Providing for Consideration oh H.R. 624, Cyber Intelligence Sharing and Protection Act

Floor Speech

BREAK IN TRANSCRIPT

Mr. HASTINGS of Florida. Mr. Speaker, I thank my friend from Georgia for yielding me the customary 30 minutes, and I yield myself such time as I may consume.

Before I begin, I would like to take a moment, as have almost all of our colleagues that have spoken here today, to offer my sincerest condolences to the people of Boston, Massachusetts, following the deadly explosions at Monday's marathon. I can't speak for everyone here, but I believe that most of us would say that the thoughts and prayers of the United States Congress are with the victims, their families and friends at this most difficult time. Those responsible for this act of terror will be brought to justice.

Mr. Speaker, while I rise today in support of H.R. 624, the Cyber Intelligence Sharing and Protection Act, better known as CISPA, I do not support the rule. My friend from Georgia spoke about how important it is that we have the reading of the rule, and one of the particular efforts of Congress that allows for there not to be any abridgement of that, but I do believe that we would be better served if this were an open rule.

Last night, during our Rules Committee hearing, the majority blocked several germane Democratic amendments which would have further helped to balance cybersecurity concerns with smart policies that protect our citizens. I spoke to those issues last night, and I raise them again, particularly the two amendments offered by our colleagues, Ms. Schakowsky and Mr. Schiff, and others.

However, the underlying CISPA legislation is, as my friend from Georgia said, a bipartisan bill that aims to safeguard our Nation's computer networks and critical infrastructure by allowing for two-way cyber threat information sharing on an entirely voluntary basis, both between the private sector and the Federal Government, and within the private sector itself.

In his March 12, 2013, testimony before the Senate Intelligence Committee, the Director of National Intelligence, James Clapper, stated for the first time that cyber attacks and cyber espionage have supplanted terrorism as the top security threat facing the United States.

In recent months, media reports have highlighted cyber attacks on several major U.S. companies, including Facebook, Google, and the network security firm RSA, as well as The New York Times, Bloomberg News, and The Washington Post newspapers.

Furthermore, government networks such as those of the Central Intelligence Agency and the United States Senate have also been targeted by hackers. Waves of cyber attacks have sought to disrupt operations at financial institutions and service providers, including American Express, JPMorgan Chase, Citigroup, Wells Fargo, Bank of America, MasterCard, PayPal, and Visa.

The fact of the matter is that state actors, terrorist organizations, criminal groups, individuals, and countless persons that describe themselves as hackers attack our public and private computer networks thousands of times every day. Many foreign hackers seek to steal valuable trade secrets, which results in the loss of countless American jobs. There are estimates that have been quoted of loss from economic espionage that range as high as $400 billion a year.

Unfortunately, the same vulnerabilities used to steal trade secrets can be used to attack the critical infrastructure we depend on every day. Our economy, our power grids, and our defenses are increasingly reliant on computers and network integration. These networks power our homes, provide our clean water, protect our bank accounts, defend our intellectual property, guard our national security information, and manage other critical services. In addition to intellectual property and national security intelligence, personal finance, health care, and other private records are prime targets for hackers to steal.

According to the Information Technology Industry Council, 18 adults become victims to cyber crime--including identity theft and phishing campaigns--every second. This adds up to 1.5 million cyber crime victims each day.

Cyber attacks present a very real and dangerous threat to the United States. However, the government currently does not have the authority to share classified cyber intelligence information with the private sector.

While private companies have taken considerable measures to protect their networks, they often have limited information and can only respond to known threats.

Cyber threats evolve at the speed of technology, and CISPA, this measure, helps the private sector protect against cyber attacks by providing companies with the latest cyber threat information from the intelligence community, which has timely, classified information about destructive malware. This cyber threat intelligence is the information that companies and the government need to protect and defend their networks.

The so-called ``signatures'' are primarily made up of numerical codes consisting of zeros and ones, without any personal information attached.

CISPA is the product of close cooperation between the intelligence community, the private sector companies, and trade groups and, to a certain degree, the White House, as it pertains to many of the measures that are included in this legislation.

During their efforts to improve the bill, they also maintained a dialogue with privacy advocates in an effort to strengthen civil liberties protections and oversight.

