[Congressional Record Volume 161, Number 154 (Wednesday, October 21, 2015)]
[Senate]
[Pages S7374-S7406]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]
CYBERSECURITY INFORMATION SHARING ACT OF 2015
The PRESIDING OFFICER. Under the previous order, the Senate will
resume consideration of S. 754, which the clerk will report.
The legislative clerk read as follows:
A bill (S. 754) to improve cybersecurity in the United
States through enhanced sharing of information about
cybersecurity threats, and for other purposes.
Pending:
Burr/Feinstein amendment No. 2716, in the nature of a
substitute.
Burr (for Cotton) modified amendment No. 2581 (to amendment
No. 2716), to exempt from the capability and process within
the Department of Homeland Security communication between a
private entity and the Federal Bureau of Investigation or the
United States Secret Service regarding cybersecurity threats.
Feinstein (for Coons) modified amendment No. 2552 (to
amendment No. 2716), to modify section 5 to require DHS to
review all cyber threat indicators and countermeasures in
order to remove certain personal information.
Burr (for Flake/Franken) amendment No. 2582 (to amendment
No. 2716), to terminate the provisions of the Act after six
years.
Feinstein (for Franken) modified amendment No. 2612 (to
amendment No. 2716), to improve the definitions of
cybersecurity threat and cyber threat indicator.
Burr (for Heller) modified amendment No. 2548 (to amendment
No. 2716), to protect information that is reasonably believed
to be personal information or information that identifies a
specific person.
Feinstein (for Leahy) modified amendment No. 2587 (to
amendment No. 2716), to strike the FOIA exemption.
Burr (for Paul) modified amendment No. 2564 (to amendment
No. 2716), to prohibit liability immunity to applying to
private entities that break user or privacy agreements with
customers.
Feinstein (for Mikulski/Cardin) amendment No. 2557 (to
amendment No. 2716), to provide amounts necessary for
accelerated cybersecurity in response to data breaches.
Feinstein (for Whitehouse/Graham) modified amendment No.
2626 (to amendment No. 2716), to amend title 18, United
States Code, to protect Americans from cybercrime.
Feinstein (for Wyden) modified amendment No. 2621 (to
amendment No. 2716), to improve the requirements relating to
removal of personal information from cyber threat indicators
before sharing.
Sentencing Reform and Corrections Act
Mr. CORNYN. Mr. President, it is easy for the public and the press to
focus on the issues that divide us in Washington, DC, and around the
country. In fact, in Washington, DC, that is a world-class sport--
focusing on division, the things that separate us, the things where we
clearly can't agree, on occasion--but today I am happy to highlight an
area marked by broad consensus and true bipartisan spirit.
In my time in the Senate I have learned that neither political party
can get what they want done if they try to do it alone. The only way
things happen are when consensus is achieved, and that takes a lot of
hard work, a lot of cooperation, and a lot of collaboration. If your
goal is 100 percent of what you want or nothing, my experience is you
get nothing here.
I know ``compromise'' sometimes is a dirty word in today's lexicon. I
was just rereading a quote from Ronald Reagan, somebody conservatives
look to as an example of the iconic conservative leader. He was pretty
clear that if he could get 75 to 80 percent of what he wanted to
achieve, he would say: I will take it, and I will fight about the rest
of it another day.
But the good news is we have found a way, amidst a lot of the
division and polarization here, to achieve a bipartisan coalition on
some important criminal justice reforms. Last week I stood with a
bipartisan group and introduced the Sentencing Reform and Corrections
Act of 2015. This has literally been years in the making, and it was a
proud and consequential moment for the Senate.
This week we have kept that momentum going. Senator Grassley,
chairman of the Judiciary Committee, held a hearing Monday to discuss
the new bill with various stakeholders, and tomorrow the Judiciary
Committee will vote on sending the bill to the full Senate for
consideration.
This legislation is long overdue and a major step forward for the
country. Similar to other successful efforts--and particularly those
that inform my actions in the Senate--I look to experiences in the
State and what has been tried, tested, and found to work and how it
might apply to our job here at the national level.
Back in 2007, in Austin, legislators were confronting a big problem.
They had a major budget shortfall, an overcrowded prison system, and
high rates of recidivism--repeat criminals--or as one former inmate
referred to himself in Houston the other day at a roundtable I held, he
called himself a frequent flier in the criminal justice system. I think
we all know what he meant. But instead of building more prisons and
hoping that would somehow fix the problem, these leaders in Austin
decided to try a different approach. They scrapped the blueprints for
more prisons, and they went to work developing reforms to help low- and
medium-risk offenders who were willing to take the opportunity to turn
around their lives and become productive members of society.
I think we would have to be pretty naive to say that every criminal
offender who ends up in prison is going to take advantage of these
opportunities. They will not--not all of them will, but some of them
will. Some of them will be remorseful. Some of them will see how they
wasted their life, the damage they have done to their families,
including their children, and they will actually look for an
opportunity to turn around their lives after having made a major
mistake and ending up in our prisons.
