Stressing that the provisions for sharing of cyber threat information in the current bill will not, on their own, sufficiently address our national security challenges, Congressman Jim Langevin (D-RI) today proposed an amendment to the House Intelligence Committee's Cyber Intelligence Sharing and Protection Act (CISPA) that would impose minimum safety standards for the networks of our most vulnerable and valuable industries. The proposal, sponsored by Homeland Security Committee Ranking Member Bennie Thompson and co-sponsored by Langevin, is taken from a previous version of the PreCISE Act, a bipartisan bill that Langevin worked on with Congressman Dan Lungren (R-CA), who chairs the Homeland Security Subcommittee that oversees cybersecurity. Before the bill was gutted at the request of House Republican leadership last week, it would have established a process for the government to work with key industries, such as the electric grid and water facilities.
Langevin testified on this and two other amendments he authored before the House Rules Committee, asking the panel to allow them to come to the Floor for debate and a vote during consideration of CISPA. He has stressed that it's time to move beyond the fantasy that the liabilities of critical infrastructure will solve themselves through good intentions when many members of these industries have consistently put profits ahead of public safety. Cybersecurity legislation without critical infrastructure protection is dangerously inadequate.
The president's senior counterterrorism adviser noted this month that we know of 200 attempted or successful cyber intrusions of the control systems that run these facilities in the past year and, according to a senior FBI official, utilities in at least three U.S. cities were recently compromised. These threats could leave millions of Americans without power or drinkable water for an extended time, leading to great economic damage and, potentially, loss of life.
In addition to the Thompson amendment, Langevin also requested consideration of an amendment he offered to establish a National Office for Cyberspace in the Executive Office of the President to provide much-needed coordination of federal cybersecurity activities. This proposal reflects a recommendation by the CSIS Commission on Cybersecurity for the 44th Presidency that Langevin co-chaired and is identical to an amendment he offered in 2010 that was passed overwhelmingly by the House. In addition, he proposed a bipartisan amendment, cosponsored by Rep. Lungren, to ensure all sectors of our critical infrastructure, not only "utilities," are able to opt into the voluntary information-sharing framework established by the Intelligence Committee's bill.
Prepared Remarks before the House Committee on Rules
Congressman Jim Langevin
April 25, 2012
Chairman Dreier, Ranking Member Slaughter, Members of the Committee, thank you, and I know how much you have before you today so I will try to be brief. I have several amendments before the committee today. As many of my colleagues know, I have spent a significant amount of time and energy on the issue of our nation's cybersecurity over the past few years. I have worked closely with many of the Members who have authored the cyber legislation before the House this week, and I am pleased that so many of the key issues on which I have focused are receiving the serious attention they demand.
However, none of these bills adequately addresses what I believe are two serious needs.
First, the need to protect our critical infrastructure. With the untimely demise of Mr. Lungren's original, bipartisan PRECISE Act, which would have provided for key minimum standards while encouraging further actions, none of the legislation before the House this week directly addresses this vulnerability. I am pleased to be joining my colleagues Mr. Thompson, Ms. Sanchez, and Mr. Hastings to offer critical parts of that legislation as the Thompson Amendment #23 to CISPA and hope that you will rule it in order and allow the House to have a much-needed debate on the role of critical infrastructure protections in keeping our nation safe.
The bill you are considering today creates a voluntary information sharing network, which could provide owners and operators of critical infrastructure with valuable threat information that would help them to secure their networks from cyberattacks. Unfortunately, CISPA specifies that it applies only to "private-sector entities and utilities." While "utilities" is defined extremely broadly in the legislation, the definition could exclude pieces of our critical infrastructure that have significant cyber vulnerabilities, but may not be privately owned or be captured by the definition in the bill. My first amendment, which I am offering with my good friend Mr. Lungren and is listed as #34, strikes uses of the word "utilities" and replaces each instance with the phrase "critical infrastructure owners and operators."
While it will not by itself provide the protections that I ultimately believe are necessary, this amendment is a germane, common-sense, and bipartisan way to make the public more secure by ensuring that all sectors of our critical infrastructure are able to opt into this voluntary information-sharing framework and thereby share and receive the valuable threat information that will be available under CISPA. It is a useful first step, and I am thankful to Mr. Lungren for joining me in this effort.
My second amendment, #35, which I am offering with my friend Mr. Connolly, would append to CISPA the text of the "Watson-Langevin Amendment," which was passed by the House overwhelmingly as an amendment to the FY11 National Defense Authorization Act. The language would create a National Office for Cyberspace in the Executive Office of the President and codify multiple policy recommendations made by the Obama Administration's 60-Day Cyberspace Policy Review, public-private sector working groups such as the CSIS Commission on Cybersecurity for the 44th Presidency which I co-chaired, and the GAO for remedying security deficiencies throughout the federal government.
In order for our government to have a well-coordinated response to cyber threats across federal agencies, all of these groups agree that the Executive Office of the President must have a central coordination role that includes budgetary authority. Our amendment would also give the Congress much-needed oversight visibility on cyber in the federal government. I hope that you will rule it in order so that the House has an opportunity once again to assert its leadership on this issue, and I am thankful to Mr. Connolly for his partnership in this effort.
Thank you for allowing me to testify this afternoon, and I'm happy to answer any questions you may have about my amendments.