I add a personal note here for the reason that, over a period of 10 years, I served 8 of those years on the Intelligence Committee, and the now-chairman of the Intelligence Committee and ranking member were both junior members of the committee that I served on. They have risen to the position that they are in and have acted in an extremely responsible way, over a 2-year period of time, trying to bring a measure as complicated as this one, contemplating all of the factors that I've identified and more, including the members of the committee.

I would urge Members of the House of Representatives--many of them continue to have concerns, not only about this particular legislation, but about other intelligence matters, and rightly so are they concerned. But let me remind them that they are Members of a body that allows, if they wish to go into the spaces of the Intelligence Committee and to be briefed by staff and Members there on classified information, upon appropriate undertakings, they too can gain the information and insight that's needed in order to make an intelligent determination when they are voting, rather than come out here and criticize the people that do that hard work. They get no benefits, no concerns from the Members, and yet, cannot say all of the things that are needed to say or be said to the American public.

The same holds for Adam Schiff and Jan Schakowsky and others that I won't mention that I served on that committee with. These are conscientious people who spend more time than almost any Member of Congress on any matter that he or she is attending to, and I have great respect for them. I don't agree with everything that either or all of them say, but I know they put their heart and time, both in the amendments that are offered, as well as in this bill and the particulars that are being put forward to this body.

As a result of their work, 19 improvements to enhance privacy and protect Americans have been adopted. Chief among them, this CISPA measure that requires the government to eliminate any personal information it receives that is not necessary to understand the cyber threat.

It creates no new authorities for any agency, and I can't say that enough. It creates no new authorities for any agency.

It gives companies the flexibility to choose which agency within the intelligence community they would like to work with to protect the cyber networks. It requires an annual review and report by the intelligence community's inspector general of the government's use of any information shared by the private sector.

And I would urge Members, when we increase the responsibilities of the inspector general that we also give the inspector general the resources in order to be able to do the necessary oversight that is required in this legislation.

It includes something that I very much support, and that is a 5-year sunset provision. I've supported other 5-year sunset provisions in the intelligence community and would have preferred, in this instance, that it be a 3-year provision. But the fact of the matter is, it's 5, and we will learn an awful lot during that period of time, and we will be back here dealing with this same subject at some point in the future.

Allowing for the appropriate sharing of cyber threat information between the government and private sector is key to protecting our Nation from those who would do us harm. CISPA balances the critical need to strengthen our

cyber defenses while protecting Americans' individual privacy.

I reserve the balance of my time.

BREAK IN TRANSCRIPT

Mr. HASTINGS of Florida. Mr. Speaker, I yield myself such time as I may consume.

I thank the distinguished chairman of the Rules Committee, my good friend, Mr. Sessions, for his explanation of the measure going forward. I certainly do not anticipate that my side will oppose the measure as offered.

In addition thereto, I would highlight what he did eloquently point out, and that is the bipartisan effort that has been put into this, including all of the negotiations leading up to now what will be the McCaul amendment offered by Mr. Woodall.

CISPA, Mr. Speaker, provides the government and private sector with the tools they need to secure our networks and prevent future cyber attacks, while respecting the privacy of individuals.

In bringing private companies and trade groups to the table, as well as taking into consideration the concerns expressed by civil liberties organizations, CISPA has been improved to better address the growing cybersecurity risks faced by the Federal Government and private sector, provide greater oversight, and protect Americans' privacy. We can take significant steps to reduce our vulnerability to cyber threats today.

I have had the honor and privilege of meeting many of our intelligence professionals when I served as a member of the Intelligence Committee; and since that time, I cannot overstate how much I appreciate, and am humbled by, their service.

Furthermore, I want to take this moment of personal privilege to thank my good friends, Chairman Rogers and Ranking Member Ruppersberger, and to underscore one of the unnoticed and hardworking staffs' efforts, and that would be the House Intelligence Committee staff, for their hard work and dedication in helping to see this and other measures having to do with the intelligence of this committee to the House floor, as well as in cooperation with their colleagues and ours at the United States Senate.

I urge my colleagues to vote ``no'' on the rule and ``yes'' on the underlying bill, and I yield back the balance of my time.

BREAK IN TRANSCRIPT

Source