In my State, we have a pretty well-deserved reputation for being
tough on crime. I don't think anybody questions that, but we also
realize we need to be smart on crime, and we need to look at how we
achieve the best outcomes for the taxpayers and for the lives which can
be salvaged and made productive through their hard work and the
opportunity we have provided to them. We also realized that even though
incarceration does work--I don't think anybody can dispute the fact
that when somebody is in prison, they are not committing crimes in our
communities and across the country--but here is the rub: One day almost
all of them will be released from prison. The question then is, Will
they be prepared to live a
[[Page S7375]]
productive life or will they be that frequent flier who ends up back in
prison through the turnstile of a criminal life?
So in Texas we improved and increased programs designed to help men
and women to take responsibility for their crimes and to prepare them
for reentry into society. The results were pretty startling. Between
2007 and 2012, our overall rate of incarceration fell by 9.4 percent--
almost 10 percent--the crime rate dropped by 16 percent, and we saved
more than $2 billion worth of taxpayer money and we were able to
shutter three prison facilities in the process.
I wish to return briefly to the crime rate. Former Attorney General
Mukasey, a longtime Federal judge in New York, made the point that it
is not the incarceration rate that measures the success of our
sentencing practices, it is actually the crime rate.
I know there are many people who feel we have overincarcerated, but I
think we need to keep our eye on the ball; that is, on the crime rate.
As a result of these reforms in Texas, our total crime rate dropped by
16 percent, something worth paying attention to, but even more
impressive than these statistics are the stories I have heard from
former inmates who have actually taken advantage of this opportunity to
turn around their lives. They paint a powerful picture of how these
reforms can be used and the potential impact of this legislation across
the country.
Again, nobody is naive enough to think everybody is going to have a
turnaround story and experience like this, but last week I had the
chance to visit with a number of faith-based and nonprofit groups in
Houston this time, as well as some of the former inmates they have
supported--all of whom are helping inmates prepare to reenter society
set up for success rather than failure.
I was particularly struck by the story of one young man by the name
of Emilio Parker. By the time he was 33, Emilio had spent almost half
of his life in prison, including several years in solitary confinement.
He started using drugs at a very early age, and after he became
addicted he found more and more opportunities for crime to feed his
addiction. Spending so much time in prison leaves little chance to
acquire skills to succeed once you are outside, but fortunately for
Emilio he found the support needed in a group called SER-Jobs for
Progress in Houston. SER stands for Service Employment Redevelopment. A
strange acronym, SER, but it is a community group whose mission is to
equip people such as Emilio for the workforce. Their organization has
helped turn around many lives in astounding ways, and Emilio was no
exception.
When he started the job readiness program SER offered, he didn't know
how to turn on a computer, but with their help he graduated with the
program, and it helped put him on a new direction in life--one that did
not include prison.
His success represents the tremendous opportunity we have before us
to enact similar reforms on the Federal level in order to offer
rehabilitation to inmates, reduce crime, and save taxpayers' hard-
earned money.
Part of this legislation is to focus on the people most likely to
take advantage of these opportunities, low- and medium-risk inmates.
Indeed, what we offer them is credit, if they participate in these
programs, to lesser confinement; for example, a halfway house or the
like. These are the folks we believe are most likely to have learned
from their experience in prison and will take advantage of the
opportunity and turn around their lives. High-risk criminals who have
made a life of crime I think are the least likely to take advantage of
these programs and will not be available under this legislation. If it
is successful, we might want to reconsider that and see whether it can
be expanded.
The Sentencing Reform and Corrections Act truly represents how the
Senate was meant to function: in a bipartisan manner that can effect
long-lasting change for the benefit of the American people.
I thank Chairman Grassley for his leadership--this would not have
happened without him--and his commitment to bring us together to
develop a bill that provides needed reforms to our criminal justice
system. This is an extraordinary moment, where we have people on
differing ends of the political spectrum coming together and finding a
place where we can reach consensus.
I am particularly pleased, as I have indicated, that the CORRECTIONS
Act, authored by Senator Sheldon Whitehouse and me, is such a key part
of this package. Pretty much everyone agrees our prisons are
dangerously overcrowded and that recidivism rates--when offenders land
back in prison--are too high. The hard part is coming up with a
solution that addresses these problems and yet breaks the cycle of
reincarceration without jeopardizing public safety. And nothing we are
doing will jeopardize public safety. That should be the litmus test of
anything we do. I do believe this legislation strikes that balance by
building on our experience in Texas and other States across the country
and focusing on rehabilitation for low-level offenders and tough
sentences for hardened criminals.
I know the Presiding Officer, who was attorney general of his State
of Alaska, has had a lot of experience in this area. I remember in law
school one of the things we learned is that one of the goals of our
criminal justice system is to rehabilitate people--to help them turn
around their lives--but over the years we have almost forgotten that. I
think what we have demonstrated by the Texas experience--and other
experience--is that through faith-based volunteers, through job
training, through helping people deal with their drug and alcohol
addiction--which oftentimes exacerbates their problems and puts them
behind bars, like Emilio--we can literally offer a helping hand for
those who will take advantage of it. For those who are truly nonviolent
and low-level offenders, this bill does represent a second chance.
