[Congressional Record Volume 155, Number 136 (Thursday, September 24, 2009)]
[Senate]
[Pages S9851-S9853]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]




                         SUBMITTED RESOLUTIONS

                                 ______
                                 

  SENATE RESOLUTION 285--SUPPORTING THE GOALS AND IDEALS OF NATIONAL 
 CYBERSECURITY AWARENESS MONTH AND RAISING AWARENESS AND ENHANCING THE 
              STATE OF CYBERSECURITY IN THE UNITED STATES

  Mrs. FEINSTEIN (for herself, Mr. Rockefeller, Mrs. Gillibrand, Mr. 
Carper, Ms. Mikulski, Mr. Lieberman, Ms. Collins, Mr. Reid, Mr. Levin, 
Mr. Bennett, Ms. Snowe, Ms. Landrieu, Mr. Hatch, Mr. Bayh, and Mr. 
Voinovich) submitted the following resolution; which was referred to 
the Committee on Commerce, Science, and Transportation:

                              S. Res. 285

       Whereas the use of the Internet in the United States, to 
     communicate, conduct business, or generate commerce that 
     benefits the overall United States economy, is ubiquitous;
       Whereas many people use the Internet in the United States 
     to communicate with family and friends, manage finances and 
     pay bills, access educational opportunities, shop at home, 
     participate in online entertainment and games, and stay 
     informed of news and current events;
       Whereas United States small businesses, which employ a 
     significant fraction of the private workforce, increasingly 
     rely on the Internet to manage their businesses, expand their 
     customer reach, and enhance the management of their supply 
     chain;
       Whereas nearly all public schools in the United States have 
     Internet access to enhance children's education, with a 
     significant percentage of instructional rooms connected to 
     the Internet to enhance children's education by providing 
     access to educational online content and encouraging self-
     initiative to discover research resources;
       Whereas the number of children who connect to the Internet 
     continues to rise, and teaching children of all ages to 
     become good cyber-citizens through safe, secure, and ethical 
     online behaviors and practices is essential to protect their 
     computer systems and potentially their physical safety;
       Whereas the growth and popularity of social networking 
     websites has attracted millions of teenagers, providing 
     access to a range of valuable services, making it all the 
     more important to teach young users how to avoid potential 
     threats like cyber bullies, predators, and identity thieves 
     they may come across while using such services;
       Whereas cybersecurity is a critical part of the United 
     States national security and economic security;
       Whereas the United States critical infrastructures and 
     economy rely on the secure and reliable operation of 
     information networks to support the United States military, 
     civilian government, energy, telecommunications, financial 
     services, transportation, health care, and emergency response 
     systems;
       Whereas Internet users and information infrastructure 
     owners and operators face an increasing threat of malicious 
     crime and fraud attacks through viruses, worms, Trojans, and 
     unwanted programs such as spyware, adware, hacking tools, and 
     password stealers, that are frequent and fast in propagation, 
     are costly to repair, and may disable entire systems;
       Whereas millions of records containing personally 
     identifiable information have

[[Page S9852]]

     been lost, stolen, or breached, threatening the security and 
     financial well-being of United States citizens;
       Whereas consumers face significant financial and personal 
     privacy losses due to personally identifiable information 
     being more exposed to theft and fraud than ever before;
       Whereas national organizations, policymakers, government 
     agencies, private sector companies, nonprofit institutions, 
     schools, academic organizations, consumers, and the media 
     recognize the need to increase awareness of cybersecurity and 
     the need for enhanced cybersecurity in the United States;
       Whereas coordination between the numerous Federal agencies 
     involved in cybersecurity efforts is essential to securing 
     the cyber infrastructure of the United States;
       Whereas the National Strategy to Secure Cyberspace, 
     published in February 2003, recommends a comprehensive 
     national awareness program to empower all people in the 
     United States, including businesses, the general workforce, 
     and the general population, to secure their own parts of 
     cyberspace;
       Whereas the White House's Cyberspace Policy Review, 
     published in May 2009, recommends that the government 
     initiate a national public awareness and education campaign 
     to promote cybersecurity; and
       Whereas the National Cyber Security Alliance, the Multi-
     State Information Sharing and Analysis Center, the Department 
     of Homeland Security, and other organizations working to 
     improve cybersecurity in the United States have designated 
     October 2009 as the sixth annual National Cybersecurity 
     Awareness Month which serves to educate the people of the 
     United States about the importance of cybersecurity: Now, 
     therefore, be it
       Resolved, That the Senate--
       (1) supports the goals and ideals of National Cybersecurity 
     Awareness Month, as designated by the National Cyber Security 
     Alliance, the Multi-State Information Sharing and Analysis 
     Center, the Department of Homeland Security, and other 
     organizations working to improve cybersecurity in the United 
     States;
       (2) continues to work with Federal agencies, businesses, 
     educational institutions, and other organizations to enhance 
     the state of cybersecurity in the United States; and
       (3) congratulates the National Cyber Security Alliance, the 
     Multi-State Information Sharing and Analysis Center, the 
     Department of Homeland Security, and other organizations 
     working to improve cybersecurity in the United States on the 
     sixth anniversary of the National Cybersecurity Month during 
     October 2009.

