Grassley Statement at Hearing on Cyber Threats to Our Nation’s Critical Infrastructure
Prepared Statement by Senator Chuck Grassley of Iowa
Chairman, Senate Judiciary Committee
Subcommittee on Crime and Terrorism Hearing
“Cyber Threats to Our Nation’s Critical Infrastructure”
August 21, 2018
Thank you Chairman Graham and Ranking Member Whitehouse of the subcommittee for holding this important hearing. This hearing is as timely as ever—just this morning we got word that a group affiliated with the Russian government created phony versions of six websites, including some related to the United States Senate. Their goal was to hack into the computers of people who were tricked into visiting the sites. Microsoft has disabled the sites. But this underscores the importance of our hearing.
Today we’re also focusing on botnets and ransomware, two other massive cybersecurity issues that have an enormous impact on both the private and government sectors. Botnets are used by hackers to send malware and spam, to launch denial of service attacks and to provide the needed infrastructure for ransomware schemes. A hacker, criminal organization or unfriendly government is able to gain control of thousands, or even millions of computers, and then use the trail of computers to both increase their computing power and cover their tracks from our law enforcement.
We have had a number of dramatic instances in which law enforcement was able to successfully interdict botnets. One of the most iconic was the botnet “GameOver Zeus” in 2014. The United States responded with Operation Tovar—a massive effort between our government agencies, foreign governments, and the private sector to take control of the botnet and clean up infected computers. GameOver Zeus had been used for banking fraud and the spread of ransomware.
In 2015, the U.S. government, working with international partners in 19 other countries, dismantled a computer hacking forum known as “Darkode” by arresting and charging numerous defendants in the United States and abroad as part of a single, coordinated strike—known as “Operation Shrouded Horizon.” Darkode had, until that time, provided a platform the sale of malware, botnets, and personal identifying information.
International cooperation, private sector cooperation, but also appropriate statutory authority, are vital to our success against botnets. As long as cybercriminals and malicious government actors can infiltrate our computers and access our critical infrastructure, we are not safe from foreign interference: not in our elections, and not in our ability to provide numerous other essential services to our citizens.
Last month, the Department of Justice issued the report of the Attorney General’s Cyber Digital Task Force. The task force made a number of recommendations to address these issues, including increased civil injunctive authority in the fight against botnets. I look forward to hearing more about the department’s recommendations today.
Many aspects of our critical infrastructures are also exposed to cyber intrusion and disruption because of how these basic functions rely on information technology to work. Our nuclear and chemical facilities, our communications networks, the defense industrial base, financial services, emergency services, healthcare and energy sectors are all potentially vulnerable to cyber threats. This hearing will help us gather information on those threats and what we can do to stop them. It will also continue our fact-finding on the many ways in which cyber tools are used, or can be used, to undermine the security of our elections.
Of course, we continue to deal with the threat of election interference. The Judiciary Committee has undertaken a great deal of work to learn more about that threat and how to respond to it. We have held no fewer than seven hearings, tackling the issue from every angle our jurisdiction permits. These have included hearings about disinformation campaigns, about the Foreign Agents Registration Act and about shell companies and virtual currencies. Congress continues to evaluate this problem and its potential solutions.
This is particularly true the more that we learn about the extent and depth of the threat of foreign election interference. Russia is not the only bad actor and we cannot isolate our focus there. National Security Advisor John Bolton recently warned the American people that China, Iran and North Korea pose just as much of a threat in that area and may attempt to interfere with our upcoming elections.
On June 12 of this year I called a hearing on “Election Interference: Ensuring Law Enforcement Is Equipped to Target Those Seeking to Do Harm.” At that hearing, some respected experts from the national security field strongly recommended that we improve law enforcement’s ability to fight botnets as a way to get at election interference. Clearly, the two issues are connected. Botnets can be used by individuals who have both financial and political motives. One recommendation was that Congress statutorily expand law enforcement’s ability to seek civil injunctions to shut down botnets beyond cases that involve fraud. Again, I look forward to hearing the testimony of today’s witnesses and evaluating other recommendations to help protect our cybersecurity systems, critical infrastructure, and our country, from these threats.