Statement of US Senator Charles E. Schumer

Brookings Institution Symposium on Technological Change and American Security

June 15, 2000

The 21^st Century has dawned with America in the midst of an unprecedented economic boom, driven in large part by what has come to be known as the "new economy" - an economy increasingly dependent and fueled by the stunning advances in high-technology goods and services that have come to seem so commonplace.

The foundation of this "new economy" is, of course, the Internet, and other rapidly advancing digital technologies that comprise the "information revolution."

But while our high-tech advances are emerging at lightening speed, providing all the benefits to our society of rapid economic growth and prosperity, and helping make the US economy the envy of the world, technological change is happening so fast it is creating real and potentially catastrophic vulnerabilities to America's homeland security.

And although emerging technologies are creating new opportunities for our military's warfighting capabilities, they are also creating new opportunities for those who mean to do us harm. Coming to grips with this dilemma is one of the primary challenges for American security in the 21^st Century.

The new technologies having the biggest impact on our security right now are information technologies. The key problem is that while this amorphous entity known as "cyberspace" has become the back-bone of our highly integrated, modern "E-Commerce" economy, its is also the underpinning of our defense and intelligence systems, as well as our nation's most critical infrastructures, such as telecommunications, transportation, energy, and financial services.

And the fact is, although the United States is far and away the most technologically advanced nation on earth, we are also far and away the most technologically vulnerable.

Not only are several countries, most notably China and Russia, spending billions to enhance their so-called "netwar" capabilities, which could conceivably threaten the entire US defense infrastructure, but terrorist cells around the world - state-sponsored and otherwise - are turning their attention to adopting cyber-terror capabilities that could cripple the US economy and bring US cities to their knees.

For example, experts say that several well-placed cyber-bullets, known as "electronic sniffers," can potentially sabotage a large portion of the American financial system, vaporizing billions of dollars in the blink of an eye, and causing mass panic on Wall Street. The boomerang effect of such an attack would be severe: it could take months, if not years, for the financial sector to recover, if at all.

And computer networks which comprise the backbone of other US critical infrastructures, such as power grids, and telecommunications and transportation systems, remain vulnerable to serious disruption, if not outright shut-down. The consequences of a successful attack on any of these systems - such as crippling the Northeast's air traffic control network while hundreds of planes are in the air - would, of course, be devastating.

While the recent well-publicized hacking and virus incidents - such as the "Love Bug" attack - cost billions in lost productivity and data, they have mostly been launched by mischievous teenagers just out to cause trouble.

But these attacks have shown the underlying vulnerabilities of our computer-dependent critical infrastructures to not just lone hackers, but to coordinated attacks by sophisticated cyber- terrorists who truly mean to do us harm.

And instead of a virus that disrupts e-mail service and forces the temporary shut-down of systems, next time we may see the "real thing."

So what is the United States doing to combat this new, and very real threat to America's homeland security? Recklessly less than we should be.

While the US is spending as much on defense as the next 7 nations combined, we are not channeling nearly enough attention and resources toward the problem of new technologies, and their effect on our nation's security. Instead, we are still mired in a Cold-War era defense spending mentality.

So as Congress forges ahead with the Air Force's $70 billion F-22 program - which will ensure US air dominance in a fight against a Soviet Union which no longer exists - planning to defend against the real threats of the 21^st Century remains on the far back burner.

For example, this year the Federal Government is spending $290 billion on our defense. Yet only $1.4 billion is being spent on cyber-security and critical infrastructure protection; and 80 percent of those funds are for the Department of Defense and the intelligence agencies. What about the security of our other critical infrastructures?

This glaring mismatch between vulnerability and threat on the one hand, and resource allocation on the other, has created an absurd situation in which the US has become virtually invulnerable at the conventional military level, but dangerously vulnerable against "asymmetric threats" - threats against which we currently have no viable protection.

So instead of the F-22 and the next multi-billion dollar amphibious landing craft, maybe our military procurement needs to begin fully taking advantage of what has come to be known as the "revolution in military affairs" - the use of computers, electronics, sensors, and even robotics and genetic technologies to maintain America's edge in warfighting into the future.

That means more money for DARPA, and more guts in Congress to begin moving away from anachronistic procurement policies.

The point I want to emphasize as we begin this important panel discussion is that we simply can't neglect the emerging threat from what can be called "weapons of mass disruption" - information warfare, which has the potential to wreak major havoc on our way of life.

And the bottom line is this: despite the new vulnerabilities created by the information revolution, the problem of cyber-security and critical infrastructure protection is not really on anyone's radar screen. The Y2K scare came and went, and we now have a new, and false, sense that the problem of cyber-security is relatively under control.

But we should not have to wait for an electronic Pearl Harbor in order for the US, as a nation, to wake up to this threat.

Now don't get me wrong - it will be an enormous, and ongoing, challenge to successfully confront the problem of emerging technologies and their effects on our homeland security and military readiness, and we will require novel and sophisticated solutions. For example, we cannot simply count on the federal government to protect our critical infrastructures from cyber- terrorism, because the government doesn't own or operate the networks that underpin most of our critical sectors. So it's largely up to the private sector - the banks, the brokerage houses, the telecommunications companies, etc. - to find ways to protect their industries from the threats of this brave new high-tech world.

And, just as importantly, our military war planning needs to move further away from a cold-war mentality and further into the world of 21^st Century technologies.