[Congressional Record Volume 158, Number 88 (Tuesday, June 12, 2012)]
[Senate]
[Pages S3933-S3934]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]



                             Cybersecurity

  Mr. President, technology has changed our world, and that is an 
understatement. It has changed the way we shop, the way we bank, even 
the way we travel. It changes the way we get information, and that is 
an understatement, and the way we share it, and that is an 
understatement.
  It was about 10 years ago or so that I decided to sell my home here 
in the suburbs, and I was stunned by one of my boys telling me: Hey, 
Dad, do you want to find out what other homes have been selling for 
around that area? Give me about a minute. And they pulled up on the 
computer every home in that area that had been sold in the last 2 
years--when, how much.
  There was even more detail than that. I was like: How do you do that? 
That was 10 years ago. That was in the Dark Ages with technology. There 
is so much that can be done now. Somebody can go online, go to Amazon, 
they can buy virtually anything in the world on that one Web site.
  I met with someone a couple weeks ago who had gone to work with 
Google when they had 15 employees, and he talked to us about the 
tremendous problems they had starting this company. They wanted to give 
people information. I will not go into all the details, but it was very 
difficult to come up with the Google that now exists. It was not there 
when there were 15 employees.
  They were working all night long trying to shut down computers and 
keep others going. So it is amazing what we have on the computer. 
Everyone can do it. Who wrote that song? What is the name of that play? 
What is the capital of Uzbekistan? Go to our BlackBerry. Go to whatever 
we have and get it in a second.
  So the way we get information, the way we share it, has changed so 
dramatically. It has changed the way our country protects itself. That 
is not something people understand as well as Google and Amazon. But 
the way we protect our country has changed. It has changed the type of 
attacks we have to guard against.
  Some of the top national security officials, including GEN Martin 
Dempsey, Chairman of the Joint Chiefs of Staff, GEN David Petraeus, 
four-star general, now head of the CIA, one of America's great 
patriots, and Leon Panetta, Secretary of Defense, have all said that 
malicious cyber attacks are the most urgent threat to our country, not 
North Korea, not Iran, not Pakistan, not Afghanistan but cyber attacks. 
We have already seen some of these. They have been kind of quiet to 
some but not to those in the security field.
  We have seen cyber attacks on our nuclear infrastructure, our Defense 
Department's most advanced weapons, and the stock exchange Nasdaq had 
an attack. Most major corporations have been attacked. They spend huge 
amounts of money protecting their products or their operations from not 
collapsing because of cyber attacks.
  Cyber attacks do not threaten only our national security, they 
threaten our economic security. These attacks cost our economy billions 
of dollars every year, millions of dollars every hour, and thousands of 
jobs. So we need to act quickly to pass legislation to make our Nation 
safer and protect American jobs.
  The Defense Department, Department of Homeland Security, and experts 
from across the intelligence community have issued chilling warnings 
about the seriousness of this threat. I cannot stress enough how 
concerned people who understand security feel about this. Just a few 
days ago, Senator McConnell and I received a letter from a remarkable 
bipartisan group of former national security officials, Democrats and 
Republicans.
  The group includes six former Bush and Obama administration 
officials: Michael Chertoff, who has been a circuit court judge, 
judicial scholar, became head of the Department of Homeland Security 
during some very difficult times we had in this country; Paul 
Wolfowitz, who has been advising Presidents for decades; ADM Mike 
McConnell; GEN Michael Hayden; GEN James Cartwright, William Lynn, III. 
That is who signed the letter, and I could give a short dissertation on 
every one of these individuals about what they know about the security 
of our country.
  The letter presented the danger in stark terms, as stark as I could 
ever imagine. This is a public letter. Listen to what this one 
paragraph says: ``We carry the burden of knowing that 9/11 might have 
been averted with intelligence that existed at the time.''
  Listen to that. They are admitting 
9/11 could have been averted with the tools we had at hand. They go on 
to say:

       We do not want to be in the same position again when 
     ``cyber 9/11'' hits--it is not a question of whether this 
     will happen; it is a question of when.

