Washington, D.C. – In light of recent cyber-crimes against Target, the University of Maryland, Horizon Blue Cross Blue Shield of New Jersey, and now maybe even Sears, the Oversight Subcommittee and the Research and Technology Subcommittee today held a joint hearing to examine the current state of technology and standards to protect Americans from international cybercriminals.

Oversight Subcommittee Chairman Paul Broun (R-Ga.): “A reported 823 million exposed records made 2013 a record year for data breaches. Health-care insurance providers and organizations suffered 267 breaches, or 43 percent of all attacks.  It seems like an epidemic, and the clear implications of people’s privacy being violated concerns me greatly. On the other hand, fraud and breaches within the retail credit card and debit card industry only amount to five-hundredths of 1% of sales, or 5 cents on the dollar.  And that loss has been declining.  Free market incentives and disincentives and the right of free association and cooperation are sufficient and the most effective at addressing the evolving, quick-moving threat of sophisticated hacking organizations and cybercriminals.”

Witnesses today discussed the evolution of cyber-attacks against U.S. computer networks and infrastructure from rogue hackers to sophisticated international crime syndicates and foreign nations such as Russia and China. Reinforcing this concern, Chairman Broun referenced a quote by former FBI Director Robert Mueller who, before he stepped down from the position, declared that soon “the cyberthreat will pose the greatest threat to our country.”   

Recent cyber-crimes raise concerns about whether security standards were followed by the breached organizations, or if these standards are adequate to ward off such cyber-attacks. Today’s hearing examined how new technologies and processes might defend against cyber-attacks.

Research and Technology Subcommittee Chairman Larry Bucshon (R-Ind.): “Universities, small grocery stores and retailers in Indiana have all experienced security breaches recently. Along with the national retailer security breaches, we have heard about recently in the news, these smaller instances show how all individuals and consumers are threatened by this growing problem.  While there is no question the federal government plays a role in preventing these security breaches, we must ensure we are using our resources as efficiently and effectively as possible.”

Last year, the Science, Space and Technology Committee reported two pieces of relevant legislation that subsequently passed the House. The Cybersecurity Enhancement Act (H.R. 756) and the Advancing America’s Networking and Information Technology Research and Development Act (H.R. 967) both coordinate and drive research and development (R&D) across federal agencies to better address cyber threats to America’s high-tech infrastructure. Both bills passed the House with bipartisan support but have yet to be acted on in the Senate.  All five witnesses spoke to the need and praised the goals and intent of the Science Committee legislation.

The payments industry and retailers have been working together toward a goal of updating credit and debit card security by October 2015.

The following witnesses testified today before the Subcommittees:
Dr. Charles H. Romine, Director, Information Technology Laboratory, National Institute of Standards and Technology
Mr. Bob Russo, General Manager, Payment Card Industry Security Standards Council, LLC
Mr. Randy Vanderhoof, Executive Director, Smart Card Alliance
Mr. Justin Brookman, Director, Consumer Privacy, Center for Democracy & Technology
Mr. Steven Chabinsky, former FBI Deputy Assistant Director for Cyber

For additional information on the hearing, including witness testimony, please visit the Science, Space, and Technology Committee website.