BREAK IN TRANSCRIPT
Mr. ROCKEFELLER. Mr. President, I wish all negotiations proceeded with such comity. For those of us who have lived long enough, we have seen, obviously, enormous transition. We are in a totally new age.
Today, as we begin our debate, over 200 billion e-mails will be sent around the world to every continent. Google, a company that really is just 10 years old, will process over 1 billion searches and stream more than 2 billion videos today. And in the next minute, about 36,000 tweets will be posted on Twitter. So we are now connected as we never have been before.
Here in the United States we have been the leader in both its development and adoption of the initial structure. Actually, it is interesting because it was created by our own government. The open nature of the Internet can be traced back to our initial decision in the government to relinquish control of what we had invented, so to speak. So to this day our Nation remains a leader in using the Internet's innovation and growth.
In just over a decade, we have digitized and networked our entire economy and our entire way of life. Every one of our most critical systems now relies upon these interconnected networks: power grids, transportation systems, gas pipelines, telecommunications. They all rely on networks to function. They all rely on the Internet. Yet the ramifications of this new era remain poorly understood by many; frankly, by most.
History teaches us that disruptive technological advancements can bring about both opportunities and also dangers. We cannot let our exuberance blind us from this simple truth. We cannot ignore the part of the equation in
this happy adventure of ours that is unpleasant. This is it. These technological advances can compromise our national security and indeed are already doing so.
The connectivity brought about by the Internet and the new ability to access anything, combined with our decision as a country to put everything we hold dear on the Internet, means we are now vulnerable in ways that were unfathomable just a few years ago. Yes, we rushed to digitize and connect every aspect of the American economy and way of life. We have spent little time focusing on what this actually means with respect to our security. We have left ourselves extraordinarily vulnerable.
The consequences, as pointed out by the Senator from Connecticut, are devastating. Our intellectual property is our greatest asset as a nation. It is our greatest advantage in the world. It is currently being pilfered and stolen because it is connected to the Internet and therefore is unsecure.
Well, we did not think about that, did we? Experts have called this, as the Senator from Connecticut said, the greatest transfer of wealth in the history of the world. That is a dramatic statement, but it is just an absolute terrifying fact--terrifying fact.
Our most important personal information, including our credit card numbers, our financial data is now accessible via the Internet and is stolen through data breaches that occur all the time.
Most importantly, our critical infrastructure: water facilities and gas pipelines to our electric power grid and communications networks are now vulnerable to cyber attacks, and they are happening. Many of those systems were designed before the Internet. In fact, virtually all of these systems were designed before the Internet came about, and were never intended to be connected to a network. Yet they are. Therefore, they are unsecure.
If these systems are exploited via cyber vulnerabilities, lives could be lost. Yes, there is lots of other things that could happen before that, but this has the potential to be far greater than even the tragedy of 9/11.
In recent months we have learned that hackers penetrated the networks of companies that control our Nation's pipelines--gas pipelines. There have been attempts to penetrate the networks of companies that run nuclear power plants. Last year, a foreign computer hacker showed that he could access the control systems of a water facility in Texas with ease. He accomplished this task in minutes at a computer thousands of miles away.
Our critical infrastructure is being targeted, and it is vulnerable. The major general of our National Guard, James Hoyer, recently shared a frightening story with me. He was talking about his work on cybersecurity. He said in West Virginia, he learned that a critical infrastructure facility in the State--critical infrastructure facility; that means a really important one--its engineers were being allowed to operate control systems on their home computers. How naive. But who would know? Who would have guessed?
The Internet and what it has done for our country is unparalleled, but everything we have accomplished in this Internet age is now vulnerable and, in starker terms, undoable. We have built a castle in the sand and the tide is approaching. Our systems are too fragile, too critical, and too vulnerable. It is a recipe for disaster. It is time to do something about it before it is too late.
We have all known about the seriousness of our cyber situation for years. Our national security experts know it. Our law enforcement experts know it. And there is a bipartisan agreement that something needs to be done. But that does not tell us a lot, to make that statement in the Senate. In my capacity both as the chairman of the Commerce Committee and former chairman of the Senate Intelligence Committee, and still on that committee, I have become very familiar with the threat posed by cybersecurity. I have been working with my colleagues to address it.