  This is not me saying this. This is General Hayden, who was the head 
of the CIA, briefing us many times about some of the most sensitive 
matters going on during the height of the Iraq war, Marine GEN James 
Cartwright, Defense Department expert William Lynn, III.
  This eminent group called the threat of a cyber attack imminent. What 
does imminent mean? It means now. They said it ``represents the most 
serious challenge to our national security since the onset of the 
nuclear age sixty years ago.''
  Let me reread that. They said it ``represents the most serious 
challenge to our national security since the onset of the nuclear age 
sixty years ago.'' They said it; I did not. The letter noted that the 
top cybersecurity priority is safeguarding critical infrastructure: 
computer networks--we talked about those a little bit already. But 
computer networks that control our electrical grid, our water supply, 
our sewers, our nuclear plants, energy pipelines, communication systems 
and financial systems and more.
  Because of Senator Mikulski--she was the one who said this was 
important--we did this. We went down to this classified room. We had a 
briefing on an example of what would happen to New York City if they 
took down the computer system to run that State's electricity. It would 
be disastrous, not only for New York but for our country.
  These vital networks must be required to meet minimum cybersecurity 
standards. That is what these prominent Americans believe, and so do I. 
The letter was clear that securing the infrastructure must be part of 
any cybersecurity legislation this Congress considers. I believe that 
also.
  GEN Keith Alexander, Director of the National Security Agency, has 
said something very similar. This is what he wrote to Senator McCain 
recently:

       Critical infrastructure protection needs to be addressed in 
     any cyber security legislation. The risk is simply too great 
     considering the reality of our interconnected and 
     interdependent world.

  General Alexander is one voice among many. President Obama; the 
nonpartisan Center for Strategic and International Studies Commission 
on Cyber Security; the two Chairmen of the 9/11 Commission, Governor 
Kean and Congressman Hamilton; the Director of National Intelligence, 
General Clapper; the Director of the FBI, Robert Mueller, have all 
echoed a call to action--not sometime in the distant future but now. 
They believe the attack is imminent.
  The attack may not be one that knocks down buildings, starts fires 
that we saw on 9/11, but it will be a different kind of attack, even 
more destructive. The entire national security establishment, including 
leading officials of the Bush and Obama administrations, civilian and 
military leaders, Republicans and Democrats, agree on the urgent need 
to protect this vital infrastructure.

  That is only part of it. Yet some key Republicans continue to argue 
that we should do nothing to secure the critical infrastructure, that 
we should just focus on the military. When virtually every intelligence 
expert says we need to secure the systems that make the lights come on, 
inaction is not an option. A coalition of Democrats and Republicans, 
including the chairman of the Homeland Security Committee, Senator 
Lieberman, and the ranking member, Senator Collins; the chairman of the 
Commerce Committee, Senator Rockefeller--remember, Senator Rockefeller 
was for years chairman of the Intelligence Committee and/or the ranking 
member; Senator Feinstein, now the chair of the Intelligence Committee, 
have joined together and proposed one approach to address the problem. 
It is legislation. It is not something that is theoretical. It is not 
an issue paper. It is legislation.

[[Page S3934]]

  Their bill is an excellent piece of legislation. It has been endorsed 
by many members of the national security community. It is a good 
approach, and it would make our Nation safer. But there are other 
possible solutions to this urgent challenge. Unfortunately, the critics 
of the bill have failed to offer any alternatives to secure our 
Nation's critical infrastructure.
  The longer we argue over how to tackle these problems, the longer our 
powerplants, financial system, and water infrastructure go unprotected. 
Everyone knows this Congress cannot pass laws that do not have broad 
bipartisan support. There are 53 of us, 47 of them. So we will need to 
work together on a bill that addresses the concerns of the lawmakers on 
both sides of the aisle.
  But for that to happen, more of my Republican colleagues need to 
start taking this threat seriously. It is time for them to participate 
productively in the conversation instead of just criticizing the 
current approach. There is room for more good ideas on the table, and I 
welcome the discussion of any Republican generally interested in being 
part of the solution.
  The national security experts agree. We cannot afford to waste any 
more time. The question is not whether to act but how quickly we can 
act. I put everyone on notice. We are going to move to this bill at the 
earliest possible date.