BREAK IN TRANSCRIPT
Mr. McCAIN. Well, Mr. President, I want to again thank Senator Lieberman and Senator Collins for their willingness to negotiate seriously. I want to thank also Senator Chambliss as well as Senator Hutchison and many others, Senator Kyl and others.
We have had large meetings, small meetings, medium-sized meetings. We have had discussions among various groups. I believe we sort of had the outlines of a framework that we could have had a certain number of amendments that we all agreed to that would be voted on. At the same time, we could prevail upon some of our colleagues not to have nongermane amendments.
Unfortunately, the first amendment proposed by the majority leader has to do with tax cuts. Look, I say to my colleagues that I think we have developed a framework where we can move forward with a certain number of germane amendments. All of us appreciate how important this issue is.
I don't see the need for this vote. Cloture will not be invoked. All it will do is embed people in their previously held positions. What we should be doing is continuing productive negotiations and discussions that we had all during yesterday, put off this cloture vote, and try to come to some agreement in recognition that cyber security is a vital national security issue. We all recognize that. We started out very much poles apart. I think there have been some agreements made which I view as significant progress.
I regret, I say to Senator Lieberman, Senator Collins, and all my colleagues, that we are taking this vote when we should be spending our time--at least the rest of the day--setting up a framework that we can address cyber security during the first week we are back in September. But it is what it is.
I thank Senators Lieberman and Collins for their willingness to sit down and negotiate. We still have significant differences, but I think those could have been resolved. I hope this vote doesn't have a chilling effect on what I think was progress that was being made.
BREAK IN TRANSCRIPT
Mr. McCAIN. Mr. President, I rise today to oppose cloture on the Cybersecurity Act of 2012.
Are any of us surprised that we find ourselves in this situation--again? Is this the ``open amendment'' process we were all promised? As I said earlier this year, a bill as complex as cyber security legislation can only be achieved if it goes through the regular committee process. Had this bill been subjected to the proper committee process, instead of relying on Senate rule XIV, I believe we would have had a much stronger legislative product that would have attracted broader support. Instead, the blame game, which is the first sign of a stalled legislative process, is in full swing.
As of yesterday afternoon it was my understanding that we would continue to work throughout August to find a compromise on this legislation. As a backstop to prepare for the possibility that an agreement would not be reached during that time, we requested a tranche of 10 to 15 placeholder amendments be set aside to address a defined set of issue areas we had with the current bill. In exchange for these process concessions, our group was willing to support cloture.
The unfortunate reality is that we had time to conduct proper legislative hearings and hold committee markups. But rather than choose the customary process, which forces us to defend our points of view, build consensus around ideas and, admittedly, requires more planning and hard work, a less transparent approach was taken. That approach, while at the time may have seemed more legislatively convenient, resulted in hurried, last-minute negotiations that have been doomed from the outset. Rarely does anything good get accomplished under these circumstances, which lack transparency and scrutiny. This should serve as a warning to both sides of the aisle and future congresses that attempts to side-step the legislative process are risky, often unproductive, and do not bypass the criticism they seek to avoid.
And while all of us recognize the importance of cyber security, we should not confuse opposition to this deeply flawed bill as a sign of somehow being unwilling to address the issue. It has been my experience that when dealing with matters of national security and domestic policy, and in this bill is at the nexus of both, it is more important to work to get something done right than just work to get something done. And while both efforts may result in enough material to create a headline, only one fulfills our purpose for being here in this body.
Time and again, we have heard from experts about the importance of maximizing our Nation's ability to effectively prevent and respond to cyber threats. We have all listened to these accounts. This cyber threat and the risk of an attack only increased when the Stuxnet leaks began recklessly coming out of this administration. And while this threat and others persist, the most important piece of legislation which the congress can pass when it comes to ensuring our national security, the National Defense Authorization Act, which includes cyber security elements, remains unfinished. This entire process feels more like a ploy to advance the fiction that we are focused on national security, while avoiding the fulfillment of one of the Congress's most important national security responsibilities--the passage of the National Defense Authorization Act.
The point is that debating a controversial and flawed bill--a bill of such `significance' that it has languished for over 5 months at the Homeland Security and Government Affairs Committee, with no committee markup or normal committee process--should not have taken precedence over a bill which was vetted over a period of 4 months by the Senate Armed Services Committee and reported to the floor with the unanimous support of all 26 members. Unfortunately, our current trajectory will likely leave us without a cyber security bill or the National Defense Authorization Act.
As I have said time and time again, the threat we face in the cyber domain is among the most significant and challenging threats of 21st-century warfare. But this bill unfortunately takes us in the wrong direction and establishes a new national security precedent which fails to recognize the gravity of the threats we face in cyber space. I agree that we must take appropriate steps to ensure that civil liberties are protected and believe we could have appropriately done so without removing the only institutions capable of protecting the United States from a cyber attack from counties like China, Russia, and Iran--from the front lines. Making these entities more reliant on their less capable civilian counterparts is an unacceptable, precedent setting approach, which fails to recognize the unique real-time requirements for understanding the threat environment, anticipating attacks, and responding when necessary.
Additionally, what is not being discussed enough are the likely implications of the new cyber security stovepipes being proposed in this bill. The recreation of the very walls and information sharing barriers that the 9/11 Commission attributed as being responsible for one of our greatest intelligence failures is very unwise.
In addition to the problems with the information sharing provisions, the critical infrastructure language grants too much authority to the government, failing to consider the innovative potential of the private sector. I continue to believe that this title would force those who own or operate critical assets to place more emphasis on compliance attorneys, rather than utilize the world-class engineering capabilities employed by our private sector. This is why the primary objective of our bill is to enter into a cooperative information sharing relationship with the private sector, rather than an adversarial relationship rooted in mandates used to dictate technological solutions to industry.
The SECURE IT Act is a serious response to the growing cyber threat facing our country, and it is an alternative approach to the overly bureaucratic and regulatory bill before us. Our amendment seeks to utilize the world-class engineers employed by our private sector, not compliance attorneys in law firms. This is why the primary objective of our bill is to enter into a cooperative information-sharing relationship with the private sector, rather than an adversarial relationship rooted in mandates used to dictate technological solutions to industry.
The centerpiece of the SECURE IT Act continues to be a legal framework to provide for voluntary information sharing. Our amendment provides specific authorities relating to the voluntary sharing of cyber threat information among private entities and the government, and in doing so, we do not create any new bureaucracy. This bill at the very least deserved a vote.
As I stated earlier, it has been my experience that when dealing with matters of national security and domestic policy, it is more important to work to get something done right than just work to get something done. For these reasons, and because of the closed process put forth by the majority, we should all oppose cloture.
BREAK IN TRANSCRIPT