[Congressional Record: June 11, 2008 (House)]
[Page H5280-H5287]
RESOLUTION RAISING A QUESTION OF THE PRIVILEGES OF THE HOUSE
Mr. WOLF. Madam Speaker, pursuant to rule IX, I rise to notify the
House of my intention to offer a resolution as a question of the
privileges of the House.
The form of my resolution is as follows:
Directing the Chief Administrative Officer and the Sergeant
At Arms of the House of Representatives to take timely action
to ensure that all Members, committees, and offices of the
House are alerted of the dangers of electronic attacks on the
computers and information systems used in carrying out their
official duties and are fully briefed on how to protect
themselves, their official records, and their communications
from electronic security breaches.
Understanding that the Clerk will finish the rest of the resolution,
I ask unanimous consent that it be considered as read.
The SPEAKER pro tempore. Without objection, the reading is dispensed
with.
There was no objection.
Mr. WOLF. Madam Speaker, I call up the resolution just noticed.
The SPEAKER pro tempore. The Clerk will report the resolution.
The Clerk read as follows:
H. Res. 1263
Whereas beginning in August 2006, several of the computers
used by Congressman Frank R. Wolf, a Representative from the
Commonwealth of Virginia, in carrying out his official and
representational duties were compromised by an outside
source;
Whereas the Chief Administrative Officer of the House of
Representatives, acting through House Information Resources
(HIR), alerted Congressman Wolf to this incident and cleaned
and returned the compromised computers to the Congressman's
office;
Whereas since this attack, it has been discovered that
computers in the offices of other Members, as well as in the
office of at least one committee of the House, have been
similarly compromised;
Whereas in subsequent meetings with HIR and officials from
the Federal Bureau of Investigation, the outside source
responsible for these incidents was revealed to be located in
the People's Republic of China;
Whereas according to HIR, when Members use Blackberry
devices or cell phones while traveling overseas, especially
in nations in which access to information is tightly
controlled by the government, they are at risk of having
their conversations or other personal information recorded or
collected without authorization;
Whereas HIR, the FBI, and the House Security Office briefed
the affected offices on the security breaches that have
occurred, and have done a good job in attempting to protect
other offices of the House from similar threats; and
Whereas it is nevertheless not clear that all Members,
committees, and other offices of the House are aware of the
existing threats against the security and confidentiality of
the electronic records of their offices or their overseas
electronic communications, nor is it clear that Members and
other House personnel have been fully briefed on how to
protect themselves, their official records, and their
communications from electronic security breaches: Now,
therefore, be it
Resolved, That the Chief Administrative Officer and the
Sergeant at Arms of the House of Representatives, in
consultation with the Director of the Federal Bureau of
Investigation, should take timely action to ensure that all
Members, committees, and offices of the House are alerted of
the dangers of electronic attacks on the computers and
information systems used in carrying out their official
duties and are fully briefed on how to protect themselves,
their official records, and their communications from
electronic security breaches.
The SPEAKER pro tempore. The resolution qualifies.
[[Page H5281]]
Pursuant to the rule, the gentleman from Virginia (Mr. Wolf) and the
gentlewoman from California (Ms. Zoe Lofgren) each will control 30
minutes.
The Chair recognizes the gentleman from Virginia.
Mr. WOLF. I yield myself such time as I may consume.
(Mr. WOLF asked and was given permission to revise and extend his
remarks.)
Mr. WOLF. Madam Speaker, in August 2006, four of the computers in my
personal office were compromised by an outside source. This source
first hacked into the computer of my Foreign Policy and Human Rights
staff person, then the computers of my Chief of Staff, my Legislative
Director and my Judiciary Committee staff. On these computers was
information about all the case work I've done on behalf of political
dissidents and human rights activists around the world. That kind of
information, as well, everything else on my computer, e-mails, memos,
correspondence and district case work, was open for outside eyes to
see.
I'm aware that the computers in the offices of several other Members
of the Congress were similarly compromised, as well as a major
committee, the Foreign Affairs Committee. That means the computers in
the House Foreign Affairs Committee have been compromised. It is
logical to assume that critical and sensitive information about U.S.
foreign policy and the work of Congress to help people who are
suffering around the world, was also open to view from those official
computers.
In subsequent meetings with the House Information Resources and the
FBI, it was revealed that the outside sources responsible for this
attack came from within the People's Republic of China. Just so it's
understood, they acknowledged that this attack came from within the
People's Republic of China.
The cyber attacks permitted the source to probe our computers to
evaluate our systems defenses and to view and copy information. My
suspicion is some say that I perhaps was targeted by the Chinese
sources because of the history of speaking out about China's abysmal,
very abysmal human rights record.
My offices' computers were cleaned and returned to me by House
Information Resources, but ever since this happened, I've been deeply
concerned that this institution, the institution of the United States
Congress, is definitely not adequately aware of or protected from these
types of threats.
I've also learned that this threat exists not only here in the
Capitol complex, but also when Members travel overseas. I've been told
that, particularly in countries in which access to information is
tightly controlled by the government, Members are at risk of having
their conversations and information recorded or stolen from their cell
phones and Blackberry devices. That means, when a Member of the House,
the Senate or the administration goes abroad, goes to China,
everything, and if they use their cell phone or they use their
Blackberry, it's being recorded by the Chinese government. And I don't
believe any Member of the Congress has been told of that.
As I've shared my office experience with other Members, it has become
clear to me that many Members and committees of other offices in the
House do not fully understand the extent of the threat against the
security of their offices and how to protect themselves.
I have no information to confirm this, but it would be realistic that
the Senate may also be at risk.