This bill also reforms and improves law enforcement tools, such as
mandatory minimum sentences, without eliminating them or reducing them
across the board. This was a tough negotiation because, in particular,
some of our Senators were focused on sentence reduction, but I have to
say I have been very aware that we can't handle this on an across-the-
board basis. Sentences have to be appropriate for the individual
behavior and misconduct of the defendant themselves, not just some
across-the-board panacea. By targeting those who are most likely to
reoffend and teaching them how to succeed in the real world, we can not
only reduce the crime rate--as our experience has shown in Texas--but
help people turn around their lives and save billions of dollars.
So at a time when the news likes to report the divisions and
polarizations here in Washington--and there are plenty of important
fights, and I am not opposed to fighting for principles, but there are
a lot of areas like this where we can continue to work together
productively. In fact, as I said earlier, the whole system of our
Constitution was designed to force consensus before big decisions such
as this are made. That is the way it should be because any time a
minority or even one political party can force their will on the other
party--as we have seen happen before--it doesn't end well. When our
system works the way it should, by people of good faith coming
together, seeing a problem, trying to come up with a solution, and
working together on a bipartisan basis, our system works very well. I
believe this is a good example.
I look forward to working with all of our colleagues once this bill
is voted out of the Judiciary Committee--which I believe it will be on
Thursday--as we anticipate action here on the floor. Perhaps other
Senators have other ideas that will actually improve the legislation we
have crafted so far, but I do believe the President is amenable to
considering a bill in this area. He has said so publicly. Again, this
is another of those rare opportunities we can have to work together
with the President to try to solve a problem, help save money, and help
people turn around their lives.
I yield the floor.
I suggest the absence of a quorum.
The PRESIDING OFFICER. The clerk will call the roll.
The legislative clerk proceeded to call the roll.
Mr. NELSON. Mr. President, I ask unanimous consent that the order for
the quorum call be rescinded.
[[Page S7376]]
The PRESIDING OFFICER. Without objection, it is so ordered.
Mr. NELSON. Mr. President, I will vote for the cyber security bill.
Obviously, this is a whole new era of attack on our country. On
September 11, 2001, we certainly realized that the two big oceans on
either side of our country that had protected us for centuries--the
Atlantic and the Pacific--no longer provided that protection because we
could see, in the case of 2001, an attack from within. Thus, that
revised so much of our defense strategy.
Now we see the other kind of attack from within that is stealthy,
insidious, and it is constant because the cyber attacks are coming to
the U.S. Government as well as the U.S. industry, the business
community, and U.S. citizens. The threat of cyber attack is vast and it
is varied, from cyber criminals who steal personal information such as
credit card and Social Security numbers, to foreign governments or
state-sponsored groups that steal sensitive national security
information, that steal our intellectual property, and that put at risk
our economy and critical infrastructure.
I want to give one example of obtaining Social Security numbers
through cyber attacks or through other means. What we found in Tampa,
FL, is that street crime actually subsided because the criminals had
figured that either by cyber attacks or by other means of getting
Social Security numbers, they could file false income tax returns and
request refunds. So with a laptop, they could do what they had done
previously by breaking into and entering someone's home to steal money,
and it was so much easier. And that is just one small example, but just
the theft of security numbers, which they use on false income tax
returns--we think that is an attack which is costing the U.S.
Government, in income tax, at least $5 billion a year.
We have heard all about these attacks. Some of us in the Senate have
been affected by these attacks. How many times have we heard that
hackers have stolen our names, our addresses, our credit card numbers?
Look what the hackers did to 40 million Target customers and 56 million
Home Depot customers. They accessed checking and savings account
information of 76 million J.P. Morgan Bank customers. They stole the
personal information of 80 million customers of the health insurance
company Anthem. Those are a few examples. Target, Home Depot, J.P.
Morgan, Anthem--that is just a handful of examples. Also, remember that
North Korea hacked Sony. Iran hacked the Sands Casino. China hacked the
U.S. Government Office of Personnel Management. They have your
information and they have my information because our information is
with the Office of Personnel Management.
The attacks keep coming. We are hearing from homeland security,
defense, intelligence, and private sector leaders that we have to take
this threat seriously and do something about it.
I must say that it was one of the most frustrating things for this
Senator, as a former member of the Senate Intelligence Committee, when
we were trying to pass this very same bill 3 and 4 years ago and the
business community, as represented by the U.S. Chamber of Commerce,
wanted nothing to do with it because they thought it was an invasion of
their privacy. Times have changed, and the hacking continues.
We see that finally we are able to get through and put together a
bill on which I think we can get broad support from many different
groups that are concerned about privacy and about sharing of
information in the business community. This bill provides the means for
the government and the private sector to share cyber threat information
while taking care to protect the personal information and privacy of
our people. We all face the same threat, and our adversaries use
similar malware and techniques. Sharing information is critical to our
overall cyber security.
What this does is it directs the Director of National Intelligence,
working with other agencies and building on the information sharing
that is already taking place, to put cyber threat information in the
hands of the private sector to help protect businesses and individuals.
