LEXIS-NEXIS® Congressional Universe-Document

Search Terms: Permanent Normal Trade Relations, House or Senate or Joint

Document 48 of 374.

June 6, 2000, Tuesday

SECTION: PREPARED TESTIMONY

LENGTH: 1597 words

HEADLINE: PREPARED TESTIMONY OF WILLIAM L. LARSON CHAIRMAN AND CHIEF EXECUTIVE OFFICER NETWORK ASSOCIATES, INC.

BEFORE THE JOINT ECONOMIC COMMITTEE

SUBJECT - HIGH TECH SUMMIT HEARING: "BARRIERS TO THE NEW ECONOMY"

BODY:
Mr. Chairman and Members of the Committee, thank you for the opportunity to appear before you today. The subject of this hearing is "Barriers to the New Economy." I am here to talk about one of the most crucial barriers to the new economy that we face today, and that is the lack of security on the Internet. The problem is growing, the threat is evolving, and there are specific things that industry and government can do to address it.

First let me introduce myself and my company. I am Bill Larson, Chairman and Chief Executive Officer of Network Associates, based in Santa Clara, California. Network Associates is a leading provider of network security and management software and services. Our products protect networks from intruders and viruses, and allow network administrators to maximize network "uptime." In essence, we make sure the store is open, and secure. Our products include McAfee VirusScan, Gauntlet Firewalls, CyberCop Intrusion Protection, Sniffer Network Analysis tools, and PGP encryption. We employ about 3,000 people worldwide and expect to do close to $1 billion in revenues this year. The Nature of the Internet

The rush to take advantage of e-commerce has driven everyone, from large organizations to mom and pop stores, to the Internet. It has become our business and information infrastructure and operating system. It has literally opened access to a world of information, consumers, vendors, new markets, and potential.For most people, the benefits of having this vast array of information and opportunity at our fingertips greatly outweigh the risks involved. But our ability to reap the greatest benefits from this amazing technology will depend upon our ability to mitigate the risks and respond quickly to the security threats that come with it.

The Nature of the Threat

Let's talk about the security threats for a minute. In a report released earlier this year by the FBI and the Computer Security Institute, ninety percent of respondents indicated that they had detected computer network security breaches over the last year. Almost seventy-five percent said that the security breaches included theft of property or information, financial fraud, data or network sabotage, and denial of service. The losses from the 273 respondents totaled approximately $265 million, almost a million dollars in losses for each respondent. According to a representative from the FBI's computer intrusion squad, the number of open cases of computer crime have more than quadrupled over the last three years. From 206 is 1997 to 834 in 1999, and growing.

The nature of the threat is changing and evolving. I like to characterize the types of security breaches into three categories that make up a pyramid. At the bottom of the pyramid we have the most prevalent threat, but the least harmful. These are nuisance attacks, things like defamation of websites or certain non-malicious viruses. I like to characterize this as the graffiti on the overpasses of the information superhighway. Like graffiti artists, the culprits are usually teenagers looking for notoriety or recognition.

Unfortunately, as we saw in the recent Love Bug outbreak and distributed denial of service attacks, sometimes the graffiti artists do real damage and cause real financial loss.The second category of threat or attack is what I call "hacking for profit." This consists of individuals or organizations stealing valuable information, such as credit card numbers, from businesses, or possibly extorting their victims for financial gain.

The third category of threat is potentially infinitely more harmful to us all: cyberterrorism, or information warfare. This is hacking activity directed against governments or economic organizations to create a certain economic or political outcome. It is also activity designed to threaten our economic or political instability through attacks on the Nation's critical infrastructure.

Ultimately, if not addressed, the impact of all three of these types of threats could be to undermine the adoption and widespread use of a technology that has revolutionized our economy and our world.

