[Congressional Record Volume 157, Number 25 (Wednesday, February 16, 2011)]
[Senate]
[Pages S796-S797]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]

      By Mr. CARDIN (for himself and Mr. Whitehouse):
  S. 372. A bill the ability of terrorists, spies, criminals, and other 
malicious actors to compromise, disrupt, damage, and destroy computer 
networks, critical infrastructure, and key resources, and for other 
purposes; to the Committee on Commerce, Science, and Transportation.
  Mr. CARDIN. Mr. President, the Internet has had a profound impact on 
the daily lives of millions of Americans by enhancing communications, 
commerce, education and socialization between and among persons 
regardless of their location. Internationally, we have seen the 
transformative power of the Internet in places like Egypt. A free and 
open Internet gives strength and a voice to people worldwide and should 
be protected from censorship and other forms of suppression. But the 
Internet and those who engage in communications and commerce across 
cyberspace must be safe--protected from predators like criminals, 
terrorists and spies who wish to exploit or compromise information and 
systems connected to the Internet. Our Nation is vulnerable to such 
attacks, but working together, in partnership with the private sector, 
we can find a balance that keeps information flowing freely while 
keeping us all safe from harm.
  I have been focusing on cybersecurity issues for quite some time. 
More than a year ago, as the former chairman of the Terrorism and 
Homeland Security Subcommittee of the Judiciary Committee, I chaired a 
Subcommittee hearing titled ``Cybersecurity: Preventing Terrorist 
Attacks and Protecting Privacy in Cyberspace.'' The hearing included 
witnesses from key federal agencies responsible for cybersecurity, as 
well as representatives of the private sector. We reviewed governmental 
and private sector efforts to prevent a terrorist cyber attack that 
could cripple large sectors of our government, economy, and essential 
services.
  The cybersecurity expertise that I have developed has convinced me 
that the Government and the private sector can and should work together 
to protect the American people in cyberspace. As a result, I am 
reintroducing the Cybersecurity and Internet Safety Standards Act, 
CISSA. This bill, which is cosponsored by Senator Whitehouse, will 
require the Secretary of Homeland Security, in consultation with the 
Attorney General, the Secretary of Commerce, and the Director of 
National Intelligence, to conduct an analysis to determine the costs 
and benefits of requiring internet service providers and others to 
develop and enforce minimum voluntary or mandatory cybersecurity and 
Internet safety standards. Under this bill, the Secretary of Homeland 
Security will be required to report to Congress within one year with 
specific recommendations. Cybersecurity must be a top priority. This 
bill will help secure our nation's digital future by keeping the 
American people and our cyber infrastructure safe without hampering the 
freedoms inherently found in an open and accessible Internet.
  Mr. President, I ask unanimous consent that the text of the bill be 
printed in the Record.
  There being no objection, the text of the bill was ordered to be 
printed in the Record, as follows:

                                 S. 372

       Be it enacted by the Senate and House of Representatives of 
     the United States of America in Congress assembled,

     SECTION 1. SHORT TITLE.

       This Act may be cited as the ``Cybersecurity and Internet 
     Safety Standards Act''.

     SEC. 2. DEFINITIONS.

       In this Act:
       (1) Computers.--Except as otherwise specifically provided, 
     the term ``computers'' means computers and other devices that 
     connect to the Internet.
       (2) Providers.--The term ``providers'' means Internet 
     service providers, communications service providers, 
     electronic messaging providers, electronic mail providers, 
     and other persons who provide a service or capability to 
     enable computers to connect to the Internet.
       (3) Secretary.--Except as otherwise specifically provided, 
     the term ``Secretary'' means the Secretary of Homeland 
     Security.

     SEC. 3. FINDINGS.

       Congress finds the following:
       (1) While the Internet has had a profound impact on the 
     daily lives of the people of the United States by enhancing 
     communications, commerce, education, and socialization 
     between and among persons regardless of their location, 
     computers may be used, exploited, and compromised by 
     terrorists, criminals, spies, and other malicious actors, 
     and, therefore, computers pose a risk to computer networks, 
     critical infrastructure, and

[[Page S797]]

     key resources in the United States. Indeed, users of 
     computers are generally unaware that their computers may be 
     used, exploited, and compromised by others with spam, 
     viruses, and other malicious software and agents.
       (2) Since computer networks, critical infrastructure, and 
     key resources of the United States are at risk of being 
     compromised, disrupted, damaged, or destroyed by terrorists, 
     criminals, spies, and other malicious actors who use 
     computers, cybersecurity and Internet safety is an urgent 
     homeland security issue that needs to be addressed by 
     providers, technology companies, and persons who use 
     computers.
       (3) The Government and the private sector need to work 
     together to develop and enforce minimum voluntary or 
     mandatory cybersecurity and Internet safety standards for 
     users of computers to prevent terrorists, criminals, spies, 
     and other malicious actors from compromising, disrupting, 
     damaging, or destroying the computer networks, critical 
     infrastructure, and key resources of the United States.

     SEC. 4. COST-BENEFIT ANALYSIS.

       (a) Requirement for Analysis.--The Secretary, in 
     consultation with the Attorney General, the Secretary of 
     Commerce, and the Director of National Intelligence, shall 
     conduct an analysis to determine the costs and benefits of 
     requiring providers to develop and enforce voluntary or 
     mandatory minimum cybersecurity and Internet safety standards 
     for users of computers to prevent terrorists, criminals, 
     spies, and other malicious actors from compromising, 
     disrupting, damaging, or destroying computer networks, 
     critical infrastructure, and key resources.
       (b) Factors.--In conducting the analysis required by 
     subsection (a), the Secretary shall consider--
       (1) all relevant factors, including the effect that the 
     development and enforcement of minimum voluntary or mandatory 
     cybersecurity and Internet safety standards may have on 
     homeland security, the global economy, innovation, individual 
     liberty, and privacy; and
       (2) any legal impediments that may exist to the 
     implementation of such standards.

     SEC. 5. CONSULTATION.

       In conducting the analysis required by section 4, the 
     Secretary shall consult with the Attorney General, the 
     Secretary of Commerce, the Director of National Intelligence, 
     the Federal Communications Commission, and relevant 
     stakeholders in the Government and the private sector, 
     including the academic community, groups, or other 
     institutions, that have scientific and technical expertise 
     related to standards for computer networks, critical 
     infrastructure, or key resources.

     SEC. 6. REPORT.

       (a) In General.--Not later than 1 year after the date of 
     the enactment of this Act, the Secretary shall submit to the 
     appropriate committees of Congress a final report on the 
     results of the analysis required by section 4. Such report 
     shall include the consensus recommendations, if any, for 
     minimum voluntary or mandatory cybersecurity and Internet 
     safety standards that should be developed and enforced for 
     users of computers to prevent terrorists, criminals, spies, 
     and other malicious actors from compromising, disrupting, 
     damaging, or destroying computer networks, critical 
     infrastructure, and key resources.
       (b) Appropriate Committees of Congress.--In this section, 
     the term ``appropriate committees of Congress'' means--
       (1) the Committee on Commerce, Science, and Transportation, 
     the Committee on Homeland Security and Governmental Affairs, 
     and the Committee on the Judiciary of the Senate; and
       (2) the Committee on Energy and Commerce, the Committee on 
     Homeland Security, the Committee on the Judiciary, and the 
     Committee on Oversight and Government Reform of the House of 
     Representatives.
                                 ______