[Congressional Record Volume 156, Number 162 (Thursday, December 9, 2010)]
[Senate]
[Pages S8713-S8714]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]

      By Mr. CARDIN (for himself and Mr. Whitehouse):
  S. 4021. A bill to reduce the ability of terrorists, spies, 
criminals, and other malicious actors to compromise, disrupt, damage, 
and destroy computer networks, critical infrastructure, and key 
resources, and for other purposes; to the Committee on Commerce, 
Science, and Transportation.
  Mr. CARDIN. Mr. President, the Internet has had a profound impact on 
the daily lives of millions of Americans by enhancing communications, 
commerce, education, and socialization between and among persons 
regardless of their location. However, computers and other devices that 
connect to the Internet may be used, exploited, and compromised by 
terrorists, criminals, spies, and other malicious actors. As a result, 
they pose a risk to computer networks, critical infrastructure, and key 
resources in the United States. Users of computers and other devices 
that connect to the Internet are generally unaware that these devices 
can be easily used, exploited and compromised by others with spam, 
viruses, and other malicious software and agents. Internet and 
cybersecurity safety has therefore become an urgent homeland security 
issue that needs to be addressed by internet service providers, 
technology companies, other entities that enable devices to connect to 
the Internet, and by individuals.
  I have been focusing on cybersecurity issues for quite some time. 
More than a year ago, as chairman of the Terrorism and Homeland 
Security Subcommittee of the Judiciary Committee, I chaired a 
Subcommittee hearing titled ``Cybersecurity: Preventing Terrorist 
Attacks and Protecting Privacy in Cyberspace.'' The hearing included 
witnesses from key Federal agencies responsible for cybersecurity, as 
well as representatives of the private sector. We reviewed governmental 
and private sector efforts to prevent a terrorist cyber attack that 
could cripple large sectors of our government, economy, and essential 
services. It was both illuminating and frightening.
  The expertise that I have developed in regard to cybersecurity has 
convinced me that the Government and the private sector need to work 
together to develop and enforce minimum Internet and cybersecurity 
safety standards for users of computers and

[[Page S8714]]

other devices that connect to the Internet. In the same way that 
automobiles cannot and should not be sold or operated on public 
highways unless they meet certain minimum safety standards, minimum 
Internet and cybersecurity safety standards are essential for the 
nation's information superhighway.
  As a result, today I am introducing the Internet and Cybersecurity 
Safety Standards Act, ICSSA. My bill will require the Secretary of 
Homeland Security, in consultation with the Attorney General and the 
Secretary of Commerce, to conduct an analysis to determine the costs 
and benefits of requiring internet service providers and others to 
develop and enforce minimum Internet and cybersecurity safety 
standards. The Secretary will be required to consider all relevant 
factors in this analysis, including the effect that the development and 
enforcement of minimum Internet and cybersecurity safety standards 
would have on homeland security, the global economy, innovation, 
individual liberty, and privacy. My bill will also require the 
Secretary of Homeland Security, the Attorney General and the Secretary 
of Commerce to consult with relevant stakeholders in the Government 
and, most importantly, the private sector, including the academic 
community and groups or institutions that have scientific and technical 
expertise related to standards for computer networks, critical 
infrastructure, or key resources. The private sector must be a partner 
in the efforts to secure the nation's information superhighway. Under 
my bill, the Secretary of Homeland Security will be required to report 
to Congress within one year with specific recommendations for minimum 
voluntary or mandatory Internet and cybersecurity standards for 
computers and other devices that connect to the Internet, so that we 
can prevent them from being used, exploited, and compromised by 
terrorists, criminals, spies, and other malicious actors.
  In December of 2009, I praised the appointment of Howard Schmidt as 
the new White House Cybersecurity Coordinator to make sure that 
agencies are all working together on this critical challenge. In April 
of this year, I also stressed with Secretary Napolitano, at a Senate 
Judiciary Committee oversight hearing for the Department of Homeland 
Security, the need to continue to make cybersecurity a top priority. 
But we can and must do more. My bill will help secure our nation's 
digital future.
  Mr. President, I ask unanimous consent that the text of the bill be 
printed in the Record.
  There being no objection, the text of the bill was ordered to be 
printed in the Record, as follows:

                                S. 4021

       Be it enacted by the Senate and House of Representatives of 
     the United States of America in Congress assembled,

     SECTION 1. SHORT TITLE.