The committees in both Chambers on Government Reform, Intelligence,
the Judiciary Committee, the Armed Services and the Homeland Security
should have hearings on this issue. This is an issue that must have
public hearings, as well as closed door and private hearings.
That is why, Madam Speaker, I'm here today on the House floor. I'm
speaking out about the threat of cyber attacks from China and other
countries on the entire U.S. government, including our military,
because of my deep concern about maintaining the security and the
integrity of our government.
According to a report from the Congressional Service, and I quote,
``U.S. counterintelligence officials reportedly have stated that about
140 different foreign intelligence organizations regularly attempt to
hack into the computer systems of U.S. government agencies and U.S.
companies.''
{time} 1715
This happens with alarming frequency, according to a recent Business
Week article entitled ``The New E-spionage Threat.'' This article
states that U.S. Government agencies reported almost 13,000 cyber
security incidents in fiscal year 2007, triple the number from just 2
years earlier.
The May 31 cover story of the National Journal, the respected
National Journal, says, ``The Chinese Cyber-Invasion,'' and every
Member should read it, titled the ``Chinese Cyber-Invasion'' reported,
``Electronic devices by the U.S. Commerce Secretary Carlos Gutierrez
and his party during a December 2007 visit to China were invaded using
spyware that could steal information.'' Gutierrez was in China with a
high-level delegation to discuss trade-related issues.
Now, this Congress said it's concerned about trade-related issues
with China, and that's why he was there, such as intellectual property
rights, consumer product safety, and market access. The Associated
Press also reported on the breach. Why did we learn about this in the
press instead of from our own government officials? Did our government
do anything about this attack? Did they get information from Secretary
Gutierrez that could be used against American business in negotiation
of trade agreements?
China, in particular, is actively engaged in espionage against the
United States. I recently had the opportunity to read, and I hope every
Member of the Congress has read, the U.S.-China Economic Security
Review Commission's classified report--it is in the House Intel
Committee--to the Congress and found the report's conclusions to be
very alarming. The report addresses China's activities in the areas of
espionage, cyber warfare, and arms proliferation. I strongly urge all
Members of the House to read this report as it gives a clear picture of
the threat that China poses, the threat, and in their words, that China
poses to our national security.
In fact, the Pentagon's 2008 annual report to Congress stated that
``in the past year, numerous computer networks around the world,
including those owned by the U.S. Government, were subject to
intrusions that appear to have originated within the People's Republic
of China.''
According to the Business Week article in 2007, the U.S. Government
launched a classified operation called Byzantine Foothold to combat
sophisticated new attacks that were compromising sensitive information
at the State Department and a defense contractor, such as Boeing, the
source of which U.S. officials allege is China.
The Business Week article states that computer attacks have targeted
sensitive information on the Internet works of at least several Federal
agencies: the Defense Department, the State Department, the Energy
Department, the Commerce Department, the Health and Human Services
Department, and the Agriculture Department, and the Treasury
Department. Defense contractors Boeing, Lockheed Martin, General
Electric, Raytheon, and General Dynamics have also been targeted.
Despite everything we read in the press, our intelligence and law
enforcement, national security, and diplomatic corps remain hesitant to
speak out on the problem. Perhaps they are afraid that talking about
the problem will reveal our vulnerability. In fact, I have been urged
not to speak out about this threat. But our adversaries already know we
are vulnerable. Pretending that we are not vulnerable is a mistake.
As a Nation, we must decide when we are going to start considering
this type of activity a threat to our national security and the men and
women who serve in the Armed Forces, a threat that we must confront and
which we must protect ourselves.
Madam Speaker, the apparent lack of national urgency to address this
problem only gives those who wish us harm an extra advantage.
The Government Accounting Office reported in 2007 that no
comprehensive strategy exists yet to coordinate improvements of
computer security across the Federal Government in the private sector.
[[Page H5282]]
I strongly believe that the appropriate officials, including those of
the Department of Homeland Security and the FBI, should brief all
Members of Congress in a closed session regarding threats from China
and other countries against security of House technology including our
computers, BlackBerry devices, and phones. There must be a session
where any Member who is interested has the opportunity to get briefed
by the FBI and the Department of Homeland Security and others.
The potential for massive and coordinated cyber attacks against the
United States is no longer a futuristic problem. We must prepare
ourselves now and develop procedures for responding to this threat.
Members need to know how best to protect themselves, their staff, and
their official business from these threats. I have experienced this
threat firsthand, as have others in the Congress, and are deeply
worried that this institution, the United States Congress, is not
adequately protected.
Congress should take the lead in protecting our government and indeed
our country from the threat posed by cyber espionage activities.
James Lewis, the director of the Technology and Public Policy Program
at the Center for Strategic and International Studies remarked last
year in testimony before the House committee on Homeland Security that
``If gangs of foreigners broke into the State or Commerce Department
and carried off dozens of file cabinets, there would be a crisis. When
the same thing happens in cyberspace, we shrug it off as another of
those annoying computer glitches we must live with.''
The apparent complacency in both the private and public sectors
toward this threat is astonishing. We must know about the threat. We
must speak out about how to protect ourselves and form a comprehensive
strategy with which to respond.
Stephen Spoonamore, a CEO of a cyber security firm called Cybrinth,
put the matter succinctly in the National Journal article. He said,
``By not talking openly about this, they are making truly a dangerous
national security problem worse . . . Secrecy in this matter benefits
no one. Our Nation's intellectual capital, industrial secrets, economic
security are under daily and withering attack. The oceans that surround
us are no protection from sophisticated hackers, working at the speed
of light on behalf of nation-states and mafias.''
We must cease, Madam Speaker, this Congress must cease, the
administration must cease denying the scope and scale and risk of the
issue. And he goes on to say a growing number of his peers ``believe
that our Nation is in grave and growing danger.''