Evolving Solutions for an Evolving Problem

Network Associates and companies like ours are working on ways to solve these problems. First, we are constantly developing new and innovative tools for individuals and organizations to use to counter these continually evolving threats. We have a database of over 53,000 known viruses that we have collected over the years. We receive several hundred new virus samples from around the world every month. That's an average of about 25 new viruses every day. We have researchers around the world responding to new security threats and new viruses on a 24-hour basis, which is why we were able to catch and cure the Love Bug before it struck in the US. We have developed tools that network administrators can use to provide a "hacker's eye view" of their network and potential vulnerabilities.

But it is not enough for Network Associates to say "buy our tools to protect yourselves." As more companies, individuals and organizations are putting their business "on the web" the challenges grow exponentially. There are more targets for attack, and smaller targets are less sophisticated at protecting themselves. A small or medium- sized business or organization may be fortunate to have one person who understands technology at all, let alone a staff that can keep up with the threats and implement the necessary security precautions.

So we are also developing tools to make implementation of security easier for everyone

Network Associates has begun providing our anti-virus and security products as services, via the web. In a traditional anti-virus software model, the customer receives the updates, the vaccines, from our company and distributes them throughout their organizations. Small companies or less sophisticated users may not be able to do this quickly enough to protect against the most recent threats.

Our Application Service Provider, myCIO.com, can provide companies with a service that automatically protects desktops, mail servers, etc. from new viruses and security threats as they are found. Our subsidiary, McAfee.com can provide the same protection for individual customers, so you no longer have to download and install new vaccines but can automatically protect your desktop via the web. We can also provide services to your Internet Service Provider or Telco to allow them to scan your email before it reaches your desktop, so that viruses can be caught and cleaned "in the sky."

How Congress Can Help Developing new and innovative tools and services to combat the threats we know of, and the threats that are emerging, is expensive. In order to stay abreast of new threats, we must refresh or rebuild our product lines every 12 months. For this reason, Network Associates spends nearly 20% of our revenues on research and development. That means we will spend close to $200 million this year on R&D in an attempt to stay a step ahead of the individuals and organizations who are creating and deploying these threats against our information infrastructure.

Congress can help by enacting policies that promote the development of technologies to protect the Internet without regulating the industry and impeding innovation. Such policies include: Promoting the use of legal software. If software is illegally licensed or stolen, it will not provide adequate protection from viruses and security hacks. Our software must be updated continually to ensure that it can protect against the most recent threats. Our paid customers get free updates, pirates do not. This is why the impact of viruses or other security attacks is often worse in regions such as Eastern Europe and Asia, where piracy rates are high. Expanding the H1B visa program so that our company can attract and retain the highest quality workers for our very highly skilled engineering and development jobs. Permanently extending the Research and Experimentation Tax Credit. The long extension provided by this Congress was helpful. Permanent extension would provide for more reliability and longer-term planning. Funding research in the areas of advanced security through NIST, DARPA or other government research organizations. Promoting trade opportunities for US companies, such as the opportunities that exist for us in the Chinese market. Permanent Normal Trade Relations with China will mean that tariffs on our products in China will come down, giving us access to that huge market sales from which will help to fund further research and development efforts in the US.

Finally, industry and government need to work together to educate the public regarding the important security precautions that they should be taking, not only to guard their own systems but also to prevent their systems from being used to launch attacks on others, as was seen in the Ddos and Love Bug attacks. A great example of this type of cooperation was seen last week. On June 1, our company joined with 43 industry and government representatives, including representatives from the Commerce Department's Critical Infrastructure Assurance Office, the NSA, and DoD to publicly announce the top 10 computer security threats and how to fix them.

Hearings such as this one provide a great forum to educate the public and to discuss ways in which we can continue to work together to solve these tough problems. Thank you for the opportunity to appear before you today, and I look forward to your questions.

END

LOAD-DATE: June 7, 2000

Document 48 of 374.


Search Terms: Permanent Normal Trade Relations, House or Senate or Joint
To narrow your search, please enter a word or phrase: