Making Continuing Appropriations for Fiscal Year 2013
Floor Speech
BREAK IN TRANSCRIPT
Madam President, I am pleased and honored to join my colleagues this morning, Senators BLUNT, WHITEHOUSE, and GRAHAM. They have been leaders on issues involving national security and defense and particularly in the intelligence and cyber area.
Senator Blunt has a long record of bipartisan leadership in this body, as well as in the House of Representatives and in government generally, in addressing issues without regard to partisan predilections or biases. He has not only led but produced results.
Senator Whitehouse has tirelessly pursued this area of cyber security. To his great credit, he has been with the movement for making our Nation more secure and also making the public more aware about the need for action in this area.
In truth, there is a saying that ignorance is bliss, but in truth, in areas of national security, that is rarely the case. In this instance, ignorance can do great harm and it is a source of peril. Our Nation is largely ignorant about the threats posed by national security and, more importantly, about the potential responses that must be mobilized to secure our infrastructure, our critical innovative information, and many other areas where we are at risk from a diverse source of threats. It is not only foreign governments, such as China; it is teenage hackers in eastern European countries, it is terrorists around the world who mean to do us harm and put their own movements at an advantage, and it is also competitors in the private world who seek competitive advantage against our own private enterprise companies that have intellectual information and assets. As a result of these cyber attacks, intellectual property is lost, identities are stolen, and America is made less safe.
Every day, the United States is under attack--literally every minute of every day--by individuals wishing to steal sensitive information from our government, from our Department of Defense, and from corporate information systems as well as home networks of individual Internet users. The cyber threat has become almost conventional wisdom in some quarters because we know that our military and intelligence communities are certain that this threat must be met. In fact, the next Pearl Harbor will come not from the sky but from a computer network that links to essential sources of intellectual assets and information in this country and degrades or, in fact, destroys them.
Senator Whitehouse and I, along with Senators GRAHAM and BLUNT, have introduced legislation that would institute new reporting requirements. These requirements apply to Federal agencies charged with reviewing and responding to cyber attacks. In effect, the Federal Government would lead by example. Leadership is important not only for State and local governments but also for the private sector. The legislation would help us better protect our country from hackers wishing to do harm, and it is based on the simple premise that we need to know about the threats we face.
The President has taken action--and I credit him--with the Executive order he has instituted, but that Executive order leaves great gaps. The legislation introduced by Senator Whitehouse and me--along with Senators GRAHAM and BLUNT--will institute new reporting requirements to us by our Federal agencies. This bill will require that information to be submitted from a variety of agencies, such as the Department of Homeland Security, the Justice Department, the FBI, and--in my view, most critically of all--the Securities and Exchange Commission.
Most Americans have very little idea about what the Securities and Exchange Commission collects by way of information, but, in fact, it is a treasure trove, a panorama and window into the workings of corporate America. Very importantly in this area, they can tell us what corporations--big and small around the country--are doing to protect themselves. It can tell shareholders what they should know. The shareholders, after all, are the owners of these companies, and they will ultimately bear the financial burden of failures by corporate America if they fail in their duties to protect their critical infrastructure.
Not only are shareholders affected but neighbors living near powerplants, as well as customers--banking customers, for example, whose critical financial information is entrusted to financial institutions. A vast variety of clients, customers, owners, and others affected by these corporations have a right to know from the Securities and Exchange Commission what is being done to protect against cyber attacks.
Senator Whitehouse and Senator Blunt have described in very powerful terms the advantages of this legislation, but let me say that equally important is what it does not do. We need to be mindful that 90 percent of our Nation's critical infrastructure--that is right, 90 percent of it--is owned by private companies, and those private entities have a responsibility to our Nation to ensure that their security standards meet the task of fending off cyber attacks.
This legislation should not be the only action Congress takes. In fact, Senator Rockefeller has championed legislation that is essential, and I am proud to be a supporter of it. I supported it in the Commerce Committee, and I am very grateful to him for allowing me to partner with him in helping to move it to the floor of the Senate.
This legislation is a very strong complement and supplement to that measure. In fact, that measure would require industry-driven voluntary cyber security standards for critical infrastructure. It would strengthen cyber research and development. It would improve the cyber workforce through development and education. It would increase public awareness of cyber risks and cyber security. I think the measure approved by the Commerce Committee is vital, and this measure very appropriately complements it.
