Hurd, R-San Antonio, was conducting his first hearing as chairman of the Government Oversight Committee’s subcommittee on information technology, a plum assignment handed to the freshman by Republican leaders eager to keep him in their ranks.“Cyber attacks are a fact of life in the United States and virtually every network is at risk,” the National Retail Federation’s David French testified.
Hurd is qualified for the job, reminding the audience that he worked for nine years as a CIA undercover operative, helped build a cybersecurity business and has the knowhow to “bang out” basic computer code.
He has noted in the past that cybersecurity is a growing public and private industry concern in his San Antonio district, which includes the Air Force Cyber Command and one of the largest National Security Agency operations outside Fort Meade, Maryland.
By happenstance, the hearing occurred on the heels of disclosure that unknown hackers gained access to personal information of some 11 million customers of health insurer Premera Blue Cross, including health data and bank account specifics.
Daniel Nutkis, CEO of the Health Information Trust Alliance — a health-care company collaborative — said at the hearing that many in his industry don’t understand the threat.
He said his industry is making improvements but that smaller companies in particular often lack the resources to sufficiently harden their networks.
“We assume that health-care data is never going to be protected like launch codes and nuclear silos,” Nutkis said.
Security strategist Richard Bejtlich said American companies must confront a fast-evolving threat posed by hackers around the world.
Bejtlich, from the California-based security firm FireEye, Inc., testified that Chinese and Russian hackers are pressing intrusions “for commercial and geopolitical gain.”
Iranians and North Koreans, he said, increasingly seek to plant destructive malware for purposes of sabotage. He noted more activity recently from interests in Syria aiming at Western news organizations and others.
Bejtlich warned that mobile phone users are being targeted, citing a FireEye study of “phishing” emails offering banking services and other methods of intrusion seeking to harvest passwords and authentication codes.
Afterward, Hurd referred in an interview to “the Chinese being deep into the infrastructure” of American companies.
He said he intends to use information gleaned from the hearing and others he will conduct to work with FBI and homeland security officials “to address these problems.”