Home > blog > Randy's Blog

Randy's Blog

Question of the week: What should the response by the U.S. government be to cyber attacks?
Posted by Randy | May 31, 2013
This week, news reports surfaced indicating that designs of some of our military’s most advanced weapons systems were compromised by a sustained strategy of Chinese cyber espionage. More than two dozen major weapons systems, critical to U.S. regional missile defense for Asia, Europe and the Persian Gulf, as well as combat aircraft and ships, were the targets of these attacks. 

In January, the Defense Science Board warned that U.S. “security practices have not kept up with the cyber adversary tactics and capabilities.” While China has worked diligently to build a sophisticated military over the past decade, these breaches will only serve to accelerate the development of their growing capabilities.

These cyber intrusions follow reports of an attack last week that hackers from Iran infiltrated software that controls U.S. oil and gas pipelines.  As one report noted, “The developments show that while Chinese hackers pose widespread intellectual-property-theft and espionage concerns, the Iranian assaults have emerged as far more worrisome because of their apparent hostile intent and potential for damage or sabotage.”

Question of the week:  What should the response by the U.S. government be to these cyber attacks? 

(  ) Invest more in technology to counter these attacks
(  ) Encourage more information sharing within industry and the government 
(  ) Increase penalties for hackers that steal intellectual property from U.S. companies
(  ) Create a security clearance system for employees of private sector companies for cyber security threat sharing
(  ) Increase penalties against those who cause or attempt to cause damage to a computer that powers critical infrastructure, such as energy and water and food supply systems
(  ) Enact a federal data breach law
(  ) I don’t know.
(  ) Other (leave your comments below).
Take the instaPoll here.

Find the results of last week’s instaPoll here.                  
What do you think? Weigh in:
We encourage you to analyze and comment on the posts featured on this blog, but please understand that comments which include campaign content, engage in personal attacks, or include vulgar, profane, obscene, or inappropriate language will be removed from the site. Please note that there may be a brief delay in the publication of your comment.