It authorizes private companies to monitor and defend their networks
and share with each other and the government at all levels the cyber
threats and attacks--all levels of government: State, local, tribal,
and Federal. This is a point of contention because these activities are
strictly voluntary. That is part of the problem we had 3 and 4 years
ago in trying to enact this legislation. It is strictly voluntary,
limited to cyber security purposes, and subject to reasonable
restrictions and privacy protections.
The bill also creates the legal certainty and incentives needed to
promote further sharing of information.
So what the legislation does is it sets up a hub or a portal inside
the Department of Homeland Security where cyber threat information
comes in, it is scrubbed of irrelevant personal information, and then
it is shared inside and outside the government quickly and efficiently
because, after all, if you have a cyber attack somewhere in America
that suddenly has the opportunity to explode in its application, you
have to have a central point at which you can coordinate that cyber
attack. That is what this portal, this hub in the Department of
Homeland Security is set up to do.
This Senator feels that this bill balances the urgent need to address
the threat of continued cyber attacks with privacy concerns. As the
vice chair of the Intelligence Committee said yesterday, this bill is
just the first step.
I am delighted that Senator Feinstein just walked onto the floor of
the Senate. I am quoting what the Senator said yesterday: We can and we
ought to do more to improve our Nation's cyber security.
I say through the Chair to the distinguished senior Senator from
California that I have shared with the Senate my frustration over the
last 4 years, as a former member of the Senate Intelligence Committee,
that it was so hard to get people to come together. But now, finally,
even though it is voluntary, we at least have a point at which, when a
cyber attack comes somewhere in America, we can centralize that, it can
be scrubbed of private information, and then it can be shared in our
multiplicity of levels of government and the private sector to help
defend against the cyber attacks.
These cyber attacks are coming every day. They are relentless. If we
don't watch out, what is going to happen has already happened to
someone and it is going to be happening to innumerable American
businesses. I strongly urge the Senate to pass this legislation.
Since the senior Senator from California is on the floor, I wish to
take this opportunity to thank her for her perspicacity, her patience,
and her stick-to-itiveness. Finally, 4 years later, it is here, and we
are going to pass it this week. I thank the Senator from California.
Mr. President, I yield the floor.
The PRESIDING OFFICER. The Senator from California.
Mrs. FEINSTEIN. Mr. President, I would like to respond to what the
distinguished Senator from Florida said.
Senator, you know what a pleasure it was to have you on the
intelligence committee. I think you understand the time that we have
spent to get this bill done, which is now about 6 years, and to take
this first step, not because it is a perfect step but because it is a
first step that is voluntary, with new authorities that people and
companies can use if they want to, and if they don't want to, they
don't have to. If they want to, it can be effective in enabling
companies to share cyber security information and therefore protect
themselves. I know you understand this. I am so grateful for that
understanding and for your help.
Mr. NELSON. Mr. President, will the Senator yield for a question?
Mrs. FEINSTEIN. I will.
Mr. NELSON. Will the Senator share her thoughts with the Senate about
how the Nation's national security defense depends on us being able--we
have the guns, the tanks, the airplanes, the missiles, and all of that,
but there is a new type of threat against the very security of this
Nation, and this legislation is a first step.
Mrs. FEINSTEIN. I can try to. I remember that in 2008 there were two
significant cyber bank robberies: the Royal Bank of Scotland, I think
for $8 million, and Citibank for $10 million. This was not public right
away because nobody wanted it known. Then you see the more recent
attacks of Aramco
[[Page S7377]]
being taken down, Sony, and it goes on and on. The information is not
often shared publicly by companies who should be asking: This happened
to our company; can you share anything that might help us handle this?
That kind of thing doesn't happen because everybody is afraid of
liability, and so it is very concerning.
I remember when Joe Lieberman was chairman of the homeland security
committee, which had a bill. As the Senator will remember, we had the
information sharing part of that bill, and we sat down with the U.S.
Chamber of Commerce, I believe on three occasions, to try to work out
differences, and we couldn't. The U.S. Chamber of Commerce is massive
and all over the United States. It includes small businesses, medium-
sized businesses, and some big businesses, and there was deep concern
among its members. That took years to work out.
Finally, the Senate may be ready to take a first step, and this first
step is to permit the voluntary sharing of cyber information, which, if
it is stripped of private data, will be protected with liability
immunity and protected because it goes through a single DHS portal and
doesn't go directly to the intelligence community, which was a big
concern to the private community. All of this has been worked out in
order to try to come up with a basis for taking this first step.
I am sorry the Senator is no longer on our committee because my
friend was really a great asset, and Florida is lucky to have my friend
and colleague as their Senator.
This is just the beginning. All of the iterations on this cyber
legislation have been bipartisan, so that has to say something to
people. We have learned as we have done the drafting on this, and we
have very good staff who are technically proficient. So they know what
can work and what can't work.
I hope I have answered that question from the Senator from Florida.
If I can, I will go on and make some remarks on the managers'
amendment.
Yesterday Senator Burr and I spoke on this floor to describe the
Cybersecurity Information Sharing Act of 2015, which is now the pending
business. Senator Burr filed a managers' package on behalf of both of
us, and I will quickly run through that package.
