[Congressional Record Volume 149, Number 8 (Thursday, January 16, 2003)]
[Senate]
[Page S1079]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]

      By Mr. EDWARDS:
  S. 187. A bill to provide for the elimination of significant 
vulnerabilities in the information technology of the Federal 
Government, and for other purposes; to the Committee on Governmental 
Affairs.
  Mr. EDWARDS. Mr. President, I rise today to introduce the National 
Cyber Security Leadership Act of 2003, a bill that calls on the Federal 
Government to lead by example in shoring up its computers and 
protecting them against cyber attacks.
  I introduce this bill because our Nation's computers and networks are 
increasingly vulnerable to cyber attacks. A week after the September 11 
attacks, a cyber attack spread across 86,000 computers over several 
days, causing unknown amounts of financial and economic damage. Two 
months before that, a cyber attack called Code Red infected 150,000 
computers in 14 hours. According to cyber security experts, Federal 
computers have already been used as weapons in large-scale cyber 
attack.
  There aren't just amateur teenage hackers. Terrorists, including al 
Qaeda operatives, have browsed Internet sites offering software that 
would help them take down power, water, transport and communications 
grids.
  One of the principal reasons that companies do not act to secure 
their systems is that the Federal Government does not act to secure its 
own systems. Unfortunately, Federal agencies continue to be among the 
worst offenders failing to protect themselves against cyber attack. 
Last November, a Congressional report card gave 14 agencies a failing 
grade for their computer security efforts. These vulnerabilities leave 
our Federal agencies exposed to hackers, system shutdowns, and cyber 
terrorist infiltration.
  Clearly, we need to act now to strengthen our computer systems. I 
believe the first step in this process is to have our Federal agencies 
lead by example.
  The National Cyber Security Leadership Act of 2003 would establish 
higher standards for Federal Government computer safety. The National 
Institute of Standards and Technology would establish the standards 
after individual agencies conduct comprehensive tests of their network 
systems and report on their weaknesses. These procedures will 
strengthen our government's resistance to cyber attacks and will 
demonstrate to the business community the tremendous value in 
conducting comprehensive security tests and monitoring new 
developments.
  I have developed this important piece of legislation with assistance 
from Mr. Alan Paller, Director of Research for the SANS Institute; Mr. 
Franklin S. Reeder, Chairman of the Center for Internet Security and of 
the Computer System Security and Privacy Advisory Committee; and 
several computer security experts in the Federal Government.
  We cannot afford to wait until we experience a computer meltdown. I 
urge my colleagues to join with me in helping our Federal agencies to 
lead by example.
                                 ______