*By leaving a comment on this blog, you are subscribing to my e-mail newsletter.
Users are solely responsible for the opinions they post here and their comments do not necessarily reflect the views of Congressman Forbes.
  • Thomas G commented on 5/31/2013
    In the first place congressman you have been repeatedly, repeatedly warned about this problems for nearly your entire tenure. So let's get intellectually honest here first. As you are aware I have previously communicated with you several times regarding the invasion of privacy by American corporate interests upon the citizens of this country to include job seekers who have been intimidated by corporate policy forcing them to reveal passwords to social networking sites. I was appalled congressman that you refused to reel in these abuses, so in my mind, protecting the country from your own inability to protect America is of great concern to the nation. You are very disappointing sir when it comes to protecting the citizens of America. I do think that penalties as you have referenced are appropriate and I would hope sir that you would change your position and extend that penalty to apply to American corporations that abuse and intimidate the citizens. I have reservations about encouraging more govt/private industry cooperation in terms of information sharing and it is because the public cannot trust their legislators sir because you people are never fully honest with us. Never in my life have I seen the scope of intellectual dishonesty coming from the republican caucus so blatant and disturbing and congressman you are a big part of that disconnect. The way forward here is far more technological investment. I think the clearance idea is too imperfect. A data breech law is intriguing and I would like to see that debate and the details of it. One thing would be interesting is to find out why the republican party apparently edited official emails released by the White House for a political purpose as was reported by CBS news. That was appalling and I'm surprised Mr. Forbes that as a member of the judiciary committee you are hiding from this matter and doing nothing about it. Why sir?
  • clifton coffman commented on 5/31/2013
    Although this news seems alarming we appear to have doing this illegally and unlawfully. "Internet security firm finds early 'Stuxnet O.5' version revealing espionage and sabotage virus released under George W Bush"(the guardian.co.uk) If we want to address the issue we need to become fiscally responsible and quit borrowing money from China. Cut military (sequestration is fiscally responsible) and government spending and increase taxes on higher incomes. Corporations have been dealing with this for years since they won't agree to intellectual rights and lawsuits.
  • Donald Buchholz commented on 5/31/2013
    Return to the old form for security clearances, meaning pre-1970. The form that has as one of the questions, “Are you now or have you ever been a member of”. Then it listed a ton of organizations that were subversive to our form of governing and where a threat to our Republic. There is no question like that on a security form nor do the back ground checks include such. We need to insure that people who are trusted with the security of our country are trust worthy and do not subscribe to any principles that are subversive to our Republic. Sometime in the past we have been infiltrated and not for the good of our Republic but for the detriment. Once we recognize this we will be on the road to recovering some integrity. My question to you is, why was this changed? I know it was because I asked an FBI agent that came to our office the same question during a security brief and he said nothing constructive for an answer. So now that it is on my mind, what's your answer.
  • Gregg J commented on 5/31/2013
    Take critical systems off line. There's no need for defense or infrastructure systems to be internet connected. These systems should either be run on a parallel system where internet access is denied or taken off line altogether. Additionally, to pay for any information system upgrades, all products built in China by american corporations and sold here need to have a 15% tax surcharge. After all, corporate investment in China helped fund their economic rise to power. How many breeches have to occur before washington takes action to defend this nation?
  • Richard Speirs commented on 5/31/2013
    Randy and staff, I consider what CHINA is doing as an act of WAR.. breaking into Government or Industry computers it more than criminal and we need to let CHINA know this is unacceptable. Secondly, we have to be careful what technology we (America) purchases as a large number of those items are built where? CHINA!! Lastly, I think it is imperative we listen to people like Leon Penetta who said we need to strength our Cyber security and that we must do!! Sincerely, Richard
  • frederick hubbard commented on 5/31/2013
    This is in effect an OUTRIGHT " ACT of WAR ", its SIMPLE and CLEAR and its about time our ELECTED officials clearly UNDERSTOOD THIS.
  • John Hopkins commented on 5/31/2013
    Dear Congressman Forbes, The problem is much larger than many would like to believe. Throwing money aimlessly (or in a showgun birdshot fashion) will only provide modest gains. You cannot solve this problem through inexact science, which would only provide cosmetic, superficial solutions. There are those who can be asembled to solve this problem, and this is what needs to be done. And, a great leader is required to plan, implement and execute the solutions. Consider this no less than a cyberwar, because that is exactly what it is, and while information is the objective currently, the future consequences can be considered no less than catastrophic.
  • m rousseau commented on 5/31/2013