This amendment is the product of bipartisan negotiations over the
past several weeks within the Intelligence Committee and with sponsors
of other amendments to the bill. The managers' amendment makes several
key changes to the bill to clarify authorization language, improve
privacy protections, and make technical changes. It also--and I think
this is of note--includes the text of 14 separate amendments. Those
amendments were offered by our colleagues and I am pleased that we are
able to add them to this legislation.
In sum, this amendment has two main components. It makes important
changes to the bill that we announced in August to address privacy
concerns about the legislation. Second, it includes several amendments
authored by our colleagues that had agreement on both sides of the
aisle. I will run through these amendments that will be part of the
managers' package, and I do so hopefully to reassure Members that these
are positive amendments.
First, it eliminates a provision on government use of cyber
information on noncyber crime. The managers' amendment eliminates a
provision in the committee-passed bill that would have allowed the
government to use cyber information to investigate and prosecute
``serious violent felonies.'' Eliminating this provision is a very
significant privacy change. We made this change because it has been a
top bipartisan concern and the provision had been used by privacy
groups to claim that this is a surveillance bill. As the chairman made
clear on the floor yesterday, it is not. One of the reasons it is not
is because it prohibits the government from using information for
crimes unrelated to cyber security.
Let me be clear. The chairman said it, and I will say it today. This
is not a surveillance bill. We have eliminated this provision and
helped, I believe, to eliminate these concerns. So, please, let us not
speak of this bill as something that it isn't.
Second, it limits the authorization to share cyber threat information
to cyber security purposes. The managers' amendment limits the
authorization for sharing cyber threat information provided in the bill
to sharing for cyber security purposes only. This is another
significant privacy change, and it has been another top bipartisan and
privacy group concern.
Third, it eliminates a new FOIA exemption. The managers' amendment
eliminated the creation of a new exemption in the Freedom of
Information Act specific to cyber information that was in the
committee-passed bill. Cyber threat indicators and defensive measures
shared in accordance with the bill's procedures would still be eligible
for existing FOIA exemptions, but it doesn't add new ones.
Four, it ensures that defensive measures are properly limited. The
bill allows a company to take measures to defend itself, as one might
expect, and the managers' amendment clarifies that the authorization to
employ defensive measures does not allow an entity to gain unauthorized
access to a computer network.
Five, it includes the Secretary of Homeland Security as coauthor of
the government-sharing guidelines. The managers' amendment directs both
the Attorney General and the Secretary of Homeland Security, rather
than solely just the Attorney General, to develop policies and
procedures to govern how the government quickly and appropriately
shares information about cyber threats. That should be a no-brainer.
Six, it clarifies exceptions to the Department of Homeland Security's
so-called portal. The managers' amendment clarifies the types of cyber
information sharing that are permitted to occur outside the DHS portal
created by the bill. Specifically, the bill narrows communications
outside of the Department of Homeland Security portal regarding
previously shared cyber threat information.
Seven, it requires procedures for notifying U.S. persons whose
personal information has been shared by a Federal entity in violation
of the bill. The managers' amendment adds a modified version of Wyden
amendment No. 2622, which requires the government to write procedures
for notifying U.S. persons whose personal information is known or
determined to have been shared by the Federal Government in a manner
inconsistent with this act.
Eight, it clarifies the real-time automated process for sharing
through the DHS portal. Here the managers' amendment adds a modified
version of the Carper amendment No. 2615, which clarifies that there
may be situations under which the automated real-time process of the
DHS portal may result in very limited instances of delay, modification
or other action due to the controls established for the process. The
clarification requires that all appropriate Federal entities agree in
advance to the filters, fields or other aspects of the automated
sharing system before such delays, modifications or other actions are
permitted.
Senator Carper has played a very positive role on this issue. He is
the ranking member on the homeland security committee. He sat down with
both Senator Burr and me earlier this year. He has proposed some very
good changes, and this is one of them, which is in the managers'
package.
Also, the clarification ensures that such agreed-upon delays will
apply across the board uniformly to all appropriate Federal entities,
including the Department of Homeland Security.
This was an important change for both Senator Carper and Senator
Coons and for the Department of Homeland Security. I am pleased we were
able to reach agreement on it. Essentially, it will allow a fast real-
time filter--and I understand this can be done--that will do an
additional scrub of information going through that portal before the
cyber information goes to other departments to take out anything that
might be related to personal information, such as a driver's license
number, an account, a Social Security number or whatever it may be. DHS
believes they can put together the technology to be able to do that
scrub in as close to real time as possible.
This should be very meaningful to the privacy community, and I really
hope it is meaningful because I want to believe that their actions are
not just to try to defeat this bill, but that their actions really are
to make the bill better. If I am right, this is a very important
addition.
[[Page S7378]]
Again, I thank Senator Carper and Senator Coons, and I also thank the
chairman for agreeing to put this in.
Nine, it clarifies that private entities are not required to share
information with the Federal Government or another private entity. This
is clear now. This amendment adds the Flake amendment No. 2580, which
reinforces this bill's core voluntary nature by clarifying that private
entities are not required to share information with the Federal
Government or another private entity.
