Cybersecurity: An Overview of Risks to Critical Infrastructure, Hearing Before the Subcommittee on Oversight and Investigations of the Committee on Energy and Commerce, House of Representatives, One Hundred Twelfth Congress, First Session, July 26, 2011   [open pdf - 2MB]

From the opening statement of Cliff Stearns: "Over the last 15 years, our Federal Government has wrestled with the question of how best to protect our Nation's critical infrastructures from cyber attacks. Since September 11, our infrastructure systems have become even more automated and more reliant on information systems and computer networks to operate. This has allowed our systems to become more efficient, but it has also opened the door to cyber threats and cyber attacks. Recent reports and news articles have highlighted how threats and risks to cybersecurity have created vulnerabilities in our Nation's critical infrastructures and information systems. For example, just last week, the Department of Homeland Security sent out a bulletin about potential insider threats to utilities. That bulletin stated that outsiders have attempted to obtain information about the utilities' infrastructure to use in coordinating and conducting a cyber attack. In March 2011, the computer systems of RSA were breached. RSA manufactures tokens for secure access to computer networks. Sensitive information about these tokens was stolen and later used to hack into the network of Lockheed Martin, a Department of Defense contractor. Last summer, the Stuxnet attack was identified. Stuxnet targets vulnerabilities in industrial control systems such as nuclear and energy to gain access to the systems and then manipulate the control process. This kind of attack has the potential to bring down or severely interrupt the functions of an electricity or even a nuclear plant. The issues surrounding critical infrastructure protection and security are complex. Our systems are interconnected and depend on one other to operate. A vulnerability in one critical infrastructure naturally exposes other critical infrastructures to the same threats and risks, either because they are linked together through information systems or because one infrastructure depends on another to operate. In addition, much of the country's critical infrastructures are privately owned, as much as 80 or 90 percent. They therefore have different operations, components, control systems, and computer networks--as well as vastly different resources available to address problems like cybersecurity and infrastructure protection." Statements, letters, and materials submitted for the record include those of the following: Cliff Stearns, Diana DeGette, Michael C. Burgess, Marsha Blackburn, Donna M. Christensen, Henry A. Waxman, Fred Upton, Roberta Stempfley, Sean P. McGurk, and Gregory C. Wilshusen.

Report Number:
Serial No. 112-80
Public Domain
Retrieved From:
Government Printing Office, Federal Digital System: http://www.gpo.gov/fdsys/
Media Type:
Help with citations