Washington, DC – Amid constant news reports of increasing cyber attacks against the United States, the U.S. Senate Judiciary Subcommittee on Crime and Terrorism today held a hearing to examine the nation’s responses to cyber threats. The hearing explored the cyber resources and strategy of the Department of Justice (DOJ) and the Federal Bureau of Investigation (FBI), including their use of existing statutory authorities against advanced threats, and ways in which the private sector can complement those efforts.
During the hearing’s first panel, the subcommittee heard from Jenny Durkan, U.S. Attorney for the Western District of Washington, and Joseph Demarest, Jr., Assistant Director for the Federal Bureau of Investigation’s Cyber Division. Whitehouse asked the witnesses whether DOJ and the FBI have sufficient resources, and an adequate structure and strategy, to combat cyber crimes.
“We have to have a serious discussion and sit down and figure out what the plan is for dealing with this, and have we really resourced it enough. We need to have our ‘Elliot Ness’ moment on this and get ready to put the resources into this problem set,” Whitehouse said. “We cannot for long remain on the losing end of the biggest transfer of wealth in history through illicit means.”
In his testimony, Demarest noted that the FBI has elevated the cyber threat to its number three national priority. He went on to say, “As the Committee knows, we face significant challenges in our efforts to combat cyber crime. We are optimistic that by identifying and prioritizing strategic areas for change, the FBI will continue to succeed in identifying and neutralizing cyber criminals, thereby protecting U.S. businesses and critical infrastructure from harm.”
The hearing’s second panel featured testimony from Kevin Mandia, CEO of Mandiant; Stewart Baker, Partner at Steptoe & Johnson LLP; and Cheri McGuire, Vice President for Global Government Affairs & Cybersecurity Policy at Symantec.
In his testimony, Mandia singled out one of the largest actors of cyber crime. “An example of an advanced threat actor targeting American businesses is a group Mandiant refers to as APT1. Mandiant has identified APT1 as Unit 61398, or the 2nd Bureau of China’s People’s Liberation Army General Staff Department’s 3rd Department,” Mandia said. “Unit 61398 has targeted thousands of English speaking businesses from various sectors of the economy around the world — the majority right here in the United States.”
Asked by the subcommittee’s Ranking Member, Lindsey Graham, to identify “a wish list” to better combat cyber crimes, McGuire said, “We clearly need more investigators, prosecutors, and judges who are equipped and trained with the necessary skills to address these kinds of actions… We are not putting enough resources against this today… We’re making progress but we’ve got a really long way to go to catch up.”
Senator Whitehouse is a leading advocate in Congress for action on cybersecurity. In 2010 he served as chairman of the Senate Intelligence Committee’s Cyber Task Force. Last year he worked closely with a bipartisan group of Senators to develop compromise legislation to strengthen the nation’s cybersecurity. And last month, Whitehouse co-authored an opinion piece with Senator Lindsey Graham, which laid out five key priorities for any future cyber legislation.
###
