Search Form
First, enter a politician or zip code
Now, choose a category

Public Statements

Cybersecurity Act of 2012--Motion to Proceed

Floor Speech

Location: Washington, DC


Mr. McCAIN. Mr. President, I would note that I saw my friend Senator Lieberman on the floor a second ago, and I know he joins with me in this statement.

I wish to take a few minutes to pay tribute to Ambassador Ryan Crocker, who ended his tour this week as the U.S. Chief of Mission in Kabul, Afghanistan.

As some of my colleagues may know, Ambassador Crocker's health has unfortunately been poor, so he is returning to receive some much needed care. But what my colleagues may not know is that Ambassador Crocker's health has been poor for some time and the people who care about him most--his family, his friends and colleagues in the Foreign Service, and our Secretary of State herself--told Ambassador Crocker long ago that he needed to leave his post and that he needed to get away from the long days and long nights of too much stress and not enough sleep. They told him to come home for his own sake.

Eventually, Ambassador Crocker relented, but still he was only going to leave on his own terms. He said that America asks the best of our country--our men and women in uniform and their many civilian partners who work and sacrifice shoulder to shoulder with our troops in the field--to serve in Afghanistan for 1 year.

Ambassador Crocker said he would expect no less of himself, and do no less, whatever the cost. So for the past few months, Ambassador Crocker has fought through persistent pain and discomfort to finish out his 1-year in Kabul, doing everything that is asked of him--and more. On Tuesday, that year came to an end, and Ambassador Crocker came home to receive the care he desperately needs.

This is a remarkable story, but it is only surprising to those who do not know Ryan Crocker. For those of us who have had the pleasure and the honor of coming to know Ryan well, this latest story is not at all surprising. It is actually quite in keeping with the character and the actions of this superb, decent, and selfless man--a man whom I would call, without question or hesitation, the most excellent Foreign Service officer and one of the finest public servants I have ever known.

For the past 41 years, ever since he was a junior diplomat serving in prerevolution Iran, Ryan Crocker has consistently answered the call to serve in the most challenging, the most difficult, but also the most important posts in the world. They were the places, as it turned out, where America needed Ryan Crocker the most, and he has always served with distinction.

He was a young officer in Lebanon when our Embassy was bombed, and Ryan Crocker helped to pull his colleagues from the rubble and then got back to work. He was one of the first civilians into Afghanistan and Iraq after the recent wars, helping to reestablish our diplomatic presence in both countries after decades. He returned to Iraq during the surge and, as General Petraeus tells everyone, was absolutely indispensable in turning around our war effort, even as his life was constantly in danger from the rockets that smashed into his office in Baghdad and, perhaps more threatening, his own relentless work ethic, which literally almost killed him.

Many Presidents, Republicans and Democrats alike, have had the wisdom to appoint Ryan Crocker as their Ambassador to six different countries--Lebanon, Kuwait, Syria, Pakistan, Iraq, and finally Afghanistan.

Ambassador Crocker has been just as indispensable in Kabul as he has everywhere else in his career, from enhancing our relationship with President Karzai and the people of Afghanistan, to negotiating and concluding the Strategic Partnership Agreement with Afghanistan, to being the dedicated partner every hour of every day of GEN John Allen and all of our men and women serving in harm's way.

In my many years and my many travels, I have had the pleasure and honor of meeting and getting to know many of our career diplomats, and I am continually impressed by their high quality and tough-mindedness, their patriotism and love of their country, their constant willingness to serve and the many quiet sacrifices they make. But of all of these remarkable men and women, never have I met a Foreign Service officer more outstanding or more committed to our country than Ryan Crocker.

The one comfort I take in Ryan's departure from Afghanistan is that he remains an abiding inspiration to his fellow diplomats, who revere him and hold him in the highest regard and wish to model themselves and their careers after his life and service. America will be a better and safer place because of this, thanks to Ryan Crocker.

Mr. President, I rise today to oppose the Cybersecurity Act of 2012 because it would do very little to improve our country's national security. In fact, in its present form, I believe the bill before us would do more harm to our country's economy and expand the size and influence of the Federal Government--specifically, the Department of Homeland Security--than anything else.