Mr. Spoonamore is right. We are making this dangerous national
security problem worse by not discussing it openly. I believe this
institution, as my resolution states, should get the facts, and armed
with these facts, should take the necessary action to protect the
safety and integrity of the House.
In 1789, Madam Speaker, British Parliament member William
Wilberforce, speaking to his colleagues about the slave trade, said,
``having heard all of this, you may choose to look the other way, but
you can never again say you do not know.''
This Congress on both sides of the aisle and people in the
administration can never again, can never again say you do not know;
and the American people should ask their Members of Congress, Do you
know and what are you going to do about it.
We cannot afford to look the other way when foreign sources are
threatening to compromise our government institutions, our economy, our
very way of life through cyber espionage. We cannot sit by and watch. I
urge the adoption of the resolution.
I reserve the balance of my time.
Ms. ZOE LOFGREN of California. Madam Speaker, I yield myself such
time as I may consume.
I will note that I have had a chance to discuss this resolution with
Congressman Wolf. At the conclusion of our discussion, we will refer
this resolution to the House Administration Committee where we will do
the appropriate follow-up, and I personally plan to keep in touch with
the author of the resolution so that the concerns that he has are fully
addressed.
I will just note that when the new majority was elected to the House
and I was then appointed to the House Administration Committee, one of
the first things I did was to ask to be briefed on our cyber security
situation in the House. And I did receive that report. Certainly some
things had been done. But more, in my judgment, needed to be done, and
we have followed through on that.
I will say that both the Speaker and Leader Boehner have met with the
House computer security officials and were told that the sophisticated
technology that we do have in place is going to prevent and detect
intrusions, but it depends on Members doing what they need to do to
work within our security environment.
We have security system programs in place that safeguard against
unauthorized system access and disclosure of data, system controls that
are in place to identify, verify trace authorized and unauthorized user
activity, and to prevent unauthorized modification or destruction of
House data.
Chairman Brady has ordered an immediate implementation of additional
protections. He's also directed House personnel to work with the FBI
and other security agencies to ensure that necessary steps are taken to
safeguard House systems. These improvements will help ensure that House
network and data remains protected from harm.
In addition to these efforts, the House has instituted a working-
smarter series, and we have had actually briefings for staff in the
congressional offices asking those staff in Member offices to come in
and become aware of the cyber security steps that they need to take in
each Member's office. I don't know that every Member has had full staff
participation in that, and in discussing this with Mr. Wolf, it would
be my intention, perhaps working with Mr. Langevin who is chairing the
Homeland Security Subcommittee on Cyber Security, to ask the Democratic
caucus and the Republican conference to meet and to highlight this
issue so Members will know.
I mean, some Members know all about it, and apparently some Members
didn't know enough about it; and I'll take that admission very
seriously.
What more do we need to do? Well, we have sophisticated firewalls in
place today that monitor all incoming network traffic. We have an
intrusion-detection system, and we have multiple anti-virus and spyware
programs. That's important because you want redundancy and overlap. You
don't want to rely on just one system. We also have--you may have seen
in some of the hallways--teams monitoring wireless systems. It's a kind
of antenna they're waving around. They're trying to detect unauthorized
wireless setups that are a potential problem for our security.
What further can we do?
Well, we have tried to insist that Members use more vigorous passport
protection schemes. And one of the things we're looking at is instead
of asking Members, forcing Members to do that. Now we get pushback when
Members are told what to do in their individual offices, but I think
that's one of the things that we need to talk about.
Another thing we're looking at, and this was an issue in the
intrusion mentioned a minute ago, is whether we're updating our virus
software and whether the patches to this software have been uploaded.
And Members don't do it. A lot of times Members just neglect to do it.
If you don't put the patches in, you're just bare. So we're thinking
about maybe centralizing that function. Again, some Members may not
like that, but you've got it one way or the other. I mean, you can't be
concerned about intrusion if we don't take the steps necessary to
actually protect ourselves.
We also are looking at additional encryption efforts, enhancing our
real-time monitoring by the security office, and potentially
implementing a digital rights management scheme.
Now, I just want to talk a little bit about Member responsibility.
If Members are going to access Web sites in China, you're engaging in
risky behavior, and it may be necessary for some Members who are
monitoring human rights to do that. I accept that. But it is not a good
idea to visit a Web site in China with the computer that's networked
with all of your sensitive data on board because if you do, you're
going to get malware, and you are
[[Page H5283]]
going to lose your data to whoever has put that malware on the site.
So I would strongly suggest, and this is a teachable moment, that if
Members feel a need to monitor Web sites in China and other countries,
that they get a laptop, get an air card, don't put any other sensitive
data on it and monitor to your heart's content, but don't leave
yourself vulnerable to your data being removed.
{time} 1730
No doubt there are root kits, there are bot nets that are going to be
infecting your computer and potentially even turning them into zombie
computers. Additional things that we want to look at is data leakage
protection and some security assessments which is actually going
underway right now.
Just a word on cyber security generally, which Mr. Wolf has
mentioned. In the 108th Congress, I had one of the best experiences in
my congressional career of serving with Mac Thornberry who chaired the
Cyber Security Subcommittee. I was the ranking member, and we worked
really hard that Congress together. I think it was the only
subcommittee, the end of the Congress, we didn't have majority report
and a minority report. We had one report that reflected both of our
views, and the view was that the Federal Government was way behind in
what we needed to do on cyber security.
