Majority Statement

• Chairman John Thune
  Read statement

  Majority Statement

  Chairman John Thune

  "Good afternoon and welcome to this U.S. Senate Commerce Committee field hearing on the challenges in securing cyberspace.  As Chairman of the Commerce Committee, I am proud to bring this hearing to Dakota State University, which is nationally recognized for its cybersecurity programs.  I am also pleased to see so many DSU students here today as we discuss this important issue.

  "Many of you students are the next generation of cyber professionals that we need to help protect our private businesses and government networks from cyber incidents and attacks.  A number of you participate in the National Science Foundation’s (NSF’s) CyberCorps scholarship-for-service program, which will help increase the cybersecurity workforce at government agencies.

  "Federal agencies need help, especially when it comes to improving their own cybersecurity practices.  You may have read in the news about cyber attacks this year on unclassified email networks at the Pentagon, State Department, and even the White House. 

  "If any of you have ever applied for a security clearance, which some of you probably do in conjunction with the CyberCorps job application process, you might have been subject to the breach of background investigation information at the Office of Personnel Management.  Similar compromises of sensitive information occurred with the Internal Revenue Service this year.

  "While these cybersecurity attacks and breaches are a problem for federal agencies in Washington, DC, cyber threats are important to South Dakotans too.  

  "The same state-sponsored hackers and criminal groups that are attacking the federal government to gain access to sensitive or classified information are using similar techniques to steal intellectual property from our businesses and critical infrastructure, disrupt and deny access to our online services, and steal our identities and personal information to fraudulently spend money in our names. 

  "Two weeks ago, I spoke to Sioux Falls residents at a STOP. THINK. CONNECT. event hosted by the National Cyber Security Alliance to educate consumers and local businesses about how to add security layers to their everyday online activities.  Good Internet practices like creating strong passwords, recognizing phishing emails, and two factor authentication go a long way towards helping protect yourself online. 

  "We likely won’t ever find one silver-bullet solution or set of solutions to cybersecurity vulnerabilities, but we can continue to improve our ability to manage and mitigate cyber risks. 

  "Congress has a role in this effort, and the Senate plans to consider legislation, the Cybersecurity Information Sharing Act of 2015, that would spur greater cyber threat information sharing between and among the private sector and the government.  The addition of liability protections under the bill would allow businesses to share information more easily across industry sectors or among groups of companies that may be experiencing the same cyber threats.

  "Another bill that I believe will help address cybersecurity challenges is the Cybersecurity Enhancement Act of 2014, which I cosponsored, and which passed out of the Commerce Committee and became law last year.  This law included important provisions for R&D, workforce development, and standards.  It authorized the National Institute of Standards and Technology’s (NIST’s) continued efforts to develop the voluntary Framework for Critical Infrastructure Cybersecurity, the NSF’s successful CyberCorps scholarship program, and NIST’s National Initiative for Cybersecurity Education, known as NICE.  

  "It also directed better cooperation and planning across federal agencies in research and development, and updated efforts on cloud computing and international standards.

  "I believe these legislative efforts are a significant step forward, but I hope we can spend some time today discussing future efforts to address the ongoing cybersecurity challenge, including the importance of honing our ability to conduct offensive cyber operations, when appropriate. 

  "I want to thank all of our witnesses for agreeing to testify, and am grateful to DSU for hosting this hearing.  I want to express my appreciation to Dr. Josh Pauli, a DSU Professor and one of our witnesses today, for helping to arrange this hearing and being an excellent host to the other witnesses.  I am always proud to tell my colleagues about DSU’s prestigious designations in cybersecurity from the National Security Agency.

  "Also joining us from DSU is Dr. Kevin Streff, who chairs the Cybersecurity Operations and Security Department, and founded his own business based on his research at DSU.  His company, Secure Banking Solutions, aims to improve security at community banks here in South Dakota and across the country.    

  "Joining us from Sioux Falls are Mr. Mark Shlanta and Mr. Eric Pulse, who represent local companies that deal with managing cyber threats as part of their businesses. 

  "Mark Shlanta’s company, SDN Communications, responds to numerous daily threats against its network and customers.  And at Eide Bailly, Eric Pulse advises healthcare, insurance, and financial services companies on IT risks and regulatory compliance, and often looks to NIST standards as part of this effort.  I look forward to hearing from you both and, in particular, learning about your experience with the NIST Framework. 

  "I would like to offer a special thanks to Mr. Jeremy Epstein from NSF and Mr. Kevin Stine from NIST, who flew all the way from Washington, DC to testify.  NSF and NIST, which are agencies under the Commerce Committee’s jurisdiction, support important work in cybersecurity research, education, awareness, and standards that we will hear more about today. 

  "Mr. Epstein is responsible for NSF’s cybersecurity research program, which spans many different disciplines.  Mr. Stine will discuss NIST’s extensive cybersecurity work with the private sector, other agencies, and academic institutions.   NIST has been an important partner in helping protect the nation’s technology infrastructure through efforts like its successful collaboration with industry to develop the Cybersecurity Framework and technology solutions at the National Cybersecurity Center of Excellence.

  "Gentlemen, I look forward to hearing your testimony."            

Testimony

• Dr. Josh Pauli

  Professor of Cyber Security and NSF SFS CyberCorps Program Director

  Dakota State University (DSU)
  Download Testimony (166.42 KB)

• Dr. Kevin Streff

  Department Chair, Cyber Operations and Security, Dakota State University;

  Founder and Managing Partner, Secure Banking Solutions, LLC
  Download Testimony (608.77 KB)

• Mr. Mark Shlanta

  CEO

  SDN Communications
  Download Testimony (364.96 KB)

• Mr. Eric Pulse

  Director of Risk Advisory Services

  Eide Bailly
  Download Testimony (118.07 KB)

• Mr. Jeremy Epstein

  Lead Program Director, Secure and Trustworthy Cyberspace (SaTC) program

  National Science Foundation (NSF)
  Download Testimony (415.96 KB)

• Mr. Kevin Stine

  Manager, Scurity Outreach and Integration Group, Information Technology Laboratory

  National Institute of Standards and Technology (NIST)
  Download Testimony (579.77 KB)