But before I begin my critique of the Cybersecurity Act, I would like to reaffirm my sincere respect for the lead sponsor of this bill--both sponsors, actually, both Senators Lieberman and Collins. Although I disagree, whatever criticisms I may have with the legislation should not be interpreted as an attack on the sponsors of the bill but, rather, on the process by which the bill being debated today arrived before us and its public policy implications.

Consider this for a moment: If we pass this bill in its present form, which I hope we will not, we will have handed over one of the most technologically complex aspects of our national security to an agency with an abysmal track record, the Department of Homeland Security. The problems at DHS are too numerous to list here today, but I think I speak for many when I question the logic of putting this agency in charge of sensitive national security matters. They cannot even screen airline passengers without constant controversy. And do not forget that this is the same outfit in charge of the Chemical Facility Anti-Terrorism Standards Program, or CFATS, which was described in a recent report as ``at measurable risk,'' beset by deep-seated problems such as wasteful spending and a largely unqualified workforce that lacks ``professionalism.'' I for one am not willing to take such a broad leap of faith and entrust this complex area of our national security and so many vibrant parts of our economy to this ineffective, bloated government agency.

The poor quality of the bill before us is a direct reflection of the lack of a thorough and transparent committee process. Had this bill been subjected to the proper process, my colleagues and I and the American public would have a much better understanding of the real implications of this undertaking. Unfortunately, this bill has not been the subject of one hearing, a single markup, or a whiff of regular legislative procedure.

Our Nation's cybersecurity is critical, and the issue is deserving of the regular order and the full attention and input of every Member of this body. I urge the majority leader to allow a full, fair, and open amendment process if cloture is invoked on the motion to proceed.

All of us should recognize the importance of cybersecurity. Time and again we have heard from experts about the importance of maximizing our Nation's ability to effectively prevent and respond to cyber threats. We have all listened to accounts of cyber espionage originating from countries such as China, organized criminals in Russia, and the depth of the threat from Iran in the aftermath of the Stuxnet leaks originating from the current administration. Unfortunately, this bill would do little to minimize those threats or generally improve our current cybersecurity posture.

The reason for this bill's general inadequacy is that rather than using a liability protection framework to enter into cooperative relationships with the private sector, which happens to own 80 to 90 percent of the critical cyber infrastructure in this country, this bill chooses to take an

adversarial approach, with government mandates and inadequate liability protections.

Further, this bill includes unnecessary items that our government cannot afford and makes no mention of what the additional programs will cost. For instance, I am sure some of us have fond childhood memories of going to or taking part in a talent show, but to include talent show provisions in this bill is ridiculous. Title IV of this bill authorizes 9th to 12th grade cyber talent shows and cyber summer programs for kindergartners to seniors in high school--again, ridiculous, especially considering that the majority leader deemed this bill more important than the National Defense Authorization Act.

While I have criticisms with every title of this bill, I will limit my comments today to title I, which regulates critical infrastructure, and title VII, which concerns information sharing among the government and the private sector. In my view, these titles, along with weighing how much this bill, which lacks a CBO score--we do not even know how much it is going to cost--will ultimately cost and how it will dramatically increase the size of the Federal Government, are the most important aspects we can discuss.

With respect to the first title, title I, the proponents of the Cybersecurity Act would have you believe this bill authorizes the private sector to generate their own standards, that those standards are voluntary, and that the bill establishes a ``public-private partnership.'' Unfortunately, I disagree with each of those characterizations. As the bill is currently written, the government and not the private sector would have the final say on what standards look like and the private sector would be forced to comply. While my colleagues might suggest that section 103 states that the private sector proposes ``voluntary'' cybersecurity practices to the government, I call your attention to the following provision in section 103, which states the government would then decide whether and how to ``amend'' or ``add'' to those cybersecurity practices. Additionally, there is no recourse for the private sector to challenge the government's actions.

Soon after the government's takeover of the development of cybersecurity standards, any notion of the standards being ``voluntary'' evaporates. Section 103 clearly states: ``A Federal agency with responsibilities for regulating the security of critical infrastructure may adopt the cybersecurity practices as mandatory requirements.'' That is the language of the bill. What is being portrayed as ``voluntary'' proposals would soon become mandatory requirements.

Unfortunately, the conversion from voluntary to mandatory does not stop there. Shockingly, under this bill, if an agency does not adopt mandatory cybersecurity practices, it must explain why it chose not to do so. That is right. Under this bill, if a regulatory agency chooses not to mandate the ``voluntary'' practices, it must explain itself--as if it must be doing something contrary to the final objective. If this provision does not reveal the true regulatory intent of the proponents of this bill, nothing does.