       This Act may be cited as the ``Internet and Cybersecurity 
     Safety Standards Act''.

     SEC. 2. DEFINITIONS.

       In this Act:
       (1) Computers.--Except as otherwise specifically provided, 
     the term ``computers'' means computers and other devices that 
     connect to the Internet.
       (2) Providers.--The term ``providers'' means Internet 
     service providers, communications service providers, 
     electronic messaging providers, electronic mail providers, 
     and other persons who provide a service or capability to 
     enable computers to connect to the Internet.
       (3) Secretary.--Except as otherwise specifically provided, 
     the term ``Secretary'' means the Secretary of Homeland 
     Security.

     SEC. 3. FINDINGS.

       Congress finds the following:
       (1) While the Internet has had a profound impact on the 
     daily lives of the people of the United States by enhancing 
     communications, commerce, education, and socialization 
     between and among persons regardless of their location, 
     computers may be used, exploited, and compromised by 
     terrorists, criminals, spies, and other malicious actors, 
     and, therefore, computers pose a risk to computer networks, 
     critical infrastructure, and key resources in the United 
     States. Indeed, users of computers are generally unaware that 
     their computers may be used, exploited, and compromised by 
     others with spam, viruses, and other malicious software and 
     agents.
       (2) Since computer networks, critical infrastructure, and 
     key resources of the United States are at risk of being 
     compromised, disrupted, damaged, or destroyed by terrorists, 
     criminals, spies, and other malicious actors who use 
     computers, Internet and cybersecurity safety is an urgent 
     homeland security issue that needs to be addressed by 
     providers, technology companies, and persons who use 
     computers.
       (3) The Government and the private sector need to work 
     together to develop and enforce minimum Internet and 
     cybersecurity safety standards for users of computers to 
     prevent terrorists, criminals, spies, and other malicious 
     actors from compromising, disrupting, damaging, or destroying 
     the computer networks, critical infrastructure, and key 
     resources of the United States.

     SEC. 4. COST-BENEFIT ANALYSIS.

       (a) Requirement for Analysis.--The Secretary, in 
     consultation with the Attorney General and the Secretary of 
     Commerce, shall conduct an analysis to determine the costs 
     and benefits of requiring providers to develop and enforce 
     minimum Internet and cybersecurity safety standards for users 
     of computers to prevent terrorists, criminals, spies, and 
     other malicious actors from compromising, disrupting, 
     damaging, or destroying computer networks, critical 
     infrastructure, and key resources.
       (b) Factors.--In conducting the analysis required by 
     subsection (a), the Secretary shall consider all relevant 
     factors, including the effect that the development and 
     enforcement of minimum Internet and cybersecurity safety 
     standards may have on homeland security, the global economy, 
     innovation, individual liberty, and privacy.

     SEC. 5. CONSULTATION.

       In conducting the analysis required by section 4, the 
     Secretary, in consultation with the Attorney General and the 
     Secretary of Commerce, shall consult with relevant 
     stakeholders in the Government and the private sector, 
     including the academic community, groups, or other 
     institutions, that have scientific and technical expertise 
     related to standards for computer networks, critical 
     infrastructure, or key resources.

     SEC. 6. REPORT.

       (a) In General.--Not later than 1 year after the date of 
     the enactment of this Act, the Secretary shall submit to the 
     appropriate committees of Congress a final report on the 
     results of the analysis required by section 4. Such report 
     shall include the consensus recommendations, if any, for 
     minimum voluntary or mandatory Internet and cybersecurity 
     safety standards that should be developed and enforced for 
     users of computers to prevent terrorists, criminals, spies, 
     and other malicious actors from compromising, disrupting, 
     damaging, or destroying computer networks, critical 
     infrastructure, and key resources.
       (b) Appropriate Committees of Congress.--In this section, 
     the term ``appropriate committees of Congress'' means--
       (1) the Committee on Commerce, Science, and Transportation, 
     the Committee on Homeland Security and Governmental Affairs, 
     and the Committee on the Judiciary of the Senate; and
       (2) the Committee on Energy and Commerce, the Committee on 
     Homeland Security, the Committee on the Judiciary, and the 
     Committee on Oversight and Government Reform of the House of 
     Representatives.

                          ____________________