BREAK IN TRANSCRIPT
Mr. LANGEVIN. I want to thank the gentleman for yielding.
I rise in strong support of H.R. 3523, and I want to thank Chairman Rogers and Ranking Member Ruppersberger for a bipartisan and inclusive process on an extremely difficult and technical issue. While I don't believe this legislation is perfect, and much work remains to be done, CISPA represents an important good-faith effort to come together as a necessary first step towards better cybersecurity for our Nation.
I have long worked on this issue for many years to raise awareness and to secure our Nation against the threats that we face in cyberspace. Quite frankly, we are running out of time. I believe it's important that we act now to begin our legislative response to this critical issue.
We all know how dependent we are on the Internet and how we use it so much in our daily lives, but the Internet was never built with security in mind. What's happening is our adversaries are using the vulnerabilities against us.
I've also been very clear that we need to have robust privacy protections that must be included to safeguard personal information and also defend civil liberties in any cybersecurity response that we do enact. I'm pleased to say this legislation has been strengthened in that regard, and I believe more can be done as we continue this important debate.
That being said, the efficient sharing of cyberthreat information envisioned by this legislation is vital to combating advanced cyberthreats and stemming the massive ongoing theft of identities, intellectual property, and sensitive security information.
This legislation clearly and simply will allow the government to provide classified information threat signatures to the private sector and also allow the private sector to share with us the cybersecurity attacks that they are experiencing, sharing that with the government so we have better situational awareness. If you look at this, it basically gives us radar, if you will, in cyberspace, sharing information back and forth on cyberthreats that are facing the country.
This bill is a good step, but it's only a first step. Voluntary information-sharing is helpful and it's needed, but it does not, on its own, constitute strong cybersecurity.
BREAK IN TRANSCRIPT
Mr. LANGEVIN. I thank the gentleman for the additional time.
I have long maintained that we must also move forward on legislation that establishes minimum standards for the cybersystems that govern our critical infrastructure, particularly the electric grid and our water systems.
With that, I again want to thank Chairman Rogers and Mr. Ruppersberger for their outstanding efforts, and I ask my colleagues to support this important cybersecurity information-sharing legislation.
BREAK IN TRANSCRIPT
Mr. LANGEVIN. Madam Chair, I yield myself such time as I may consume.
The bill that we are considering today creates a voluntary information-sharing network, which could provide owners and operators of critical infrastructure with valuable threat information that would help them to secure their networks from cyberattacks.
Unfortunately, the legislation specifies that it applies only to ``private sector entities and utilities.'' While ``utilities'' is defined extremely broadly in the legislation as any entity that provides ``essential services,'' including telecommunications and transportation providers, there remains the possibility that the definition may exclude pieces of our critical infrastructure that have significant cybervulnerabilities.
My amendment, which I am offering with my good friend Mr. Lungren from California, strikes the uses of the word ``utilities'' and replaces it in each instance with the phrase ``critical infrastructure owners and operators.'' This is a commonsense way to avoid potential confusion and to eliminate any possibility that critical entities could be denied the opportunity to opt into this voluntary information-sharing framework and thereby share and receive the valuable classified threat information that will be available under CISPA.
This amendment will not significantly expand the scope of the legislation, but instead will help prevent interpretations of language that could be contrary to the committee's intent, which I believe is the same as mine.
Now, while I recognize that any regulation of critical infrastructure would be outside the Intelligence Committee's jurisdiction, I nonetheless want to take this opportunity to voice my strong conviction that our efforts must not stop with the legislation that we are considering this week.
Just as the airline industry must follow Federal Aviation Administration safety standards, the companies that own and operate the infrastructure on which the public most relies should be accountable for protecting their consumers when confronted with a significant risk. I, along with many Members on both sides of the aisle and experts within and outside of government, have come to the same basic conclusion: the status quo of voluntary action will not result in strong cyberprotections for our most valuable and vulnerable industries. The Secretary of Homeland Security emphasized last week that our critical infrastructure control systems, which are mainly in private hands, must come up to a certain baseline level in cybersecurity standards.
With increased public awareness helping to build momentum for legislative action, we have a real chance to address these threats. I hope that we will not look back on this moment years from now, regretting a missed opportunity after the damage has been done. While the amendment we are offering today will not by itself provide the protections that Mr. Lungren and I ultimately believe are necessary for our critical infrastructure, it is a useful first step, and I am thankful to Mr. Lungren for joining me in this effort.
With that, Madam Chair, I reserve the balance of my time.
BREAK IN TRANSCRIPT