Federal Cybersecurity Detection, Response, and Mitigation, Hearing Before the Subcommittee on Information Technology, Committee on Oversight and Government Reform, United States House of Representatives, One Hundred Fourteenth Congress, Second Session, April 20, 2016 [open pdf - 667KB]
This is a testimony compilation of the April 20, 2016 hearing on "Federal Cybersecurity Detection, Response, and Mitigation" held before the Subcommittee on Information Technology, House Committee on Oversight and Government Reform. From the opening statement of William Hurd: "Every day, federal agencies face a barrage of attacks on their information systems from a number of different actors. Attacks on both the public and private sectors consistently reveal one common truth -- no one is immune. In December of last year, Juniper Networks announced that malicious code had been placed in its ScreenOS [Screen Operating System] software, leaving a gaping vulnerability in one of its legacy products. This particular vulnerability may have allowed outside actors to monitor network traffic, potentially decrypt information, and even take control of firewalls. Within a matter of days, the company provided its clients--which include various U.S. intelligence entities and at least twelve federal agencies--with an 'emergency security patch.' DHS and other law enforcement agencies acted swiftly to notify federal agencies of the breach and Juniper's security advisory. Both of their actions may have averted a potentially devastating breach of sensitive data. This is just one sophisticated example of the attacks that U.S. companies and their federal clients face on a daily basis." Statements, letters, and materials submitted for the record include those of the following: Sanjeev Bhagowalia, Steven C. Taylor, Andy Ozment, Richard Barger, and Charles Carmakal.
House Committee on Oversight and Government Reform: https://oversight.house.gov/