For the past 3 years, a number of us have been working with both Republican and Democratic Senators to find common ground on these issues so we can have a bill to get control of this. We have held hearings, we have held markups, we have held countless meetings with the private sector and interest groups. It is an endless, endless process, and the staff does four times as much.
We have been very patient in working to find a compromise. Now is the time to make that compromise happen. It will not happen today; it could happen in the next several days. We know what we need to do, I do believe. So here is what we know right now: The Federal Government needs to do a better job of protecting its own networks.
Companies control most of our Nation's critical infrastructure, and they need to do a better job of eliminating cyber vulnerabilities in their systems. There are no clear lines in the authorities and responsibilities in the Federal Government for cybersecurity, which will cause confusion in the event of a cyber catastrophe.
The private sector and the Federal Government need to be able to share information about cyber threats. Over the last year, the committees of jurisdiction in the Senate have worked together. The committees have worked together to finalize legislation that addresses each of those concerns.
Senators Lieberman, Feinstein, Collins, and I have made it a priority, as well as others, to finish this work together and with a broader group. We believe every Member of this body will be able to support some kind of legislation. We have put legislation before the Senate, but it is subject to change. In fact, it may be in the process of changing in a good sense because we held a long meeting this morning. We are going to have another one tomorrow, perhaps on a daily basis.
The basic thing we have done is that we took a more regulated approach. In other words, we have to do this. This is what we should do. At one level we should do it.
We have taken that away, and we have made it much more voluntary. We made it a voluntary approach. Some say that is worse than no bill at all, to which I reply, no, if we incent people properly with a voluntary approach, the pressure to do something is greater, particularly if they have to submit to audits as to the standards of work they are doing to protect themselves.
There are a variety of ways to do this. We could have a council--a DHS council that would decide what the standards should be. There was talk this morning about having a convening session called by NIST, National Institute of Science and Technology--which is very good at this stuff--convene the private sector and have those two work out a system. NIST has no regulatory authority, so they could let them come up with their suggestions. Then there was an idea that maybe DHS could look at that and certify it, stamp it with approval, on basic critical infrastructure. Of course, we would have to pick out which was the critical infrastructure because there is lots of it. Which one would be subject to special regard is something we would still have to work out.
This bill, however it works so far, and I think in the future, is bipartisan. There is some sort of tribulation about let's let bygones be bygones, we have all given up and compromised, to which my point of view is some of us have been working on this for a very long time, and we have been joined by others with good ideas. But don't close off the past or the future.
The bill will be bipartisan. It will incorporate the good ideas and suggestions that have been made by many colleagues. We have settled on a plan that creates no new bureaucracy. However that plan forms, it will have no new bureaucracies or heavy-handed regulation. That is already understood. It is premised on companies taking responsibility for securing their own networks, with government assistance where necessary. This bill represents a compromise, and it is time to move forward with it.
I think, in closing, back to the year 2000 and 2001. I was on the Intelligence Committee at the time of 9/11. The fact is, we get reports on all this which never surfaced, but we know the facts. There were signs of people moving around the country, and they weren't just sort of haphazardly moving around. In San Diego, a certain safe house there would appear and people were coming and going from there. Then there was the FBI office in Minneapolis and the Moussaoui case, and the FBI office in Minneapolis reported to the FBI Osama bin Laden office--and perhaps that didn't happen.
We all knew something was new and that the world was getting different. We knew the danger could come upon us. Our intelligence and national security leadership took these matters very seriously. However, they did not take it seriously enough, nor did we. So then it was too late and 9/11 happened, and the world changed forever.
Today, we have a new set of warnings flashing before us with a wide range of challenges to our security and safety and we once again face a choice: Act now and put in place safeguards to protect this country and our people or act later when it is too late. Obviously, the conclusion is we must act now.
I thank the Chair and yield the floor.
BREAK IN TRANSCRIPT