I remain a member of the Homeland Security Committee. I serve under
Mr. Langevin's chairmanship on the committee with cyber security
jurisdiction. We have had many, many public hearings, in addition to
classified briefings, on the real deficiencies in our cyber security
environment in the Federal Government, and I will tell you, I am
frustrated to this very moment that so little has been done to keep us
safer. Frankly, the House of Representatives has much more robust cyber
security than the Department of Homeland Security. That's kind of a
chilling thought, but unfortunately, it is true.
So, at this point, I recognize the gentleman's concern. I certainly
plan on working with you, and I also want to make sure that each and
every Member of this House understands the environment, what their
responsibilities are, what their staffs' responsibilities are,
understand what we've done as an institution, and what the tradeoffs
are going forward in terms of even more vigorous protection.
With that, I reserve the balance of my time.
Mr. WOLF. Before I yield the gentleman 5 minutes, I would say this is
bigger than just the House, though. The computers of the House have
been violated and when Members go abroad, but also, it deals with
people in the administration.
And so I think there need to be public hearings by the Armed Services
Committee and by the Judiciary Committee. This Congress is never
reluctant to hold a hearing on different things. This is a major issue
so it must be broader than just the House Administration Committee.
I yield 5 minutes to the gentleman from New Jersey.
Mr. SMITH of New Jersey. I thank my good friend for yielding.
Madam Speaker, in December of 2006 and then again in March of 2007,
my Human Rights Subcommittee's computers were attacked by a virus that,
in HIR's words, ``intended to take control of the computers.'' At that
time, the IT professionals cleaned the computers and informed my staff
that the attacks seemed to come from the People's Republic of China.
They said it came through or from a Chinese IP address. The attackers
hacked into files related to China. These contained legislative
proposals directly related to Beijing, including the Global Online
Freedom Act, e-mails with human rights groups regarding strategy,
information on hearings on China--I chaired more than 25 hearings on
human rights abuses in China--and the names of Chinese dissidents.
While this absolutely doesn't prove that Beijing was behind the attack,
it raises very serious concern that it was.
Like Mr. Wolf, I too speak out often against the systematic abuse of
human rights by the Chinese Communist government, whether it be
religious persecution, the systematic use of torture, the total absence
of labor rights, press freedom or free speech, and since 1979, the
pervasive use of forced abortion to implement the barbaric one-child-
per-couple policy, the gravest violation of women's and children's
rights ever. So I was deeply concerned that the perpetrators of these
crimes searched the China files on my computers.
It is now coming to light, Madam Speaker, that some other Members may
as well have been attacked, and more needs to be done to combat this
danger. So I thank my friend for offering this very important
resolution.
Madam Speaker, cyber attacks on Congress are only a small, but not
insignificant, part of a much larger pattern of attacks to which the
executive branch, the Pentagon, and American business is the chief
target. I want to recommend, as my colleague Mr. Wolf did a moment ago,
``The Chinese Cyber-Invasion,'' an eye-opening feature article that
recently appeared in the National Journal. There we learn that some of
our top cyber security experts believe that Chinese hackers have
already shown that they can hack down our power grid. The experts
believe that the Chinese hackers have caused power blackouts in the
U.S. One blackout in 2003 was the largest in U.S. history and affected
some 50 million people.
Chinese hackers and cyber warriors are mapping U.S. government and
commercial networks at a rate that in the last 18 months has increased
exponentially. A high-level ODNI official has referred to ``a kind of
cyber militia . . . coming in volumes that are just staggering,'' he
said. The same official said that what makes the Chinese hackers stand
out ``is the pervasive and relentless nature of the attacks.''
Madam Speaker, with enormous aid, comfort and scads of one-of-a-kind
technological assistance from U.S. companies, including Microsoft,
Cisco, Google and Yahoo, the Chinese Government has achieved a huge
qualitative capability to suppress freedom of speech on the Internet at
home and to wage cyber warfare abroad.
Two years ago, I chaired the first congressional hearing on this
unseemly, dangerous partnership, an alliance that enables the Chinese
secret police to find, arrest, incarcerate, and torture religious
believers and pro-democracy activists in China. Google, for its part,
has become the de facto center for China's ubiquitous anti-American,
anti-Tibetan, anti-religious propaganda machine, while Cisco has made
the dreaded Chinese secret police among the most effective in the
world.
I have introduced the Global Online Freedom Act, which has cleared
all three committees of jurisdiction and is ready for floor action, and
I, again, respectfully ask the leadership to bring it to the floor to
combat this ever-worsening threat. For the Chinese people, it will make
the prospect of freedom and democracy more achievable. For Chinese
dissidents, it's a matter of survival, and for us, it may inhibit the
transfer of technologies that we must prevent from falling into the
hands of the enemies of fundamental human rights.
Mr. Wolf's resolution is a wake-up call, and it alerts us to take
more effective action and thwart disruption and the theft of sensitive
data. I strongly support the resolution.
Ms. ZOE LOFGREN of California. Madam Speaker, I would like to yield
to the chairman of the subcommittee with jurisdiction over cyber
security on the House Homeland Security Committee, Mr. Langevin, 5
minutes.
(Mr. LANGEVIN asked and was given permission to revise and extend his
remarks.)
Mr. LANGEVIN. I want to thank the gentlelady for yielding, and I also
want to thank the gentleman from Virginia for bringing this serious
issue to light.
As chairman of the Subcommittee on Emerging Threats, Cybersecurity,
and Science and Technology, I have spent much of the 110th Congress
focused on issues of information security. In fact, my subcommittee has
held eight hearings and conducted investigations into dozens of cyber
security issues. And while I believe we have made some real progress in
the last year or so, we still have a lot of work ahead of us.
I fully agree with Director of National Intelligence, Mike McConnell,
when he says that cyber security is the most significant national
security issue facing the Nation today, and it's easy to understand
why.