    This type of information should not be available from the internet. Systems containing essential military, civilian and infrastructure data should be isolated from the internet. Isolated intranets with NO connections to the internet should be used.
  • Punky Woods commented on 5/31/2013
    regarding the latest round with the Chinese and our military industrial complex. tell them stop pokeing around in our stuff, develope technology to prevent it. tell them if it happens again, all bets are off, USA is going to hack your systems and find every last detail about your hardware, software and intensions. and publish them for the entrire world. your threats of dumping US tresuries on the market doesn't scare us either.
  • William Dever commented on 5/31/2013
    Entities (be it individuals, companies or countries) should be dealt with in a counter-measure way. The US should have the sovern right to cyber attack the hacker. That is use whatever means we have at our disposal to interrupt and destroy the source through cyber means. This is not a gentleman's war. It is an outright attack on the US and has the same implications as a weapon launched at us. We need to cripple the source to prevent further attacks. This is an ATTACK...not a glance at someones test paper in school.
  • Craig Toporek commented on 5/31/2013
    Fire all Chinese from government civil service and any related industries. Most security level requirement's lowest levels are NOFORN. What are they doing in positions authorizing them access to sensative information? I highly recommend this be investigated by all government agencies.
  • Michael D Neller commented on 5/31/2013
    Attack back. Either retrieve or fry the data stolen and crash their hacking porgrams... I'm sure we ahve the capacity.
  • Stan Glomb commented on 5/31/2013
    Start bombing the buildings where the hackers live. I bet they stop really fast. Plus we free up resources for the rest of the countries inhabitants
  • A. Feret commented on 5/31/2013
    We should provide additional hardware/material/money to Taiwan and express why we are doing do.
  • H Baker commented on 5/31/2013
    All of the suggested items listed in the poll are good. Most people don't realize just how important our data (used in the broadest term) is to us today. We, everyone, needs to realize just how easy it is to select top secret documents (which by the way aren't paper documents but just files on a computer harddrive) to acquire. Documents that the person who acquired them can do what they will. It's just as easy for someone to "play" with our economy. We need to start putting in place the devices and services that will help us to keep this type of distraction down. We'll never not have to worry about cyber terrorism (unless we suddenly wind up in the age of the Jetson's).
  • John Long commented on 5/31/2013
    The DoD and its components have processes in place to counter hacker intrusions--unfortunately not enough nor good enough in too many cases. US Cyber Command needs to receive significant funding increases to hire qualified personnel and developing new systems and counter threats--not for increasing their infrastructure--not for increasing their infrastructure. DoD and other Federal components need to coordinate with those industries they interface with or are supported by, so that each and every incursion into their systems are reported, tracked and counter measures put in place at those facilities. It is in the interest of the DoD and the other responsible agencies to fund all or part of this effort in coordination with those industries. Each of those industries is a profit center and can afford to protect themselves, but may not have the sophistication to implement the measures necessary to protect vital information pertinent to DoD or other Federal agencies on the level the DoD requires for its own facilities. I have no doubt that there are laws on the books somewhere that would punish any US private entity if they took it upon themselves to implement counter hacking measures. If so, that needs to be looked at and eliminated or modified to increase the available counter measure efforts against those stealing our technology and security information. Some control and reporting system would need to be in place thru US Cyber Command, NSA, etc. to ensure that everyone was in the loop as to what had occurred and what action had been taken. Another piece of this effort is protection of our national infrastructure--power grid, nuclear facilities, phone systems, natural gas and oil pipelines, refineries, rail lines, etc. which for all practical purposes are protected at a minimum level at best.
  • Dustin Rhodes commented on 5/31/2013
    Threats and violations of America's cyber sovereignty must be taken as seriously as those to our homeland and interests abroad. Cyber attacks to our critical infrastructure and homeland defense systems can be just as devastating as a nuclear or EMP strike. If Congress seems to believe that cyberspace is fair game when it comes to capitalism and levying a blanket internet sales tax across state lines, then they must apply that same view to cyberspace and treat it as soverign Ameican territory and itnerests. China, Russia, and many other countries have conducted numerous cyber attacks against America for years. In effect, they have been waging a dangerous war against us. We need to take these actions seriously and as a reminder that securing the cyber realm is just as important as securing our borders. Oh wait, but Congress isn't too concerned with securing America's borders.
  • a b commented on 5/31/2013
    No matter what is done, there will always be hackers, and always people who want to destroy our way of life......and stop the outsourcing too.
  • Orlando Ferreira commented on 5/31/2013
