Good morning. Before we begin, I would first like to thank Chairman Mack for asking me to chair this hearing on such a critically important topic to our country: "Cyber-threats and the US Economy". The high-technology sector continues to lead America's vigorous economic expansion. Currently, it generates over one-third of real economic growth in the United States and accounts for approximately 8 percent of our nation's employment. This year, Internet transactions are expected to total $8 billion. Future predictions of transaction totals grow to $327 billion by 2002 and $1.5 trillion by 2003.

No top-down or strategic plan was responsible for the success of US high-tech industries such as semiconductors, software, and biotechnology. Instead, decentralized sources of financing for entrepreneurs, and open and competitive markets, have ensured that diverse innovative approaches are pursed. Many high-tech entrepreneurs have created vast businesses and thousands of new jobs in a few years, beginning with little more than a good idea. For example, a few university computer scientists with the idea of building devices to connect computers into large networks founded Cisco Systems in the mid-1980s. Cisco, with just $69 million in 1990 sales, exploded into a worldwide business with sales of over $8 billion and 19,000 employees by 1998.

Traditional businesses have quickly reached for and embraced new high technology and the Internet, integrating them into the core of their business processes and capabilities. They have gained efficiencies and reaped many benefits as their growth rapidly escalates. Just-in-time inventories and lean manufacturing processes are examples of just how efficient many business lines have become since the introduction of information technology into every facet of the supply chain. Critical functions and services are increasingly using and thus dependent on the Internet.

Along with the astonishing growth and movement onto the Internet, there is an associated growth of real vulnerabilities and credible threats to the economic stability and well being of the United States. Such threats may be ubiquitous, as in hacker-instigated denial-of-service attacks on multiple targets, or focussed, as in the use of a range of tools by foreign governments for political purposes. An emerging type of threat may be the use of this electronic media to effect the physical infrastructure, which is increasingly dependent upon the use of networked systems. For example, a power and telecommunications failure, instigated via a computer network could cause a halt in commercial activities, and thus poses a threat to national economic security.

Recently, hackers used a distributed denial-of-service attack targeting a number of online companies, such as Yahoo, CNN.com, eBay, E-Trade, Buy.com, Amaxon.com, ZDNet.com, and others, causing service disruptions that lasted from minutes to several hours!. Estimates are that each one of these attacks can cost tens of millions of dollars in lost potential sales, or in the example of E-Trade, inability to trade stocks whose value may be changing rapidly. One estimate by the Yankee Group sets the total cost above the $1 billion mark.

These types of denial-of-service attacks serve to soften public confidence in the Internet and transacting commerce over it. A recent survey by PC Data Inc., a market research firm, finds approximately 45% of Internet users indicated they are less likely to transmit credit-card numbers over the Web due to these recent attacks. Nonetheless, these attacks are only the tip of the iceberg. They are the part of the iceberg that is visible above the water - in clear view. But as everyone knows, the largest part of the iceberg, and possibly the most dangerous, lies beneath the surface of the water and is difficult to detect. This is true also with the range of threats to the Internet and those that rely upon it.

Attacks on American defense and industrial facilities in cyberspace are as real and dangerous as any conventional threat to economic prosperity and national security. As we look forward to the year 2000 and beyond, a new landscape for Congress and the nation is emerging. It is a landscape in which policymakers must work to protect private industry's high-tech infrastructure and safeguard the federal government's ability to meet the defense challenges of the next millennium - with the goal of deterring our adversaries from understanding and manipulating the industrial and economic underpinnings of our national security.

Cyber threats do not constitute a new weapon, but a new place. Forget everything that Rand McNally ever taught you about how the world looks because, in the world of interconnected, interdependent computers, no one really knows what the world looks like - at least not anymore. Every day, someone at Lucent tries to map cyberspace. Let me assure you it looks nothing like the "old place" - the "old world." Instead, it is a tangled mass of color-coded networks much like an abstract painting. This was not a map as you and I know it, but a momentary snapshot of a cyber-world still being built and that changes rapidly. When you begin looking at the new geography, the political and spatial worlds blur. Countries, as we know them, begin to fade.

As Thomas Friedman observed in his book the Lexus and the Olive Tree, the globalization of the world economy and the integration of markets and technologies "is enabling individuals, corporations, and nation-states to reach around the world farther, faster, deeper, and cheaper than ever before." While cheap global reach has tremendous benefits from a commercial perspective, it also offers a highly unique set of strategic, asymmetric threats to U.S. economic and national security interests. A clear understanding of privacy, security, and reliability in cyberspace is needed.

President Clinton's Presidential Decision Directive 63 (PDD 63), signed in May 1998, required the Executive Branch to assess the vulnerabilities of computer-based systems and to remedy deficiencies in order to become a model of information security. PDD 63 called for the development of a detailed federal plan to protect U.S. critical infrastructures and to defend America against information warfare. Due in the fall of 1998, the National Plan for Information Systems Protection was finally released early this month. As the Plan notes, it is in fact an invitation to a dialogue - an important first step. It signals that for the first time the Administration may be serious about protecting Americans in the information-age. However, there is much work to do if it is to succeed. A sound appreciation for the range of credible threats will support the work yet to come.

I look forward to hearing from our distinguished witnesses today and the light they will shed on cyber-threats implications and challenges for both the public and private sectors as well as necessary next steps for successfully addressing them within this new landscape.

*****