We rely on computers in every aspect of our lives, from our banking
systems
[[Page H5284]]
and our electric grid, to our military and the functions of our
Government. And whether we realize it or not, each of us is dependent
on the effective functioning of computers. For many years, these
systems were largely closed to the outside world, but in the Internet
age, this is no longer true.
In the history of the world, never have so many people had so much
access to ideas, knowledge, and skills. Unfortunately, never before
have so many people also possessed the capability to cause such
catastrophic economic and physical harm to the United States.
Now, this is not a hypothetical threat. In 2007, Vice Chairman of the
Joint Chiefs of Staff James Cartwright told Congress that ``America is
under widespread attack in cyberspace.'' And though we have not seen
the massive denial of service attacks that the Nation of Estonia
experienced last year, the Federal Government and the private sector
have been the victims over the last decade of an extensive and
deliberate espionage campaign that has had a significant impact upon
our Nation.
As Major General William Lord stated publicly last year, ``China has
downloaded 10 to 20 terabytes''--again 10 to 20 terabytes--``of data
from the DOD's unclassified network.'' That's the equivalent of almost
half of the Library of Congress.
American businesses, too, have been dramatically affected. One
estimate suggests that our companies lose an estimated $70 billion each
year due to cyber crime, and individual citizens are far from immune
either. Electronic identity theft affects, as you know, millions of us
every year.
There are a variety of motives for these attacks, but the result is
clear: the weakening security and economic stability of our country.
National security is a nonpartisan issue, and we must all work together
to commit the resources and the manpower necessary to respond to this
threat.
The situation raised by Congressman Wolf today illustrates that while
the House of Representatives has strong information protections in
place, cyber security threats pose a challenge to computer systems
everywhere, and it is an ever-evolving and dynamic threat. And we need
to do all we can to stay out in front of it and ahead of it.
Now, I'm pleased that the House leadership takes this issue very
seriously and is taking action to ensure that House systems are
properly secured, and I especially commend House Administration
Chairman Bob Brady for directing the Chief Administration Officer to
immediately adopt additional protections for House computers.
I also want to commend the gentlelady from California (Ms. Zoe
Lofgren) for her due diligence and passion about cyber security as
well, and I certainly appreciate the working relationship, good working
relationship, that she and I have together.
I am ready to do anything I can to help ensure that our House
information systems are as secure as possible. Recognizing that this
issue is much larger than the House of Representatives, I am also
committed to addressing the broader issues of cyber security across the
Federal domain and the national critical infrastructure.
I look forward to working with my colleagues to ensure that our
Federal Government is educated and prepared at all levels to thwart
cyber attacks and protect the integrity of our networks.
Mr. WOLF. I recognize the gentleman from Illinois (Mr. Kirk), a
member of the Appropriations Committee whose computer was also stripped
from someone in China, for 1\1/2\ minutes.
Mr. KIRK. I want to thank the gentleman from Virginia for this
resolution.
In my judgment, most Members of Congress are quite naive about the
security of their offices against an expert cyber attack from a foreign
intelligence service.
With regards to China, these types of attack are uniquely damaging to
the U.S.-China relationship. While the resolution before us concerns
breaches in the security of House computers, we can assume that the
Senate is also under attack.
The message we would send to China is that such a cyber attack on the
Congress poses unique dangers to the long-term relationship of China
and the United States. We all know that a Member of Congress will soon
be sworn in as a President of the United States in just 7 months. To
the senior leaders overseas that may direct such a cyber attack against
congressional offices, I would ask, What are you thinking? The
intelligence gained would pale in comparison to the damage directly
done to U.S.-China relations.
House Information Systems should dramatically upgrade the protection
of U.S. computers, especially in the House, and offer Members secure
Blackberries to protect against that unique vulnerability. We should
also review other security procedures that should lead the Congress
especially to increase the protection of the White House, the Defense
Department, and the State Department.
I want to commend my colleague Mr. Wolf for bringing this to the
attention of the House and especially the attention of the American
people.
Ms. ZOE LOFGREN of California. Madam Speaker, just a couple of
comments.
In terms of protecting ourselves, I can't emphasize enough, it is
important for all of us to take steps to secure ourselves.
I had an opportunity to take a look. We keep track of this, the
intrusions. I took April by example. The origin of the intrusion in
April, the country that originated the largest number of intrusions
into the House, the United States of America.
{time} 1745
And China wasn't second. So yes, there are intrusions coming from
China, from Russia, from European countries, from our own country, and
we'd better take precautions to protect our data.
You can't protect a BlackBerry. If you take your BlackBerry
overseas--I just thought everyone knew this--and download something,
you are opening yourselves up to a vulnerability. Now, we can take a
snapshot of where your BlackBerry is before you go and see if it's been
compromised while you're gone, but if you're not secure in your
activities, you're not secure in your activities.
And so I take very seriously what you're saying, which is that not
every Member understands this. We have to change that, and I'm going to
be active in playing my part to change that.
Mr. SMITH of New Jersey. Will the gentlewoman yield?
Ms. ZOE LOFGREN of California. I will yield to the gentleman.
Mr. SMITH of New Jersey. I appreciate my friend for yielding.
One of the concerns is, while they may be terrorists or homegrown,
we're talking about and we are very concerned about is that this is the
Government of the People's Republic of China and their enablers, people
who are part of a network, that is very much focused on trying to wreak
havoc and to glean information about dissidents, about legislative
strategy, and about what we know about what's going on----
Ms. ZOE LOFGREN of California. Reclaiming my time, let me just note
that obviously we don't want sensitive information from the government
to be in the hands where it can be compromised. We're not arguing that.
