Making Continuing Appropriations for Fiscal Year 2013
Floor Speech
BREAK IN TRANSCRIPT
Mr. WHITEHOUSE. Mr. President, I rise today with my colleagues, Senator Blunt, Senator Blumenthal, and soon to be joining us Senator Graham, to speak about our Cybersecurity Public Awareness Act of 2013.
It is now broadly accepted in this body that the cyber threat posed by criminals, foreign intelligence, and military services, and even terrorists, is enormous and unrelenting. But useful information about cyber attacks and cyber risks still is not consistently available to consumers, to businesses or to policymakers.
The legislation the four of us have introduced, the Cybersecurity Public Awareness Act, is an important first step toward fixing this problem.
Senator Blunt has earned a reputation for working with colleagues on both sides of the aisle, particularly on issues of national security. I was very glad to have the opportunity to work with him last year as part of a bipartisan group of Senators seeking a sensible middle ground on cyber security legislation. He has brought his keen understanding of national security issues to bear on this important problem, as well as his expertise on public and private collaboration. So I thank the good Senator from Missouri for the opportunity to work together.
Likewise, Senator Graham, as my colleagues know, has a long track record of bipartisan legislative accomplishments and a passion for issues of national security. On our Judiciary Committee Subcommittee on Crime and Terrorism, where together we are the chair and ranking member, Senator Graham has been a worthy partner in our work to improve America's cyber readiness, including our readiness against economic espionage and trade secret threat. I thank Senator Graham for his continuing leadership and partnership as we introduce this bill to improve public awareness of the cyber threats facing our country.
I am pleased also to be joined by my colleague Senator Blumenthal. We were attorneys general together. We serve on the Judiciary Committee together. We are northeasterners together. I know he brings to this Chamber a deep understanding of the tools at the disposal of law enforcement, as well as the challenges of adapting to a swiftly evolving threat.
Americans' privacy is routinely violated by criminals who steal credit card information and Social Security numbers or even spy on us through the webcams of our personal computers. Bank accounts and businesses, local governments and individuals have been emptied overnight. Sensitive government networks have been compromised. The networks that run our critical infrastructure, the basics we depend on for heat, for communications, for commerce, have been compromised, raising the prospect of a cyber attack that could bring down a portion of the electric grid or disrupt our financial system.
Even our Nation's long-term economic competitiveness is at risk. General Keith Alexander, the head of the National Security Agency and Cyber Command, has said, for example, that the theft of trade secrets through cyber hacks has put us on the losing end of the largest illicit transfer of wealth in history. Yet most Americans are still unaware of the full extent of this threat.
Why? Cyber threat information is often classified when it is gathered by the government or is held as proprietary when collected by a company that has been attacked. As a result, Americans are left in the dark about the frequency, extent, and intensity of these attacks. Raising awareness of cyber threats is an important element of Congress's work to improve our Nation's cyber security.
The Cybersecurity Public Awareness Act of 2013 takes up that challenge. Building on legislation I previously introduced with Senator John Kyl, it will increase public awareness of the cyber threats against our Nation and do so in a matter that protects classified, business-sensitive, and proprietary information.
The bill addresses several different elements of the cyber security awareness gap. It enhances public awareness of attacks on Federal networks by requiring that the Department of Homeland Security and the Department of Defense report to Congress on cyber incidents in the ``.gov'' and ``.mil'' domains. As we work to protect the American people from cyber attacks, we must first understand the nature of attacks on our own systems and what we can do to ensure that those attacks are not successful.
The bill tasks the Department of Justice and the FBI to report to Congress on their investigations and prosecutions of cyber intrusions, computer or network compromise, or other forms of illegal hacking. Those reports also must detail the resources they devote to fighting cyber crime and any legal impediments they find that frustrate prosecutions of cyber criminals. It is not enough just to try to stop hackers when they are coming after us; we must also identify and prosecute the people responsible for cyber crimes wherever they may be.
In addition, the bill requires the Securities and Exchange Commission to report to Congress on the corporate reporting of cyber risks and cyber incidents in the financial statements of publicly traded companies. The purpose of this requirement is to make
sure American businesses are adequately informing their shareholders of any material information shareholders should know relating to cyber security.
Last, the bill requires the Department of Homeland Security to report to Congress on the vul ner a bil i ties to cyber threats in each critical infrastructure sector: the electric grid, the gas and oil markets, the banking sector, and others. When it comes to protecting our critical infrastructure from cyber attacks, there is no margin of error. Failure in this area could mean a blackout in a major American city or a serious disruption of the banking system on which our economy depends. That is why we must fully understand the threats to these sectors and do what we can to stop them.
These are ways in which the Cybersecurity Public Awareness Act will help to better inform the American people about the nature of the cyber threats we face and help us in Congress make the informed decisions about how to better protect against these threats.
We have more work to do to improve our Nation's cyber security, but a key first step is to ensure that members of the public, businesses, shareholders, policymakers, and other cyber security stakeholders have an appropriate awareness of cyber vul ner a bil i ties, threats, and opportunities. I look forward to working with Senator Blunt, with Senator Graham, and with Senator Blumenthal to get this bill passed into law, and I thank them each for
their helpful cooperation and their insight.
I yield the floor.
BREAK IN TRANSCRIPT
I will yield the floor with a question to Senator Whitehouse regarding the Executive order issued by the President and ask, in light of that Executive order, does Senator Whitehouse still feel this legislation will perform a service to protect our Nation?
Mr. WHITEHOUSE. I thank Senator Blumenthal for that question, and I thank him for his work in this area. For some time he, Senator Graham, Senator Blunt, and I were part of a group that tried to pull together a bipartisan compromise, a meaningful piece of cyber security legislation, which, unfortunately, failed at the last minute.
As a result of that failure, the President began a process by Executive order for bringing together the various private sector industries in this country whose operations qualify as critical infrastructure, and that provide the basics for your lives--the basic heat, electricity, financial services, and communications on which modern, civilized life depends. From all the reports I have heard--and I have looked at it very closely--that process is actually going very smoothly. As a result, the administration is comfortable with deferring legislative activity in that area--in the area of trying to regulate and improve the cyber security of our critical infrastructure.
We are holding off for the time being on that, but the area of public awareness is still wide open. Legislative authorities are required--not just Executive order authorities--in many of these areas, particularly for organizations, such as the Securities and Exchange Commission, which is largely independent of direct Presidential control, because they are independent agencies under our constitutional system.
This bill would not interfere with what is going on under the authority of the Executive order. It is something we can do in a bipartisan way in the meantime while the Executive order process goes forward.
I believe it will be very productive because, as Senator Blumenthal and Senator Blunt have noted, we are a better country and more effective legislators in the Senate when the public knows what is going on and has had a chance to engage on an issue. For that to happen, the public needs the information, and for the public to get that information, they need to have it collected by these different agencies and presented to them. We can't expect an average American citizen to go out and try to do this research on their own if it has not been gathered anywhere.
I appreciate the question. I think what we are doing will be both very productive and consistent with what the President has done under his Executive order. I applaud him for picking up the baton after we failed in Congress. Certainly, that failure had nothing to do with the energy and determination to get something done on this issue with Senator Graham, who has joined us on the floor.
I will yield the floor so Senator Graham can offer his thoughts.
BREAK IN TRANSCRIPT
Mr. WHITEHOUSE. Mr. President, let me conclude for our side with the observation that in this season of peace and reconciliation, perhaps this is an issue where a little peace and reconciliation, a little zone of peace and reconciliation can emerge through all of our partisan rancor so we can go forward and do something that will indeed protect this country that we love.
I yield the floor
BREAK IN TRANSCRIPT
Source