    Cyber security needs to be placed in forefront of national security. I was in USAF 26 years, having worked cyber security at DIA (1995-1996). The threat is far greater now and tools available to hackers has multiplied significantly. Yet the US Government continues to pay politically convenient and expedient lip service to threat, as it did to terrorism until 9/11/01. It will take a catastrophic cyber attack to move congress and the administration to stop the childish party political bickering that currently paralyzes our government and do something about cyber insecurity. God help us all.
  • Andy Cain commented on 5/31/2013
    Consider it an act of aggression and conduct a full-fledged IT counter-attack. DARPA, NSA or DIA already has the talent. Turn 'em loose on it.
  • robert j commented on 5/31/2013
    Most of the things listed are appropriate but we have to get away from our dependency on Chinese products and funding - and fast. Severe trade sanctions must be put in place - like actually holding them accountable for currency manipulation, subsidies and selective bashing uses of their BAT/VAT system. Only when we stop funding them to the tune of $200-250 billion a year in the form of a trade deficit will we EVER get their attention. What is their incentive to stop?
  • Susan Vogler commented on 5/31/2013
    I agree with many of the comments left above. With the sophisticated hacking going on as long as we have this sensitive data online we are opening ourselves to this info getting into the wrong hands. Embargoes etc. do no good to countries like China and Iraq because the US administration keeps backing down to the source. There has to be a way to protect our country but i have no idea what the answer is!
  • Karl Eric Griffith commented on 5/31/2013
    Only domestic hackers should be treated in our legal system and dealt with accordingly depending upon the severity of the act. Foreign hackers, particularly those backed by foreign organizations and nation states, should be addressed as acts of espionage or acts of war. These should not be handled as legal matters in our courts. These acts should be handled by either diplomacy, counter cyber activity or by destruction of e culpable foreign facility.
  • Ray Devlin commented on 5/31/2013
    The duty of the Federal government is to protect American citizens...lives, prosperity and freedoms. So this is a must and our tax money that funds the wealth of Foriegn Rulers and the budget of our Dept. of Commerce and the Public Union Bosses dues collected and Pentagon's waste...here is the money to pay for it!
  • Atwood Brooks commented on 5/31/2013
    Dear Congressman, I don't see where any of the proposals will have any effect on the real problem. That is, this administration is weak when it comes to dealing with our enemies. We need to get tough and get serious with the likes of China, Iran, and whoever else we catch doing this. Our enemies will keep attacking with impunity until we show them that we mean business. If the cyber domain is the new battlefield then we need to be prepared to fight win! Sincerely, Atwood Brooks
  • James Caldwell commented on 5/31/2013
    Laws are not enough. THee needs to be and investment in technology that prevents and counters these attacks. When caught, the penalties should be severe and carry heavy penalties. Creating a law or increasing penalties alone is like the false asumption that gun control laws will keep guns out of the hands of criminals. Measures need to be taken to prevent breaches of our computer networks and measures that would cause a counter attack on the people that attempt to breach the networks.
  • Everett Boone commented on 5/31/2013
    I have been into factory automation scene the mid 80's. The dollar value on the world market caused the textile ind. to go off shore not NAFTA. Having said that we need: 1) smaller government 2) less regulation 3) less taxation, no tax on businesses (People pay tax not businesses, they pass it on as part of their cost. 4) Zero tax on businesses that bring their money home. 5) Repeal Obama Care 6) Implement the Fair Tax plan. This will break the back of the lobbyist and get rid of social engineering through the tax code. That's all for now.
  • Edward Norman commented on 5/31/2013
    A direct Cyber Attack on our National Security or economic stability is an act of Cyber Warfare if sponsored by a host nation. A Cyber Attack by an individual is either an act of Domestic or International Terrorism. We have Law, policies and capabilities in existence to address these attacks. The application of both defensive and offensive direct action needs to be authorized by the Legislative and Executive Branches of our government to direct action(s) be taken consistent with The Constitution of the United States.
  • Carl Vetzel commented on 5/31/2013
    Very simple...If they hit us once we hit them twice...if they hit us hard we hit them harder etc.
  • John Cheeseman commented on 6/1/2013
    I don't really think there is a politician that cares what the people think. First thing that needs to be done if for Obama and his entire administration to be removed immediately and placed in prison for treason. Do that, earn the trust and respect of your constituents and then we can talk.
  • Michael S commented on 6/1/2013
    If the plans for these weapons are so critical why keep them on a computer thats connected to the internet where anyone with programming savvy can download them. The whole scenario of the Chinese and Iranians hacking into our systems seems a little too convenient. Congress keeps making plans, foolishly, to control the internet overall. Whats needed is to move the control of these critical plans and systems off the internet and either onto a private network or go back to a pre-computer control method. Controlling the internet is tantamount to controlling free speech.