In other words, if you don't like the bill, you don't have to do it.
So it is hard for me to understand why companies are saying they can't
support the bill at this time. There is no reason not to support it
because they don't have to do anything. There are companies by the
hundreds, if not thousands, that want to participate in this, and this
we know.
Ten, it adds a Federal cyber security enhancement title. The
managers' amendment adds a modified version of another Carper
amendment, which is No. 2627, the Federal Cybersecurity Enhancement Act
of 2015, as a new title II of the cyber bill. The amendment seeks to
improve Federal network security and authorize and enhance an existing
intrusion detection and prevention system for civilian Federal
networks.
Eleventh, we add a study on mobile device security. The managers'
amendment adds a modified version of the Coats amendment No. 2604,
which requires the Secretary of Homeland Security to carry out a study
and report to Congress on the cyber security threats to mobile devices
of the Federal Government.
I wish to thank Senator Coats, who is a distinguished member of the
Intelligence Committee and understands this bill well, for this
amendment.
Twelfth, it adds a requirement for the Secretary of State to produce
an international cyber space policy strategy. The managers' amendment
adds Gardner/Cardin amendment No. 2631, which requires the Secretary of
State to produce a comprehensive strategy focused on United States
international policy with regard to cyber space.
It is about time we do something like this. I am personally grateful
to both Senators Gardner and Cardin for this amendment.
Thirteenth, the managers' amendment adds a reporting provision
concerning the apprehension and prosecution of international cyber
criminals. The managers' amendment adds a modified version of Kirk-
Gillibrand amendment No. 2603, which requires the Secretary of State to
engage in consultations with the appropriate government officials of
any country in which one or more cyber criminals are physically present
and to submit an annual report to appropriate congressional committees
on such cyber criminals.
It is about time that we get to the point where we can begin to make
public more about cyber attacks from abroad because it is venal, it is
startling, it is continuing, and in its continuation, it is growing
into a real monster. Let there be no doubt about that.
Fourteenth, it improves the contents of the biennial report on
implementation of the bill. The managers' amendment adds a modified
version of the Tester amendment No. 2632, which requires detailed
reporting on, No. 1, the number of cyber threat indicators received
under the DHS portal process--good, let's know--and, No. 2, the number
of times information shared under this bill is used to prosecute
certain cyber criminals. If we can catch them, we should. We should
know when prosecutions are made. Then, No. 3 is the number of notices
that were issued, if any, for a failure to remove personal information
in accordance with the requirements of this bill.
Mr. President, I am spending a great deal of time on these details
because there are rumors beginning to circulate that the bill does this
or does that, which are not correct. This managers' package is a major
effort to encapsulate what Members on both sides had concerns about.
And I think the numbers of Republican and Democratic amendments that
are incorporated are about equal.
Fifteenth, this managers' amendment improves the periodic sharing of
cyber security best practices with a focus on small businesses. The
managers' amendment adds the Shaheen amendment No. 2597, which promotes
the periodic sharing of cyber security best practices that are
developed in order to assist small businesses as they improve their
cyber security.
I think this is an excellent amendment and Senator Shaheen should be
commended.
Sixteenth, the managers' amendment adds a Federal cyber security
workforce assessment title. The managers' amendment adds Bennet-Portman
amendment No. 2558, the Federal Cybersecurity Workforce Assessment Act,
as a new title III to this bill. The title addresses the need to
recruit a highly qualified cyber workforce across the Federal
Government.
There are just a few more, but, again, I do this to show--and the
chairman is here--that we have listened to the concerns from our
colleagues and we have tried to address them, so nobody should feel we
are ramming through a bill and that we haven't considered the views
from others. The managers' amendment is, in fact, a major change to the
bill that reflects this collegial--sometimes a little more exercised,
but collegial--discussion. Does the chairman agree?
Mr. BURR. Mr. President, I appreciate the opportunity to say that I
totally agree. The vice chairman and I have worked aggressively for the
entirety of the year where we had differences, and we found ways to
bridge those differences, where we heard from Members, where we heard
from associations, where we heard from businesses. We worked with them
to try to accommodate their wishes, as long as it stayed within the
spirit of what we were trying to accomplish, which is information
sharing in a voluntary capacity.
The vice chair and I came to the floor yesterday and said if an
amendment--if an initiative falls outside of that, then we will stand
up and oppose it because we understand the role this legislation should
play in the process.
The vice chairman said this is the first step. I don't want to scare
Members, but there are some other steps. We are not sure what they are
today or we would be on the floor suggesting those, but if we can't
take the first step, then it is hard to figure out what the next and
the next and the next are. So I am committed to continuing to work with
the vice chairman and, more importantly, with all Members to
incorporate their great suggestions as long as we all stay headed in
the same direction, and I know the vice chairman and I are doing that.
