National Cyber Infrastructure Protection Act

Floor Speech

BREAK IN TRANSCRIPT

Mr. President, last June, Senator Hatch and I introduced S. 3538, the National Cyber Infrastructure Protection Act. This bill responds to the concern expressed by former Director of National Intelligence Mike McConnell that ``[i]f we were in a cyber war today, the United States would lose.''

The bill is built on three principles. First, we must be clear about where Congress should, and, more importantly, should not legislate. Second, there must be one person in charge--someone outside the Executive Office of the President who is unlikely to claim executive privilege, but who has real authority to coordinate our government cyber security efforts. Third, we need a voluntary public-private partnership to facilitate sharing cyber threat information, research, and technical support.

Since filing the bill, we have continued to work with government, industry, and privacy experts in making sure that the solutions identified in this bill are effective. There are many different opinions out there on how best to tackle the cyber security problems we face, and so we remain open to looking at ideas for improving the bill. Earlier today, we filed a substitute amendment to S. 3538 that incorporates a number of these suggested improvements. It has been referred to committee.

The original bill would have housed the National Cyber Center administratively in the Department of Defense so as to reduce start-up costs and logistics. We appreciate the concerns some may have with the appearance we are militarizing cyber security, so our substitute creates the center as a stand-alone entity, like the Office of the Director of National Intelligence. In this way, it will be clear we are not militarizing cyber security and one department does not have the inside track over any other when it comes to securing our government networks. In order to make sure there is appropriate input from DOD and DHS, we are also creating two deputy directors, instead of one, with each appointed by the respective Secretaries with the concurrence of the Director of the National Cyber Center.

Second, the Cyber Defense Alliance is a pivotal component for encouraging government and the private sector to collaborate and share information on cyber-related matters. We recognize that the private sector is often on the front lines of cyber attacks, so any information they can provide to increase government awareness of the source and nature of cyber threats will make both government and the private sector stronger. The corollary to this is that the government must share its own cyber threat information, including classified or declassified intelligence, with the private sector.

All of this sharing can raise significant privacy concerns. So, in response to suggestions we have heard, our substitute bill adds language to clarify that at least one of the private sector members of the board of directors must have experience in civil liberties matters. We believe this will ensure that privacy concerns are taken seriously at the very top levels of the Alliance. We all have an interest in making sure that threat information is shared, but we also have an interest in making sure that no one's privacy rights are violated.

The next Congress needs to focus on passing effective cyber legislation. I believe that S. 3538, as amended, provides a solid starting point for that effort. The bill addresses the most pressing needs: it puts someone outside the White House in charge of cyber policy and the Federal cyber budget; it provides a national cyber center that can oversee and coordinate cybersecurity for dot.gov and dot.mil; and it creates a public-private partnership that will harness the creativity of the private sector to better protect our dot.com networks.

Congress should avoid the temptation to overlegislate in this area. We need to walk before we can run. Once this basic cyber infrastructure is established, it will bring the leading public and private cyber experts together to shape cyber activities and policies. These experts will then be in an ideal position to advise Congress and the administration on the need for any additional steps to ensure our cybersecurity.

I thank my good friend Senator Hatch for his close collaboration on this legislation. I know he will be an effective advocate for this approach when the bill is filed in the next Congress.

BREAK IN TRANSCRIPT

Source