I'm just pointing out that if Members use a computer in their office
that's networked to visit a Web site in China, you can bet--you're
asking for some malware to be put on your computer, and it's going to
take everything that is accessible to the other computers in your
network. And so you shouldn't do that.
When I travel with my laptop, and I sometimes do, you know, I never
hook that laptop into the network of the House. In fact, it's against
the rules to do so. And I don't do it because that would compromise the
computer network. And so I would just note that the Homeland Security
Committee has been very vigorous over the past 5 or 6 years that I'm
aware of, I mean, we don't need a wake-up call, we've been yelling
``fire'' for half a decade and we haven't really been heard by those
who have responsibility in the administration to act. However, we are
moving forward in terms of systems in the House.
What I'm hearing from you, Mr. Wolf, and others, is that Members'
level of information is quite variable on this, and we will take that
seriously and do an effort of outreach on that.
[[Page H5285]]
Madam Speaker, I reserve the balance of my time.
Mr. WOLF. Madam Speaker, I recognize the gentleman from Virginia (Mr.
Forbes) for 2 minutes.
Mr. FORBES. Thank you, Congressman Wolf.
Madam Speaker, I rise in support of the privileged resolution offered
by my good friend from Virginia, but I just want to make clear of one
thing. This is not just about computers in the House of
Representatives. This is about computers and information technologies
all across the country.
China is among the most aggressive countries spying on the United
States. The FBI has stated that China is and will continue to be
America's greatest counterintelligence problem during the next 10 to 15
years.
FBI Director Mueller has testified before House committees that
China's intelligence collection in the U.S. is substantial and ongoing.
The extent of Chinese espionage operations targeting the United States
should worry every single Member that we have here.
And Madam Speaker, the reason it's so important is they don't use the
same techniques that a lot of countries do, they use a much wider
scope. And we understand that economic and industrial espionage cost
American businesses nearly $60 billion in 2005.
Director Mueller has stated that China has established more than
3,000 front companies in the United States whose purpose is to conduct
espionage on Americans. And America's national security, intellectual
property secrets, trade secrets, and infrastructure secrets are all at
considerable risk.
If you look at your own computers, and not just the illegal access,
but next to the United States, the largest number of hits that my
computer has in my office is from China; 14,000 hits. I guarantee you I
don't have many constituents that are residing in Beijing, but it could
have something to do with the fact that I serve on the Armed Services
Committee and chair the China Caucus.
Let me give you two other examples. Chi Mak was a Chinese spy who
worked for a United States defense contractor. In 2005, an FBI wiretap
caught him discussing how to smuggle an encrypted computer disk to
China that had intelligence information that could potentially
jeopardize the U.S. Navy.
Secondly, we had Katrina Leung, which public sources have indicated
operated as a double agent for China and the United States and
contaminated probably two decades worth of U.S. intelligence relating
to China as well as crippling the FBI's Chinese counterintelligence
program.
She accessed such sensitive intelligence through entrapment of a
senior FBI agent. Both examples illustrate serious threats to America's
security, and they're the ones we know about from public sources.
I have introduced H.R. 3806, the SPIES Act, to help strengthen
penalties against these serious foreign espionage threats. We cannot
continue to fight today's espionage threats with yesterday's laws. Yet
while we continue to name post office after post office in this body we
can't find the time to consider this legislation.
Mister Speaker, we must be mindful of the dangers of dismissing a
known, ongoing security threat. Turning a blind eye will not address
this issue, and I appreciate my colleague for calling our attention to
this important issue that affects the House of Representatives and the
country at large. I fully support the resolution and urge my colleagues
to do the same.
Ms. ZOE LOFGREN of California. Madam Speaker, I would just note, the
thrust of the gentleman's resolution has to do with the House, which is
why I'm addressing the House computers. On the other hand, I've been
concerned for a long time about cyber security in the Federal
Government, in the DOD, in the Homeland Security Department, and
frankly, in the private sector. And it is very spotty.
I just wanted to make a correction. I was briefed on the National
Journal story. What happened on the nuclear power plant issue, it was
not an attack. It was someone who was uploading some software onto a
computer that he did not realize was networked, and it was inconsistent
with other software. And actually it didn't work as designed because
the control system shut it down.
Having said that, I have said in public--so I don't mind saying it
here again today--that we have cyber security vulnerabilities,
especially SCADA systems that were installed years ago before we were
thinking about security. We have not paid enough attention to that
either in the private sector or the public sector.
We have had FERC before the Committee on Homeland Security on several
occasions urging them to force utilities to take the steps they need to
preserve their networks, and they say two things: One, they don't have
enough authority; and two, they don't want any more authority. So we've
said this is an emergency situation, and we're not getting an emergency
response attitude from the agencies with authority.
That is certainly something that other committees may want to look
at. I'm just familiar with the efforts that I've been involved in, and
they've been substantial, although, regrettably, not yet successful.
I would just like to stand up a little bit for our IT guys here in
the House. It was our IT guys who discovered that your computers had
been infected and notified you. And it's bad that they were infected,
but it's part of the price you pay when you use a network computer to
visit a potentially dangerous Web site. But they cleaned it up and
responded promptly, and I think they deserve credit for letting that
system work.
And just a final note on hits from China. That's not the same as an
attack. And we keep track of the hits we have on our Web site. I mean,
I get hits on my Web site from all over the world. I don't know why
people in other countries come and visit my Web site, but it's not an
attack, it's that they're looking at information that I have made
publicly available.
What we are concerned about is attempted intrusions, and there are
many of those in an astoundingly small successful effort. This is a
constant battle. As the hackers become more sophisticated, our defenses
need to become more sophisticated, and it never ends. That's why the
effort to improve our patches in our security needs to happen every
single day. There needs to be continuous monitoring of our systems. And
it has to be all of us. This has to be a team. And every Member needs
to take responsibility for this, along with the government itself.