Mrs. FEINSTEIN. Mr. President, I thank the chairman very much. If I
may, through the Chair, I want the chairman to know how much I
appreciate this tack he has taken to be flexible and willing throughout
this process, which extends into this managers' package. So I believe--
I truly believe--what we have come up with in this managers' package
and what Members have contributed to it makes it a better cyber bill. I
know the chairman feels the same way. We can just march on shoulder to
shoulder and hopefully get this done.
I will finish up the few other items I have to discuss because I want
people who have concerns to listen to what is being said because these
changes have a major impact on the bill.
Next, No. 17 establishes a process by which data on cyber security
risks or incidents involving emergency response information systems can
be reported. The managers' amendment adds Heitkamp amendment No. 2555,
which requires the Secretary of Homeland Security to establish a
process by which a statewide interoperability coordinator may report
data on any cyber security risk or incident involving emergency
response information systems or networks. This is a process for
reporting, and certainly we need to know more.
Next, No. 18 requires a report on the preparedness of the health care
industry to respond to cyber security threats, and the Secretary of
Health and Human Services to establish a health care industry cyber
security task force. The managers' amendment adds Alexander-Murray
amendment No. 2719. This is a reporting requirement to improve the
cyber security posture of the health care industry.
I don't think anyone wants to have their health care data hacked
into. This is deeply personal material and it should be inviolate.
[[Page S7379]]
The provision requires the Secretary of Health and Human Services to
submit a report to Congress on the preparedness of the health care
industry to respond to cyber security threats. If we really want to
help protect health care information, we have to know what is going on,
and that is what this amendment enables. It also requires the Secretary
to establish a health care industry cyber security task force.
Next is No. 19, which requires new reports by inspectors general. The
managers' amendment adds a modified version of the Hatch amendment No.
2712, which requires relevant agency inspectors general to file reports
with appropriate committees on the logical access standards and
controls within their agencies.
Let's know what standards and what controls they have. I think it is
a very prudent request of the Senator from Utah, and I am glad we were
able to include it.
Next is No. 20, which adds a requirement for the DHS Secretary to
develop a strategy to protect critical infrastructure at the greatest
risk of a cybersecurity attack. The managers' amendment adds the
Collins amendment No. 2623, which requires DHS to identify critical
infrastructure entities at the greatest risk of a catastrophic cyber
security incident.
This is where we have had a number of concerns recently. The
chairman's staff and my staff are working on this. Remember, this is a
voluntary bill, and we do not want any language that might be
interpreted to imply that this is not a voluntary bill. I know Senator
Collins has a lot of knowledge of this area, and I believe we are going
to be able to work this out.
This amendment does not convey any new authorities to the Secretary
of Homeland Security to require that critical infrastructure owners and
operators take action, nor does it mandate reporting to the Federal
Government. Its intent, which I applaud, is for the government to have
a better understanding of those critical infrastructure companies that,
if hacked, could cause extremely significant damage to our Nation.
In conclusion, I would like to thank my colleagues for their
thoughtful and helpful amendments. I am pleased that we have such a
fulsome managers' package. I believe this managers' package strengthens
our bill. It adds important clarifications, including meaningful
privacy protections, it does not do operational harm, and it further
improves the strong bill that the Intelligence Committee passed by a
strong vote of 14 to 1 earlier this year.
I wanted to do this so that all Members know what is in the managers'
package, and both the chairman and I believe that these additions are
in the best interests of making a good bill even better.
I thank the Presiding Officer, and I yield the floor.
The PRESIDING OFFICER (Mr. Sasse). The Senator from Alaska.
Mr. SULLIVAN. Mr. President, I wish to acknowledge the remarks of the
distinguished Senator from California and the Senator from North
Carolina, and I thank them for their important work on the cyber bill.
I know we are going to be discussing a lot of that, and why it is
important to our national security.
National Defense Authorization Act
This afternoon I wish to talk about another important bill that is
moving its way through the process of becoming law, and that is the
National Defense Authorization Act, the NDAA.
As did many of my colleagues, I spent last week back home in my great
State of Alaska. In Alaska, it is hard not to see the strength and
pride in our military everywhere, every day, everywhere we go. I will
provide a few examples.
We have what is called the Alaska Federation of Natives Convention,
an annual convention that we have with a very important group of
Alaskans. The theme this year was ``Heroes Among Us'' at the
convention. It was about heroes among us because Alaskan Natives serve
in the U.S. military at higher rates than any other ethnic group in the
country--a real special kind of patriotism. I had the honor, really, to
meet dozens of these great veterans from all kinds of wars. I met
veterans from World War II, the Attu campaign. A lot of Americans don't
realize that Alaska was actually invaded by the Japanese and we had to
fight to eject them from the Aleutian Islands. I met veterans from the
Philippines campaign under General MacArthur. I met veterans from the
Korean war who served at the Chosin Reservoir. I had a great
opportunity to meet an Honor Flight coming back from Washington, our
veterans from World War II, Korea. Of course, just walking around
Anchorage you see and hear military members training all the time. We
have a great base, JBER, with F-22s ripping through the sky, our
military members keeping us safe. That sound is what we call in Alaska
the sound of freedom, when you hear those jets roaring. It is
everywhere.