America can't fully address a threat that it doesn't fully understand, and this legislation that Senator Whitehouse, Senator Blunt, Senator Graham, and I have introduced would increase public understanding of an issue critical not only to the Federal Government but to all the American people, and it would ensure that Americans know how they are safer or less safe as a result of the extraordinarily dangerous menace posed by a potential cyber attack.
I will yield the floor with a question to Senator Whitehouse regarding the Executive order issued by the President and ask, in light of that Executive order, does Senator Whitehouse still feel this legislation will perform a service to protect our Nation?
BREAK IN TRANSCRIPT
Mr. President, I offer my own concluding remarks by saying that Senator Whitehouse earlier referred to our failure. He characterized it as a failure to accomplish legislation during the last session of Congress. Senators BLUNT and GRAHAM were very instrumental in that effort, and I was proud to work with them. But that failure had consequences in alerting the executive branch and galvanizing their will to act. So I would not say it was completely without consequence or benefit.
I hope we will actually be successful during this session in passing legislation that is so important to moving the Federal Government even further in a direction where it should be going.
Mr. WHITEHOUSE. Mr. President, if the Senator would yield for a question, I might inquire of him whether it is his view that if you actually take a look at what is being done by the administration under the executive order, it bears a considerable resemblance to the proposal we had worked on?
Mr. BLUMENTHAL. I thank Senator Whitehouse for that question. I would observe, in fact, that the executive branch, very importantly, followed a number of the leading ideas Senator Whitehouse and our group fashioned. Of course, we take no pride of authorship or ownership in those ideas, and many of them came from some of the best minds in the administration, who are, in fact, thinking seriously about this problem.
So I think it really has to be a partnership--not only a bipartisan partnership in the Senate and the Congress, but also a partnership between the executive and legislative branches.
I conclude with this thought: In many of the briefings we had as Senators, off the record or classified, I was struck by how horrified and at least alarmed most Americans would be if they heard some of the stories of how close America has come to the next Pearl Harbor, how close we have come to cyber catastrophe, and how vulnerable the Nation still is, despite the growing awareness in both the corporate and military sectors of our country about this threat.
So when we talk about creating awareness, we are talking literally about spreading information that is vital for Americans to know.
I will close with the thought that I hope the leaders of this country who have control over classifying information would seek ways to inform the American public about the risks and the dangers posed from cyber attack.
Madam President, I yield the floor.
BREAK IN TRANSCRIPT
Mr. President, I join my colleague from Connecticut to address a specific provision in the Bipartisan Budget Act. Overall, while this deal is flawed, we are heartened to see both sides coming together to put in place a workable fiscal foundation for the next 2 years. But we want to make sure to clarify what we are intending to do with a particular provision in this bill. Specifically, section 203 of the act institutes new reforms to the Social Security Death Master File, which keeps an authoritative record of deaths in this country. These important reforms include a new certification process that will ensure only those properly authorized and able to maintain the information under significant safeguards can access the information on this master file on a current basis, helping prevent identity theft and other abuses. Release of the information to all others would be delayed by 3 years after an individual's death. We would like to emphasize, though, that this provision was not intended to interrupt in any way the legitimate use of the Death Master File in the interim. I will turn to my colleague to explain why we think this is so important and how we think we can avoid this situation.
Mr. MURPHY. I thank my good friend, the senior Senator from Connecticut. Our understanding is that many States require insurers to check their policies against the master list on an ongoing basis in order to ensure they have accurate information about deceased individuals whom they insure. Furthermore, State treasurers, State comptrollers, and credit bureaus all use the Death Master File for important purposes and need continued access. We certainly do not want to halt these processes or stand in the way of compliance with State law. As such, I am pleased to join you in urging the Social Security Administration and the Commerce Department to both work closely with key stakeholders during the transition period and to use the flexibility we believe they already possess to ensure uninterrupted legitimate access to the Death Master File. State governments, too, should be flexible throughout this transition as insurers under their jurisdictions seek to comply with these new Federal provisions.
Mr. BLUMENTHAL. I echo my colleague's recommendations. Overall, so long as we manage the transition appropriately, my friend and fellow Senator from Connecticut and I believe the new system will save hundreds of millions of dollars and also protect the identities of millions of Americans.
BREAK IN TRANSCRIPT
Source