  Mrs. FEINSTEIN. Mr. President, today I rise to submit, along with 
Senators Rockefeller, Gillibrand, Carper, Mikulski, Lieberman, Collins, 
Reid, Levin, Bennett, Snowe, Landrieu, Hatch, Bayh, and Voinovich, a 
resolution supporting National Cyber Security Awareness Month, which 
will be held next month.
  We in the Congress are trying to make cybersecurity a priority issue, 
but much work remains to be done. A critical first step is to raise 
awareness and public understanding of the cyber threat and steps that 
can be taken to improve cybersecurity. This is true across Government 
and private industry, but the Government should play a leadership role.
  Each year for the last 5 years, the National Cyber Security Alliance, 
the Multi-State Information Sharing and Analysis Center, the Department 
of Homeland Security, and other organizations working to improve 
cybersecurity in the U.S. have designated October as National Cyber 
Security Awareness Month.
  Today, I am submitting a resolution to officially designate National 
Cyber Security Awareness Month again this October.
  The goal is to educate and empower Internet users to take simple 
steps to safeguard themselves from the latest online threats and 
respond to cyber crime and to bring Federal agencies, businesses, 
educational institutions, and other organizations together to encourage 
development and implementation of cybersecurity best practices.
  Cybersecurity is a serious national security and economic security 
challenge of great complexity, deserving of increased attention from 
the Congress. As the Senate prepares to consider important 
cybersecurity legislation to provide new authorities and clarify 
privacy and legal issues, a few cyber-related observations and concerns 
can be mentioned now.
  First, I am troubled by the lack of situational awareness on the 
opportunities, activities, and identities of cyber thieves or potential 
attackers on U.S. information networks. This is a serious weakness and 
a source of frustration for those responsible for oversight and 
strategic decision-making. Unfortunately, it will not be easy to remedy 
this because there are disincentives to report cyber intrusions and 
vulnerabilities in the U.S. Government and private sector. This must 
change. It must change quickly so that cybersecurity leaders can make 
well-informed decisions and respond to problems in real time.
  Next, it is clear that cybersecurity activities must be conducted 
with strong congressional oversight that will demand thorough Executive 
branch planning before billions of dollars are authorized and 
appropriated. In addition, there must be a rigorous analysis of the 
government's use of legal authorities for national cybersecurity 
missions that preserve the reasonable privacy expectations of 
Americans. The government's role must be well-defined as its activities 
involving the Internet evolve. I appreciate the White House's effort to 
be transparent and open with Congress on this issue this year, and have 
high expectations for continued healthy cooperation.
  We need to have those entities with cybersecurity responsibilities 
collaborating across the Government. That means homeland security, 
intelligence, military, foreign policy, law enforcement, and other 
components involved in cybersecurity must be working together. The 
President has begun, through his cybersecurity review earlier this 
year, to provide a clear vision, strategic direction, and effective 
integration of the wide range of cybersecurity activities. However, 
more progress in this area is needed.
  I was pleased when President Obama made a major address on 
cybersecurity at the end of May, but that strong first step has been 
followed by a four-month delay in appointing a White House 
cybersecurity coordinator. Until this position is filled, it will be 
difficult to have effective leadership and coordination on governmental 
cybersecurity efforts.
  The Federal Government's communication strategy concerning 
cybersecurity must be improved as well. There should be a new plan on 
the best way to communicate the national cybersecurity policy to the 
public. Though some elements must be classified, it is important that 
the American people understand the Government's basic role in helping 
to secure information networks. The general rules and expectations for 
Government involvement, and how these may affect privacy, must be 
clearly explained.
  In addition, the Government must consider that effective 
cybersecurity inside the U.S. will require stronger diplomatic efforts 
and an international agreement on what will and will not be tolerated 
in cyberspace. An international framework on cyber warfare, much like 
international conventions on traditional warfare, is needed to govern 
this rapidly growing field.
  I also believe there should be a significant emphasis on long-term 
issues such as cyber research and development, recruiting cyber experts 
into government, and cyber education and training. In particular, 
recent studies sponsored by the Senate Select Committee on Intelligence 
have concluded that the Intelligence Community must dramatically 
increase funding for research and development in order for our cyber 
defenses to be effective in the future.
  The online world is moving quickly, with cutting-edge technology 
expertise spread across the globe, and the U.S. cannot presume a clear-
cut technology advantage as it has in other areas of national security. 
I recommend a balanced portfolio approach that includes a nationally 
coordinated program of long-term, high-risk research aimed at 
revolutionary breakthroughs, sustained even when faced with near-term 
budget pressures. I strongly support a rebalancing of the Federal 
Government's Comprehensive National Cybersecurity Initiative budget to 
address these concerns.
  Finally, as a step beyond the Comprehensive National Cybersecurity 
Initiative's focus on securing Federal Government information networks, 
I am highly concerned about protecting the U.S. critical 
infrastructure. For example, the country's electric power grid, 
communications systems, and financial infrastructure are all critical 
to our way of life yet unacceptably vulnerable to cyber attack. The 
Government and the private sector must work together to share more 
effectively cyber threat and vulnerability information, and the 
administration and

[[Page S9853]]

the Congress must work together to determine the best mix of mandates, 
incentives, and other tools to improve critical infrastructure 
security.
  Fortunately, there is an increasing level of interest and debate on 
cybersecurity issues in Congress and around the country. The Senate 
Intelligence Committee, which I have the privilege of chairing, has 
invested significant time assessing the cyber threat to our country and 
potential Government responses through the following initiatives: 
scores of personal meetings and staff briefings with government, 
private sector, academic, and nonprofit thought-leaders; six cyber 
hearings in the last 2 years; four 6-month studies by the Committee's 
Technical Advisory Group; a new, balanced oversight system for federal 
government cybersecurity programs, as proposed in the fiscal year 2010 
intelligence authorization bill; and regular outreach to other 
congressional committees.
  I want to thank my distinguished colleagues, Senators Rockefeller, 
Gillibrand, Carper, Mikulski, Lieberman, Collins, Reid, Levin, Bennett, 
Snowe, Landrieu, Hatch, Voinovich, and Bayh, for cosponsoring this 
resolution and for their leadership on this issue. I look forward to 
working with them and other members of Congress to improve our 
cybersecurity in the future.

                          ____________________