BREAK IN TRANSCRIPT
Mrs. McCASKILL. Mr. President, I come to the floor today to express my concerns about S.3414, the Cybersecurity Act of 2012. Like many of my colleagues, I voted today to allow the Senate to fully debate and consider amendments to this bill, but I want to make it clear that I have some significant concerns about this legislation and unless improvements are made, I cannot support the legislation in its current form.
At the outset, let me just say, I do firmly believe that the Congress should take action to address our Nation's vulnerability to cyber threats. A cyber attack on our critical infrastructure, whether it be our energy grid, a regional water supply, or our financial markets, could significantly harm our economy, our national security, and our way of life. However, the legislation before us today still needs significant improvement before it can become the law of the land.
I have heard from many in Missouri, including many companies operating or associated with the types of critical infrastructure that will be subject to the provisions of this legislation. They have raised concerns that, as currently structured, S. 3414 would create redundant oversight structures and add additional standards. Moreover, the bill may have the effect of creating a new Federal system that these entities will have to comply with even though many already work within well-established systems related to developing security standards and responding to cyber threats. I cannot support legislation that creates new and duplicative systems that will impact Missouri businesses in a negative way. While addressing the critical national security aspects of improving our Nation's defenses against and ability to respond to cyber attacks, cybersecurity legislation must improve the regulatory scheme and streamline processes for businesses, not the opposite.
Additionally, the carrot-and-stick approach that is created by the current bill would limit the sharing of cyber threat information, in a protected fashion, to those private entities which are participating in the voluntary cybersecurity program the bill would create. Those in the program would have to adopt specific standards and in return would receive relevant real-time cyber threat information. Those not accepting those standards and entering the program would not receive the protections of the program and would be limited in the cyber threat information they receive. Given that sharing such information could potentially thwart a cyber attack, it seems absurd that such information would go unshared because a particular entity was not a participant in the voluntary system. Such a provision inhibits the very type of information sharing we are trying to promote in order to enhance cyber security. In this respect, the carrot-and-stick approach simply does not make sense.
I also remain concerned with the scope of responsibility this legislation provides to the Department of Homeland Security. As we have found throughout the history of DHS, it has relied heavily upon a contract workforce in order to satisfy its mission. At this time, the Department does not have the necessary expertise it will need to guide a multi-agency, multi-sector council in evaluating whether or not proposed cybersecurity standards are sufficient to address the evolving nature of cyber threats. The decision to place DHS in such a critical role leadership role in regards to many aspects of the cybersecurity scheme proposed by this legislation needs to be revisited.
I have other concerns with this legislation, but these are my chief concerns. I am pleased that both of the Senate's leaders have indicated that this legislation will be subject to a robust amendment process. I look forward to evaluating the amendments brought forward to this legislation, and I am hopeful that the amendments will improve the bill enough so that I can support it. If not, I will oppose the legislation and send it back to the committee process, where more work can be undertaken to generate an acceptable piece of cybersecurity legislation. Whether now or in the future, the Senate does need to pass legislation. But it must be legislation that is well crafted, balanced, and workable for the businesses that will operate under its scheme.
I yield the floor.
BREAK IN TRANSCRIPT