WASHINGTON, DC - The Subcommittee on Communications and Technology, chaired by Rep. Marsha Blackburn (R-TN), today held a hearing examining cybersecurity risks to wireless technologies with a particular focus on wireless networks and mobile devices.
Cyber criminals often utilize a number of strategies to launch attacks on wireless technologies. Often times exploiting vulnerabilities within a network to gain unauthorized access to wireless networks or target mobile devices through malware and phishing attacks.
“Mobile connectivity has become essential to our daily lives as a result of advances in technology and consumer demand," said #SubCommTech Chairman Blackburn. “Increasing reliance on wireless devices and networks has provided more avenues for cyber criminals to compromise our security and harm consumers. Hackers are smart and they are adapting. The sophistication and frequency of cyberattacks against mobile devices continues to escalate and we must meet this challenge head on."
Mr. Bill Wright, Director of Government Affairs and Senior Policy Counsel at Symantec, discussed how attackers are trending away from utilizing sophisticated attacks and instead focusing on simple, straightforward attacks with great success, commenting, “Yet despite this trend away from sophisticated attacks, the results were extraordinary, including: over 1.1 billion identities exposed; power outages in the Ukraine; over $800 million stolen through Business E-mail Compromise (BEC) scams over just a sixth month period; $81 million stolen in one bank heist alone; a tripling of the average ransomware demand… these shifting tactics demonstrate the resourcefulness of cyber criminals and attackers…"
Ms. Kiersten Todt, Managing Partner of Liberty Group Ventures, LLC, talked of the threats to mobile devices as our lives become more and more interconnected digitally, stating, “Mobile devices have rapidly become ground zero for a wide spectrum of risks that includes malicious targeted attacks to devices and network connections, a range of malware families, non-compliant apps that leak data, and vulnerabilities in device operating systems or apps. … Mobile devices are part of every supply chain - in your home and in your office. We need to treat mobile devices as an endpoint priority equal to, if not more important than, traditional endpoints, such as desktops and laptops."
In his questioning, Rep. Bill Johnson (R-OH) asked Amit Yoran, Chairman and CEO of Tenable Network Security, to elaborate on the shortage of skilled labor in the cybersecurity workforce and what could be done to maintain the workforce. Mr. Yoran replied, “There’s two other critical aspects to attracting and retaining cybersecurity talent. One is in providing them intellectually stimulating work. It’s an exciting field and if you don’t give them exciting problems they will go elsewhere. The other is in creating a culture that’s dynamic and enjoyable to be a part of."
Dr. Charles Clancy, Director and Professor of the Hume Center for National Security and Technology at Virginia Tech, spoke of the difficulties of widespread regulation while speaking to the importance of maintaining collaboration, commenting, “Another side effect is that regulatory authority is distributed across the Department of Homeland Security, Federal Communications Commission, Federal Trade Commission, and various other sector-specific regulators. Without a single “belly button", top-down approaches to achieving objective levels of security are infeasible. Consequently it is imperative that we develop mechanisms to foster continued collaboration. In the policy and regulatory arena, the NIST Cybersecuirty Framework and the Cybersecurity Information Sharing Act are both examples of activities that achieved broad support from both government and industry."
“Cyberspace is the battlefield of the 21st century. We must act now. Hard-working taxpayers are demanding leadership from Washington in the cyber arena and it is our duty to provide it," concluded Chairman Blackburn. “Whether it is encryption, the use of authentication standards, updating operating systems, or rigorous implementation of anti-virus software - we must have an all of the above approach when it comes to forging defensive strategies that will defeat and deter cyber criminals."
A background memo, witness testimony, and an archived webcast can be found online HERE. See Also
* Promoting Security in Wireless Technology
