional freedoms and civil liberties
are at risk and our security as a nation is under attack.
When it comes to protecting American citizens' privacy and personal
information, we as a nation need to respond to the new threats our
enemies are posing and the new tactics they are using and demand equal
vigilance from those in our government who claim they have American
safety at heart.
The modern battlefield is changing. We see it changing before our
very eyes, and America needs to adapt. With the incredible advantages
that modern technology offers, also with that come greater risks as
well as greater responsibility. Our enemies, America's enemies, are
utilizing social media in particular to recruit others to their side to
plot against our rights, our freedoms, our American way of life.
As Michael Steinbach, the Assistant Director at the FBI's
Counterterrorism Division, said to the House Homeland Security
Committee just last month: ``The foreign terrorist now has direct
access into the United States like never before.''
We know for a fact that ISIS aggressively uses social media to spread
its propaganda, to target individuals in our own country, and to urge
them to attack us on our own soil.
In March of this year, the New York Times reported that ISIS's use of
social media, including Twitter and high-quality online recruiting
videos, has been ``astonishingly successful,'' and the speed at which
modern social media moves means America must move faster.
In fact, we read about the recently foiled terrorist attack in
Boston, where Islamic extremists planned to behead law enforcement
officials. It shows us the importance of engaging these online
terrorists, their propaganda machines, interpreting their encrypted
communications, and cracking down on the spread of online terrorist
networks--but how can we fight back against these cyber threats from
abroad when our own government officials show themselves to be woefully
incompetent?
We in this country spent months debating the National Security
Agency's bulk collection of Americans' metadata, and in the meantime,
while we are having this debate, Chinese hackers stole millions of
Americans' personal information. In fact, it is estimated now those
Chinese hackers broke into the Office of Personnel Management--
basically the HR system of the Federal Government--and stole over 20
million records of employees of the Federal Government.
This recent breach of Federal employees' information may possibly be
rooted in a phishing email. In fact, in a recent article in Ars
Technica on June 8, they said:

It may be some time before the extent of the breach is
known with any level of certainty. What is known is that a
malware package--likely delivered via an e-mail ``phishing''
attack against OPM or Interior employees--managed to install
itself within the OPM's IT systems and establish a back-door
for further attacks. The attackers then escalated their
privileges on OPM's systems to the point where they had
access to a wide swath of the agency's systems.

These hackers broke into the computers at the Federal Government's
Office of Personnel Management. They were downloading the very forms
Federal employees use to gain national security clearances.
In fact, earlier this month USA TODAY said:

The hackers took millions of the forms used by people to
disclose intimate details of their lives for national
security clearances. The information could be used to unmask
covert agents or try to blackmail Americans into spying for
an enemy.

In fact, I was one of those millions of Americans--as were other
Members of Congress--whose personal information was compromised in this
breach, and I demanded accountability from the Director and others at
the OPM, but we also need to address the systemic problems with cyber
security in this country directly.
The outdated security systems at the OPM and other agencies of the
Federal Government recently hacked show that America is not up to speed
with the kinds and the levels of cyber threats our country is facing.
Let me give an example. In the publication Ars Technica of June 8,
2015, it says:

The OPM hack is just the latest in a series of Federal
network intrusions and data breaches, including recent
incidents at the Internal Revenue Service, the State
Department, and even the White House. These attacks have
occurred despite the $4.5 billion National Cybersecurity and
Protection System program and its centerpiece capability,
Einstein. Falling under the Department of Homeland Security's
watch, that system sits astride the government's trusted
Internet gateways. Einstein was originally based on deep
packet inspection technology first deployed over a decade
ago, and the system's latest $218 million upgrade was
supposed to make it capable of more active attack prevention.
But the track flow analysis and signature detection
capabilities of Einstein, drawn from both DHS traffic
analysis and data shared by the National Security Agency,
appears to be incapable of catching the sort of tactics that
have become the modern baseline for state-sponsored network
espionage and criminal attacks. Once such attacks are
executed, they tend to look like normal network traffic.
Put simply, as new capabilities for Einstein are being
rolled out, they're not keeping pace with the types of
threats now facing federal agencies. And with the data from
OPM and other breaches, foreign intelligence services have a
goldmine of information about federal employees at every
level of the government.

And this just at a time when the threats to our Nation are at very
high levels.
The article continues:

It's a worrisome cache that could be easily leveraged for
additional, highly-targeted cyber-attacks and other
espionage. In a nation with a growing reputation for state of
the art surveillance initiatives and cyber warfare
techniques, how did we become the ones playing catch up?

But this isn't just about being sloppy or being slow; this is a
matter of national security. America needs to get smart on cyber
security and tech issues and to hold officials accountable for their
behavior because there is just too much at stake if we fail. The
American people will pay the price for a failure to adapt to this
rapidly changing world of technology, this rapidly changing world of
media, this rapidly changing world of information gathering, and for
sheer carelessness on the part of those in authority.
Private sector innovation and progress can help America compete. As a
member of the committee on commerce and having spent 28 years in the
private sector--the last 12 years with a cloud computing startup which
we took public and which became a great cloud computing company, with
offices all over the world but based in my home State of Montana--I
admit I had to smile when I saw that so many Congressmen want to
regulate the private sector to protect the private sector from private
threats. Well, again, in 28 years of serving in the private sector, I
never once had my information breached. I never once had a letter from
my HR department saying my information had been comprised. It wasn't
until I became a Federal employee, elected to Congress a few years

[[Page S5201]]

ago, that my information was compromised. The private sector runs a
whole lot faster than the public sector.
I think the government needs to look within to make sure we can be at
the forefront of cyber technology and security, but these efforts will
be thoroughly wasted if the Federal Government does not take the
necessary precautions and procedures to protect the American people.
Mr. President, I yield the floor.
The PRESIDING OFFICER. The Senator from Alaska.

____________________