  • Jason Tureman commented on 6/1/2013
    Honestly? Nothing. We shouldn't do a thing. Why, you may ask? I feel Congress and the Senate don't have a firm grasp on technology. You guys have tried to pass SOPA, PIPA, and CISPA, bills that a majority of Americans are against.These are the equivalent to trying to kill a fly with a sledgehammer. What makes it worse, it seems like most of you don't listen to system experts, you just listen to the lobbyists. So, until there's a MAJOR attitude change on capital hill, I say leave it alone. Don't bother making new laws, just enforce the ones we already have.
  • Cynthia Wildes commented on 6/1/2013
    Making more laws and putting more people in prison is not the answer - neither of these methods have proven to be deterents in the past. They simply waste time and money preparing the laws that will be forgotten or not enforced; and add to the tax burden to support more people in prisons that are already overcrowded. Everyone must be diligent to watch for threats, but as the old adage goes, "You have to watch out for the quiet ones" -- they generally can create the most havoc. Vocal threats distract people from seeing the real threats that are coming through quietly. Who is to say these countries aren't working together behind the scenes to get what they want?
  • John Barker commented on 6/1/2013
    Having been an early Computer Programmer starting in the 60's I understand that some Programming used today is nothing more than a clone of yesteryear. That said, my position is this: The Chinese Gov. denies Cyber Attacks - OK. We need to perform our own Cyber Attacks (Even in our own building in, say, West Virginia or the Hollywood Hills). Are we not, at least, an equal when it comes to Denial?
  • russell laprad commented on 6/2/2013
    who makes the computors---IBM---who owns IBM---the chinese. this could be a large part of the problem
  • Philip Whalen commented on 6/2/2013
    Congressman, Let me start by saying that I believe that you do a pretty good job in the House and I have always voted for you. That being said, GET THE DAMN CHINESE OUT OF OUR LIVES! Between the news of the cyber attacks and now the impending take over of Smithfield Foods, I really am fed up with this. I have two dogs. Try and buy a treat for your animals at any pet supply store of supermarket that isn't produced in China (read the very small print on the bottom of the packaging). I realize that we now have a very global economy but it's well past time that Americans wake up and smell the roses on all of this. This is truly a situation out of control.
  • Paul Powers commented on 6/2/2013
    Like many have stated, anyone with a laptop can hack a system with enough knowledge and enough time. What every company and Gov't needs to do is identify those systems that are critical and separate those from the WWW. At least, then, they couldn't hack it from China, across the Country or from their parent's basement. They would have to get close. That may mean that companies and Gov'ts have to invest in two networks, one for WWW access and the 2nd for critical ICCC applications. By doing this, it would save money on control costs for many applications. There would be no need to constantly update the operating system on the "secure" system which would mean that the programs running under that system would not require constant updating. I know that where I work, they spend a fortune on this on the on-site IT staff and in contracts with vendors that provide everything from our timesheet program to the software that controls the operation of the HVAC systems. Also, you are going to have to stop allowing foreign students in the US to go to college and grad school. We educate them and then they take that technology back to their countries to use. I'm sure that some of those that stay are approached by foreign officers to steal Govt or industrial secrets. Some of them will be willing to do this. Nathan Hale did this and thought he was doing the right thing. In this country, he is regarded as being a hero for that.
  • Bill Grover commented on 6/4/2013
    Congressman; this is a testimony to American stupidity. China has proven over and over that they are an enemy to the United States but yet we allow them to do tariff free business within our boarders. George W. Bush gave them "Most favored nation" status! How about re-instating trade tariffs and having China finance the 7th fleet.
  • Nancy Griffin commented on 6/5/2013
    I say we tell China that our debt is now paid in full, since our highly classified technology has saved them 25 years of research! That should be worth 17 Trillion dollars.
  • Pragya Jaiswal commented on 7/1/2013
    To save our confidential data from Cyber crime is a very severe issue. We should be very careful about it and try to develop a technology, which can easily track the crime that from where the radio signals or any high frequency radiations are coming. The software should easily track that signal region and show an alert to us for document protection, if that unwanted signal attack is not prevented by the software, then it can hold the crime for a while, till the important data is moved to a secured place. And Government should make very strict rule for the culprits.
  • Michael McGillian commented on 8/16/2013
    Stop using the internet or computers that are linked to the internet to hold information, you can only be hacked if your computer is online so it should be quite simple don't ever put military or goverment computers online via the web. Any computer that hold that much vital information should be a stand alone never attached to any devices that allow web access www.thefundingplace.com
Contact and Connect with Randy Forbes

stay connected

connect on instagram

Connect on Instagram
Follow Randy Forbes on Twitter