Cybersecurity Information Sharing Act of 2015
Floor Speech
BREAK IN TRANSCRIPT
Mr. McCAIN. Mr. President, before the Senator leaves the floor, I wish to thank him on a well-planned, well-thought-out, and very convincing presentation, and an argument that, frankly, I can add very little to. So I will make my remarks very brief.
I thank the Senator from Maine for highlighting the absolute importance of the passage of this legislation. And, I might add, he is one of the most serious and hard-working members of the Senate Armed Services Committee as well. I won't go any further.
Mr. President, I rise in strong support of S. 754. I thank my colleagues, Chairman Burr and Vice Chairman Feinstein, for their ongoing leadership.
In the short 2 months since this bill was last on the Senate floor, the need for action on information sharing has only increased. It is not for a lack of trying. We have continuously failed to make progress on this bill. As the Senator from Maine just made clear, that must change. Enacting legislation to confront the accumulating dangers of cyber threats must be among the highest national security priorities of the Congress.
The need for congressional action, in my view, is also enhanced by the administration's inability to develop the policies and framework necessary to deter our adversaries in cyberspace.
Earlier this week we learned just how ineffective the administration has been in addressing our cyber challenges. Within days of reaching an agreement to curb the stealing of information for economic gain, China--China--repeatedly, reportedly, continues its well-coordinated efforts to steal designs of our critical weapons systems and to wage economic espionage against U.S. companies. It is not a surprise, but it serves as yet another sad chapter in this administration's inability to address the cyber threats.
I guess in the last couple of days it has been made known that some hacker hacked into the information of both the Director of the CIA and the chairman of the homeland security committee. That is interesting. As the President's failed China agreement clearly demonstrates, our response to cyber attacks has been tepid at best and nonexistent at worst. Unless and until the President uses the authority he has to defer, deter, defend, and respond to the growing number in severity of cyber threats, we will risk not just more of the same but embolden adversaries in terrorist organizations that will continuously pursue more severe and destructive attacks.
Addressing our cyber vulnerabilities must be a national security priority. Just this week, Admiral Rogers, the head of Cyber Command, reiterated, ``It's only a matter of time before someone uses cyber as a tool to do damage to critical infrastructure.''
My colleagues don't have to agree with the Senator from Maine or me or anybody else, but shouldn't we listen to Admiral Rogers, the head of Cyber Command, probably the most knowledgeable person or one of the most knowledgeable who said, ``It is only a matter of time before someone uses cyber as a tool to do damage to critical infrastructure.''
According to the recently retired Chairman of the Joint Chiefs of Staff, General Martin Dempsey, our military enjoys ``a significant military advantage'' in every domain except for one--cyber space. As General Dempsey said, cyber ``is a level playing field. And that makes this chairman very uncomfortable.''
I will tell you, it makes this chairman very uncomfortable as well.
Efforts are under way to begin addressing some of our strategic shortfalls in cyber space, including the training of a 6,200-person cyber force. However, these efforts will be meaningless unless we make the tough policy decisions to establish meaningful cyber deterrence. The President must take steps now to demonstrate to our adversaries that the United States takes cyber attacks seriously and is prepared to respond.
This legislation is one piece of that overall deterrence strategy, and it is long past time that Congress move forward on information sharing legislation. We have been debating similar cyber legislation since at least 2012. I am glad this body has come a long way since that time in recognizing that government mandates on the private sector, which operates the majority of our country's critical infrastructure, will do more harm than good in cyber space. The voluntary framework in this legislation properly defines the role of the private sector and the role of the government in sharing threat information, defending networks, and deterring cyber attacks.
At the same time, it is unfortunate that it has taken over 3 years to advance this commonsense legislation. The threats we face in cyber space are real and imminent, as well as quickly evolving. All aspects of the Federal Government, including this body, must commit to more quickly identifying, enacting, and executing solutions to counter cyber threats. If we do not, we will lose in cyber space.
As chairman of the Armed Services Committee, I consider cyber security one of the committee's top priorities. That is why the National Defense Authorization Act provides a number of critical authorities to ensure that the Department of Defense can develop the capabilities it needs to deter aggression, defend our national security interests, and when called upon, defeat our adversaries in cyber space. I find it unacceptable that the President has signaled his intent to veto this legislation that, among other key Department of Defense priorities, authorizes military cyber operations and dramatically reforms the broken acquisition system that has inhibited the development and delivery of key cyber capabilities.
More specifically, the National Defense Authorization Act extends liability protections to Department of Defense contractors who report on cyber incidents or penetrations, and it authorizes the Secretary of Defense to develop, prepare, coordinate and, when authorized by the President, conduct a military cyber operation in response to malicious cyber activity carried out against the United States or a U.S. person by a foreign power. The NDAA authorizes $200 million for the Secretary of Defense to assess the cyber vulnerabilities of every major DOD weapons system. Finally, Congress required the President to submit an integrated policy to deter adversaries in cyber space in the fiscal year 2014 National Defense Authorization Act. I tell my colleagues that we are still waiting on that policy. This year's NDAA includes funding restrictions that will remain in place until it is delivered.
As we dither, our Nation grows more vulnerable, our privacy and security are at greater risk, and our adversaries are further emboldened. The stakes are high, and it is essential that we pass the Cybersecurity Information Sharing Act without further delay.
Let me also mention in closing that probably the most disturbing comment I have heard in a long time on this issue in this challenge is when Admiral Rogers said that our biggest challenge is we don't know what we don't know. We don't know what the penetrations have been, what the attacks have been, whether they have succeeded or not, where they are in this whole realm of cyber and information at all levels. When the person we placed in charge of cyber security says we don't know what we don't know, my friends, that is a very serious situation.
I want to congratulate again both the managers of the bill in their coordination and their cooperation in this bipartisan effort.
I yield the floor.
BREAK IN TRANSCRIPT
Source