Section 105 brings home this point by stating: ``Nothing in this title shall be construed to limit the ability of a Federal agency with responsibilities for regulating the security of critical infrastructure from requiring that the cybersecurity practices developed under section 103 be met.'' I would very much commend my colleagues to read that provision of the bill. All you have to do is read it. The regulatory result of these standards could not be clearer.

Moving on to title VII, which deals with the flow of information between the government and the private sector, the current bill is a step in the wrong direction. Specifically, the bill would make us less safe by failing to place the agencies with the most expertise and that are the most capable of protecting us on the same footing as other entities within the Federal Government. It strikes me as counterintuitive to prevent the institutions most capable of protecting the United States from a cyber attack and leave us reliant on agencies with far less capabilities.

Because this bill fails to equitably incentivize the voluntary sharing of information with all of the Federal Government's cyber defense assets, it does a great disservice to our national security. In cyber war, where speed and reaction times are essential to success, real-time responses are essential. The bill language states that information should be shared in ``as close to real time as possible.'' That may sound nice, but it will not get the job done.

We all agree that the threat we face in the cyber domain is among the most significant challenges of the 21st century. It is reckless and irresponsible to rebuild the very stovepipes and information-sharing barriers that the 9/11 Commission attributed as responsible for one of our greatest intelligence failures.

Because of my opposition to this bill and the lack of a regular legislative process, I have joined with Senators Chambliss, Hutchison, Grassley, Murkowski, Burr, Johnson of Wisconsin, and Coats in offering an alternative cybersecurity bill. The fundamental difference in our alternative approach is that we aim to enter into a truly cooperative relationship with the entire private sector through voluntary information sharing rather than an adversarial one with the threat of mandates. Our bill, which also addresses reforming how the government protects its own assets, sets penalties for cyber crimes, refocuses government research toward cybersecurity, and provides a commonsense path forward to improve our Nation's cybersecurity defenses with no new spending. We believe that by improving information sharing among the private sector and the government, updating our Criminal Code to reflect the threat cyber criminals pose, reforming the Federal Information Security Management Act, and focusing Federal investments in cybersecurity, our Nation will be better able to defend itself against cyber attacks.

Even though we do not offer talent shows or summer camps in our bill, it has the support of the industries that themselves are under attack. Before I close, I would like to leave with you a final point which gets to the heart of why we are having this debate. In our country, unlike other countries around the globe, the private sector owns 80 to 90 percent of the critical cyber infrastructure.

This is a fact in which we should all take great pride. After all, it speaks to the essence of American entrepreneuralism and our spirit of individualism. The companies that own these systems are large and small, they employ men and women everywhere, and their influence reaches every State, every congressional district, and about every corner of our country. While we all agree we are involved in a serious national security discussion, we must not forget to weigh the economic realities of this debate too.

I caution all my colleagues to tread very carefully because I am deeply concerned we are on the cusp of granting the Federal Government broad authorities and influence over one of the most vibrant and innovative sectors of our economy. The technology sector and the use of the Internet by American companies to innovate and improve the customer experience are deeply threatened by the heavy and too often clumsy hand of government.

As we confront the security challenges of an innovative economy, we must be careful not to undermine the economy itself. It is well known that we continue to have discussions amongst various parties: Senator Kyl, Senator Whitehouse, Senator Lieberman, Senator Collins. Sometimes the crowd is large, sometimes it is not so large. I think we have made some progress. I think there is a better understanding of both of the different proposals that are before us. I do believe it is important, I do believe it is very important that businesses large and small in the United States of America, whether they be the utility companies or whether they be the most high-tech sectors, be represented in these discussions. We have tried to do that.

I believe we can make progress. I believe we can reach an agreement. I also know we have had several meetings and have not had extremely measurable progress. But I am committed to doing everything I can to see we reach that agreement before we conclude the consideration of this legislation.

I would also like to point out to my colleagues that I have had numerous conversations with my friends on the other side of the Capitol. They find this legislation in its present form unacceptable. I would hope we would also consider the fact that we need to get a final bill, not just one passed by the Senate.

I yield the floor.


Skip to top

Help us stay free for all your Fellow Americans

Just $5 from everyone reading this would do it.

Back to top