Press Releases

Committee Probes Foreign Cyber Attacks on U.S. Small Businesses

f t # e
Washington, July 6, 2016 | comments

Chabot: “Impacts both our national security and our economic security”

WASHINGTON – Leading cybersecurity experts warned members of the House Small Business Committee today that American small businesses are at great and growing risk of cyberattacks from foreign hackers. Today’s hearing was part of the Committee’s ongoing effort to spotlight the cyber security threats faced by America’s 28 million small businesses and develop solutions to combat the threat.

“Small business cyber security has been a top priority for our Committee throughout this Congress,” said House Small Business Committee Chairman Steve Chabot (R-OH). “In our previous hearings, we have heard stories from small business owners who have been the victims of cyber attacks. We have also heard dire warnings from cyber security experts about the new and varied cyber threats facing America’s 28 million small businesses.”

“Small businesses play an indispensable role in providing the federal government with products and services. They are integral links in the government supply chain but are often ill-equipped to combat against sophisticated foreign cyber attacks. This makes them a prime target for state sponsors of cyber terrorism who wish to undermine America’s commerce and security,” explained Chabot, who is also a senior member of the House Foreign Affairs Committee.

“This is an important dimension of the cyber security threat that impacts both our national security and our economic security and I believe it demands much more attention than it has received so far,”concluded Chairman Chabot.

You can read full testimony from today’s hearing here and view full video here.

AS FBI DIRECTOR JIM COMEY SAID YESTERDAY…

“As we know from FBI Director Jim Comey’s statement yesterday, the FBI has recently “developed evidence that the security culture of the State Department in general, and with respect to use of unclassified e-mail systems in particular, was generally lacking in the kind of care for classified information found elsewhere in the government,” testified Jamil N. Jaffer, the Director of the Homeland and National Law Program at the George Mason University School of Law.

“This is troubling news indeed, given the important role that the State Department plays in our relations with other nations, the type of sensitive information it receives from our allies, and the critical nature of the negotiations it conducts on behalf our people,” added Jaffer, who also praised Chairman Chabot’s successful effort to include an amendment to a State Department Authorization measure thatrequires a cybersecurity investigation into the State Department’s possible use of equipment and services purchased from suppliers linked to key cyber threat nations.

“The potential use of such equipment and services by the U.S. government is a key issue for congressional oversight, particularly given the threat environment that our nation—in both the public and private sectors—faces from nation-state actors and their proxies,” stressed Jaffer. “The innovative small businesses that are key engines of job growth and investment in our economy… must confront the very real threats we face in cyberspace.”

CYBER SECURITY EXPERTS SOUND THE ALARM

“As small businesses increase their connectivity to the Internet, they face significant challenges and additional costs, not just in infrastructure and the ‘nuts and bolts’ of establishing businesses’ connectivity, but also security-related costs,” testified Nova Daly, a Senior Public Policy Advisor at Wiley Rein LLP and former Director of International Trade at the National Security Council (NSC). “Both domestic and foreign criminals, as well as foreign governments, have been known to exploit and are actively targeting internet based vulnerabilities in order to gain access to financial information, customer data, and intellectual property.”

“In fact, according to McAfee, the well-renown security company, if cybercrime was a country, its GDP would rank 27th in the world,” testified Justin Zeefe, the Co-founder and Chief Strategy Officer of the Nisos Group, a cybersecurity consulting firm. “How would we collectively react if we knew that the 27th largest economy was absolutely dedicated to attacking our value? What if they were overwhelmingly directing their actions against small businesses? In fact, both of these statements are accurate.”

“Symantec found in June 2015 that 75% of cyberattacks were directed at organizations with fewer than 2,500 employees – a dramatic increase from years prior. Not a week goes by that we don’t read of a major data breach in the paper, with mention of what the attackers stole, and often how they managed to gain access.” Zeefe added.

BACKGROUND:

  • Today’s hearing comes after Chairman Chabot led several members of Congress in sending a letter to Secretary of State John Kerry and Secretary of Commerce Penny Pritzker about disturbing reports that Chinese telecommunications vendors may have been used to subvert U.S. sanctions against rogue regimes.
  • The Government Accountability Office (GAO) noted in a 2012 report that the FBI has determined that foreign state actors pose a serious cyber threat to the telecommunications supply chain.
  • The Office of the National Counter Intelligence Executive released a report in 2011 stating that tens of billions of dollars in trade secrets, intellectual property, and technology are being stolen each year from computer systems in the federal government, corporations, and academic institutions.They identified China and Russia as the two largest participants in cyber espionage.
  • According to a report from Verizon, 71 percent of cyber-attacks occurred in businesses with fewer than 100 employees in 2012.
  • Chairman Chabot has strongly supported key pieces of legislation aimed at improving cyber security for small businesses and the federal government this Congress including H.R. 5064, the Improving Small Business Cyber Security Act of 2016, and H.R. 1731, the National Cybersecurity Protection Advancement Act of 2015.

###

f t # e