Madam Speaker, I reserve the balance of my time.
Mr. WOLF. Madam Speaker, may I inquire as to how much time I have
remaining?
The SPEAKER pro tempore. The gentleman from Virginia has 9 minutes
remaining.
Mr. WOLF. Madam Speaker, I yield 4 minutes to the gentleman from
Michigan, the ranking member on the Intelligence Committee, Mr.
Hoekstra.
Mr. HOEKSTRA. I thank my colleague.
One of the jobs that I have here in the Congress is to serve as the
ranking member on the Intelligence Committee, also having served as the
chairman on the Intelligence Committee.
Today I rise in support of Congressman Wolf's privileged resolution
on cyber security to salute him for his efforts to educate this House
and the American public about the growing threat to U.S. commerce, our
national security, and the privacy of the American people.
Unfortunately, some on the other side have attempted to scare the
American people into thinking that the gravest threat to their privacy
comes from our Nation's hardworking intelligence professionals. That's
absolutely not true. Mr. Wolf, in this resolution today, reminds us
that the real threat to America's privacy and the safety of Americans
comes not from within, but from those who would do us harm from
overseas.
Mr. Wolf had the misfortune to personally experience this fact when
computers in his office were compromised by hackers from China, the
Chinese, in 2006. I agree with my friend from Virginia that his office
computers probably were targeted because of his long record of speaking
out against human rights violations in China.
While I can't discuss the specifics of what we know, I can tell you
that the leadership of this Congress, Republicans and Democrats, are
well aware of the cyber espionage threat that exists. But what has this
Congress done? Instead of working to modernize and strengthen our
Nation's surveillance capabilities, the Democratic leadership
[[Page H5286]]
of this Congress has sought to tie the process down in bureaucracy, in
red tape. Some have sought to vilify the intelligence professionals we
ask to form the first line of our Nation's defense.
And in some cases, instead of talking about the threat to America's
privacy posed by foreign cyber espionage and hackers, they instead
point the finger of accusation at our intelligence professionals and
innocent patriotic businesses that may at this point be helping to
protect the Nation, the very same intelligence professionals and
businesses we may turn to to help protect our Nation from the cyber
threat.
The threats we face are real. These are not just simple viruses,
these are sophisticated attacks on a new electronic battlefield. They
jeopardize America's security--politically, economically, and
militarily. It's a global problem with multiple threats. Some of my
colleagues have talked about earlier, there has been reports about what
Russia did in Estonia. We know what countries have done against the
United States.
So Congress does need to face this and face this issue very
seriously. Congress needs to ask tough questions about trade and
technology deals involving Chinese finance and businesses. One of the
things that we know, while my colleague brings up China in this
instance, and the Chinese, we know that it is a global threat. But
specifically about China the message is very, very clear, consistently
over and over the Chinese cheat.
We also need to focus on the real threats our Nation faces, not those
imagined for partisan gain. And most importantly, and most urgently,
again, to make sure that our intelligence professionals on the front
lines have the tools that they need to keep us safe and to attack this
cyber threat, this Congress needs to pass the Senate FISA bill now.
Because this law not only affects how we track the radical jihadists
who threaten us, it will also impact how we confront the cyber threat
as well.
This is a very sophisticated problem, it is a very serious problem. I
congratulate my colleague for bringing it forward. This is an issue
that I believe we can work on a bipartisan basis. We need to work on a
bipartisan basis. But we need to do first things first, and the first
thing we need to do now is get FISA passed, and do it soon.
Mr. WOLF. Madam Speaker, I recognize the gentleman from Michigan (Mr.
Ehlers) for 2 minutes.
Mr. EHLERS. I thank the gentleman from Virginia for yielding, and I
especially thank him for bringing this issue to the floor.
I also thank my colleague from California, who works with me on the
House Administration committee, for her very perceptive comments on
this problem.
I would just like to add a little historical insight. I was asked by
the new Speaker, Newt Gingrich, some years ago--in 1995 to be exact--to
take charge of setting up the new computer system for the House of
Representatives. It was a formidable task. And one issue I emphasized
over and over was the need for adequate security.
{time} 1800
We did the best we could at that time. And I was very proud for a
number of years that although the White House got hacked, the Pentagon
got hacked, the Senate got hacked, we did not get hacked. Those days
are over. And every Member of this House of Representatives has to
recognize that.
This is going to involve, first of all, the best possible technology
fix. There's no question about it. But there's another aspect that was
mentioned by my colleague from California, and that is training Members
and staff on how to deal with this threat and this danger. That is not
easy.
When I computerized the House, I had to educate my colleagues about
computers. It was hopeless. I eventually taught computer classes myself
to my colleagues to try to get them interested and to begin using
computers. We are going to have to be that direct, that formidable and
persistent in ensuring that our colleagues and all our employees
understand the threat and that they learn how to deal with the threat
and especially learn how to prevent incursions by the actions that they
take with their computers and the way they handle their equipment.
This is a major issue. I will pledge, as my colleague from California
does, that we will attempt our best to address this on the House
Administration Committee, and we will certainly do everything possible
to solve it. But it is going to require the vigilance of every employee
of the House of Representatives and the Senate for that matter.
Ms. ZOE LOFGREN of California. I will just say that I appreciate Mr.
Ehlers' comments. As he has, I have introduced many Members to the
concept of the Internet. Luckily that is no longer as necessary today
as it was at one time. But some of our colleagues are real white-out-
on-the-screen folks, and we need to bring them forward to the modern
era.
