OFFICIALS LEGISLATION INTEREST GROUPS PUBLIC STATEMENTS COMMITTEES VETOES

Cybersecurity Information Sharing Act of 2015

Floor Speech

By: Roy Blunt
By: Roy Blunt
Date: Oct. 27, 2015
Location: Washington, DC
Issues: Technology and Communication Government Operations

BREAK IN TRANSCRIPT

Madam President, last week I came to the floor to express my support for the Cybersecurity Information Sharing Act, which we are dealing with today. The bipartisan vote of 83 to 14 that happened later that day was an important step in the right direction to deal with this issue. The debate has been encouraging. We need to deal with this threat to our economy. It is a threat to our security, it is a threat to our privacy, and we need to deal with it now.

As I and others have said before, if we wait until there is an event that gets people's attention in such a dramatic way that everybody suddenly realizes what is at stake, there is no telling what kind of overreaction Congress will make. This has been a good debate at the time we should have it. Now, of course, we need to move on.

There have been a lot of amendments offered. Many amendments have been accepted by the managers of the bill. With almost all certainty, today we will finish the remaining amendments pending on the bill and hopefully finish the bill itself. A lot of these amendments have been very well-intentioned--in fact, I suspect they all have been well-intentioned--but in many cases they fundamentally undermine the core purpose of the bill, which is to have voluntary real-time sharing of cyber threats, to allow that sharing to be between private entities and the Federal Government, and even for private entities to be able to share with each other.

This is a bill that creates the liability protections and the anti-trust protections which that particular kind of sharing would allow. Of course, throughout this whole debate, there has been much discussion about how we protect our liberty in an information age. How do we have both security and liberty?

Having served for a number of years on both the House Intelligence Committee and the Senate Intelligence Committee, having served on the Armed Services Committee in the last Congress and in this Congress on the Defense Appropriations Committee, there is no argument in any of those committees that one of our great vulnerabilities is cyber security and how we protect ourselves.

We saw in the last few days that the head of the CIA had his own personal account hacked into apparently by a teenager who is in the process of sharing that information. If the head of the CIA and the head of Homeland Security do not know how to protect their own personal information, obviously information much more valuable than they might personally share is also in jeopardy.

We do need to ensure that we protect people's personal liberties. We need to do that in a way that defends the country. Both of those are primarily responsibilities that we accept when we take these jobs, and it is certainly our responsibility to the Constitution itself.

I think Chairman Burr and Vice Chairman Feinstein have done a good job of bringing that balance together. This bill is carefully crafted in a way that creates a number of different layers of efforts to try to do both of those things.

First, the bill only encourages sharing; it doesn't require it. It doesn't require anybody to share anything they don't want to share, but it encourages the sharing of cyber threats. It works on the techniques and the malware used by hackers. It specifically does not authorize the sharing of personal information, and in fact the bill explicitly directs the Federal Government to develop and make available to the public guidelines to protect privacy and civil liberties in the course of sharing the information.

The Attorney General is required to review these guidelines on a regular basis. The bill mandates reports on the implementation and any privacy impacts by inspectors general and by the Privacy and Civil Liberties Oversight Board, to ensure that these threats to privacy are constantly looked at.

Senator Flake's amendment, which we accepted as part of the bill just a few minutes ago, guarantees that this issue has to be revisited.

I gave a speech at Westminster College in Fulton, MO, about a month ago at the beginning of the 70th year of the anniversary of Winston Churchill giving the ``Iron Curtain'' speech on that campus and talking about liberty versus security there. I said I thought one of the things we should always do is have a time that forced us as a Congress to revisit any of the laws we have looked at in recent years to be sure we protect ourselves and protect our liberty at the same time. This is a voluntary bill. Maybe that wouldn't have been quite as absolutely necessary here, but I was pleased to see that requirement again added to this bill, as it has been to other bills like this.

This is a responsible bill. The people the Presiding Officer and I work for can feel good about the responsible balance it has. It defends our security, but it also protects our liberty. I look forward to its final passage today. The debate would lead me to believe, and the votes would lead me to believe, that is going to happen, but of course we need to continue to work now to put a bill on the President's desk that does that.

There still remain things to be done. One of the things I have worked on for the last 3 years--Senator Carper and I have worked together, Senator Warner has been very engaged in this discussion, as has Chairman Thune--is the protection of sensitive personal information as well as how do we protect the systems themselves.

Clearly this information sharing will help in that fight. There is no doubt about that. In addition to supporting this bill, I want to continue to work with my colleagues to see that we have a way to notify people in a consistent way when their information has been stolen.

There are at least a dozen different State laws that address how you secure personal information, and there are 47 different State laws that address how you tell people if their information has been stolen. That is too much to comply with. We need to find one standard. This patchwork of laws is a nightmare for everybody trying to comply and frankly a nightmare for citizens who get all kinds of different notices in all kinds of different ways.

Without a consistent national standard pertaining to securing information, without a consistent national standard pertaining to what happens when you have a data breach and your information is wrongly taken by someone else, we have only done part of this job. So I want us to continue to work to find the solutions there. We need to find a way to establish that standard for both data security and data breach. I am going to continue to work with the Presiding Officer and my other colleagues. Our other committee, the commerce committee, is a critical place to have that happen.

I wish we could have done this on this bill. We didn't get it done on this bill, but I would say that now the first step to do what we need to do is dealing with the problem of cyber security in the way this bill does and then finish the job at some later time.

So I look forward to seeing this bill passed today. I am certainly urging my colleagues to vote for it. I think it has the protections the people we work for would want to see, and I am grateful to my colleagues for giving me a few moments here to speak.

BREAK IN TRANSCRIPT


Source
arrow_upward