But you are right. It is not just the Members. As I have mentioned to
Mr. Wolf, I have made a commitment that I intend to follow through to
ask the Republican Conference and also the Democratic Caucus to appear,
not just by myself, but with top-level experts, to explain to Members
their responsibilities and vulnerabilities for them when they travel
abroad with mobile devices as well as their desktops in their office
and how to preserve their network. And it's not just for the staff. I
mean how many of us have made clear to the summer interns that if they
have their laptop, and they're on a peer-to-peer network for whatever
reason at home, and then they plug that laptop into the House network,
I might add in violation of our rules, that they have introduced a
vulnerability to our system? I don't know how many of us have given
that little tutorial to these wonderful young people, but all of us
should.
So I think this has been a helpful resolution, Mr. Wolf, because it
has opened my eyes to the need to get Members to pay more attention.
And I am going to play the most positive role I can to make sure that
happens. But it is also going to take the cooperation of the Members
themselves, because if this is not taken seriously, it won't happen.
I reserve the balance of my time.
Mr. WOLF. How much time do I have left, Mr. Speaker?
The SPEAKER pro tempore (Mr. McNulty). The gentleman from Virginia
has 3 minutes remaining.
Mr. WOLF. I thank the gentlelady for her agreement. I think we have
to, one, read the National Journal. This is a very respected magazine.
And this is a serious problem. Up until now, it has been neglected by
many in the administration and many in Congress.
Secondly, I think the American people are ahead of this Congress. And
quite frankly on this issue with China, I think they are ahead of the
administration. They are ahead of the administration on human rights,
religious freedom, persecution and bad goods coming in from China. This
Congress and this administration ought to wake up.
Thirdly, people are not anxious to talk about this in the Congress,
nor are they anxious to talk about it in the administration. They are
not anxious to talk about it. There was an effort to have me not go
ahead with this using different techniques and different ideas. And we
complied. We worked with the majority every way we can.
I want to say this. I will not let this issue rest. I may not be the
fastest person in this institution. But I am as dogged as anyone. And I
expect the leadership, I expect the leadership to deal with this not
just by the House Administration Committee, I expect the leadership to
deal with this on the Armed Services Committee. I expect the leadership
to deal with this with regard to the House Intelligence Committee. I
expect the Government Operations, has the Government Operations
Committee ever been reluctant to hold a hearing on anything? And the
answer is ``no.'' They must deal with this issue. And I tell the
gentlelady, who has been very good, and I thank her for that, that if
this is not resolved, I will be down here on the floor. I will rework
this resolution. It will be a privileged resolution. And the next time
there will be a vote on this. And then the American people, the
American people can see how aggressive this administration and this
Congress will be on a major national security issue and the issues of
religious freedom and persecution. Keep in mind that 35 Catholic
[[Page H5287]]
bishops are in jail in China. Two hundred Protestant pastors are in
jail in China. They have plundered the Tibetans, and they're
persecuting the Uighurs. This is not a government that is very
friendly. And also they are the leading supporter of genocide in
Darfur.
With that, knowing this will be dealt with, I reserve the balance of
my time.
Ms. ZOE LOFGREN of California. Mr. Speaker, I just want to say that I
serve on three committees. I serve on the House Administration
Committee. And I am here today in that capacity. I serve on the
Homeland Security Committee where I have participated in I would say
dozens of hearings on cybersecurity at least over the years. And I
serve on the House Judiciary Committee where we have had, we have a
little bit of jurisdiction, but we have actually worked pretty hard on
our spyware issues and cybersecurity issues. We have paid attention to
that.
I know that the Armed Services Committee has also paid attention to
the whole issue of cyber warfare and cybersecurity. The Intelligence
Committee isn't allowed to tell the rest of us mere mortals who don't
serve what they have done, but I certainly hope they are taking this
seriously and believe that they are.
I know that the gentleman has the right to close. I would just say
that I would like to provide to Mr. Wolf the material from the many,
many hearings that we have had. I think that he would value seeing what
we have done so far. And also it would be valuable to him to see what
remains to be done.
As I said earlier, we have been yelling, actually yelling about this.
We have, as a Nation, tremendous vulnerabilities. And you can't always
know. You can detect, unless it is spoofed, where an intrusion is
coming from. You can't always say who has initiated that intrusion. But
I will tell you, these intrusions and hackers are coming from all over
the world with all kinds of intentions. And we all ought to take all of
this very seriously. And we have failed, I think, to do all of the
things that we could have done.
We have worked with the private sector. And at this point, the
private sector is so wary of the Department of Homeland Security that
there is a reluctance, actually, to work with the department because
the information provided to the department will be so insecure. So we
have a long ways to go.
I am glad that the gentleman has a strong interest in this. I wish
that every Member had a strong interest in it. And maybe after we are
through having these presentations to the Republican Conference and the
Democratic Caucus, we will have a higher level of Member interest. And
maybe instead of just our few voices in the wilderness here in the
House, Mr. Ehlers, Mr. Langevin, myself and Mr. Thornberry, who have
been working on this for so many years, will have more voices, and
maybe we will have a better response. I certainly hope so.
I yield back the balance of my time.
Mr. WOLF. Mr. Speaker, I yield back the balance of my time.
Motion to Refer Offered by Ms. Zoe Lofgren of California
Ms. ZOE LOFGREN of California. Mr. Speaker, I have a motion at the
desk.
The SPEAKER pro tempore. The Clerk will report the motion.
The Clerk read as follows:
Ms. Zoe Lofgren of California moves that the House refer
the resolution to the Committee on House Administration.
The SPEAKER pro tempore. Without objection, the previous question is
ordered on the motion to refer.
There was no objection.
The SPEAKER pro tempore. The question is on the motion to refer.
The motion was agreed to.
A motion to reconsider was laid on the table.
____________________