In Alaska, we love our veterans and our military. We honor them. We
know that providing for the national defense of our great nation,
taking care of our troops, and taking care of our veterans is certainly
one of the most important things we do in the Senate. Of course, it is
not just Alaska. I am sure when the Presiding Officer was home in the
great State of Nebraska there was the same patriotic feeling of
supporting our troops and the importance of our national defense.
For the most part, that feeling exists here in Washington. I have
been honored to sit on two committees that focus on these issues a lot:
on the Armed Services Committee and Veterans' Affairs Committee. These
are very bipartisan committees and where support for our national
defense, our troops, and our veterans is across the board on both sides
of the aisle--no doubt about it. But I do say ``for the most part''
because, as the Presiding Officer knows, nothing is truly as it seems
in Washington, DC.
I have spoken on the floor, as a number of Senators have, about what
motivated a number of us last year to actually throw our hat in the
ring and run for the U.S. Senate. Like the Presiding Officer, I know a
lot of us were concerned about the country going in the wrong
direction, about a dysfunction in Washington, about a government that
has run up an $18 trillion debt, no economic growth, our credit rating
being downgraded, no amendments being brought to the Senate floor, no
budget for the Federal Government attempted, no appropriations bills
attempted for years. The most deliberative body in the world was
certainly a body that had been shut down, and a lot of us saw a need to
change that.
So we are starting to change that. We are back to regular order. We
are talking about debating bills. There have been dozens, if not
hundreds, of amendments already this year--last year there were only 14
amendments--and we passed a budget. We passed 12 appropriations bills
to fund the government--very bipartisan--and we are focusing on the
issues, whether it is cyber security, defense or taking care of our
veterans, something the vast majority of the American people want us to
focus on.
For example, we brought to the floor two critical appropriations
bills just a couple of months ago--the Defense appropriations bill and
the Military Construction and Veterans Affairs bill. These passed out
of the Appropriations Committee by huge bipartisan majorities, 27 to 3
on the Defense appropriations bill and 21 to 9 on the Military
Construction and Veterans Affairs bill. This is what the American
people want us to do--get back to regular order, fund the government,
and put together a budget. So far, so good. That is what we are called
to do.
Here is where the dysfunction of Washington, DC, began to rear its
head again: These bills that are critical to our troops, our defense,
and our veterans--all with strong bipartisan support in committee--were
brought to the floor of the Senate and they were filibustered. They
were filibustered. The bill to fund our military, that funds our
national defense and takes care of our veterans was filibustered--
blocked--stopped by our friends on the other side of the aisle. I am
not sure why. I still don't know why. As a matter of fact, I haven't
seen anyone who actually voted to filibuster these important bills come
down to the Senate floor and say: Here is why we voted against funding
our troops. Here is why we voted against funding our veterans.
I think the overwhelming majority of Americans, regardless of what
State they live in, would say: No, no, no. You need to vote for these
bills that are funding our military, veterans, and national defense.
That is one of the most
[[Page S7380]]
important things we want you to do. The bottom line on those votes is
that our troops, our veterans, and our national defense were
shortchanged because they didn't get funded.
Let me move on to the Defense authorization bill, what I want to talk
about today. This is an annual undertaking that sets the policies,
programs, and defense strategy for our military. It also authorizes
spending on national defense and our military. Again, it is certainly
one of the most important tasks this body does, and I think most
Senators on both sides of the aisle would agree with that.
Once again, as with the appropriations bill, we were working closely
together on a bipartisan basis. I was on the Armed Services Committee
and this moved through the committee and it was very bipartisan. It was
voted out on a strong bipartisan vote to come to the floor. I commend
Chairman McCain, who did a great job on that as the chairman of the
Armed Services Committee, and Ranking Member Reed of Rhode Island did a
fantastic job. I must admit that this Senator feared a little bit of a
replay in terms of the scenario we saw with the appropriations bill--
meaning strong bipartisan support out of the committee and then coming
to the Senate floor and being filibustered. I feared this, in part,
because at one point during the Defense authorization debate the
minority leader came and stated that the Defense authorization bill was
``a waste of time.''
A waste of time? Tell that to the marines, the soldiers, the airmen,
the sailors, and their families--those members of the military who are
defending our country right now--that this bill was a waste of time. I
guarantee they would not agree with that statement. Fortunately,
neither did the Senate. To the contrary, the Senate has now voted on
the Defense authorization bill twice, once as an original bill and once
as part of a conference report with very strong bipartisan and veto-
proof majorities, with 71 Senators the first time around and 73 when we
voted on it a couple of weeks ago. I mention the phrase ``veto-proof
majority'' because incredibly the President of the United States, the
Commander in Chief, has said he is going to veto this bill when it
comes to his desk. It was just sent to him yesterday.
I don't know how the Commander in Chief is going to explain that to
the troops or to their families or to the American people or to the 73
Senators who voted for that bill. It is important to recognize that
although we may think this is all inside Washington and no one is
really following it, something like this impacts morale when the
Commander in Chief is saying: Hey, troops, I am going to veto this.
This is a copy of the Marine Corps Times. I subscribe and read the
Marine Corps Times. A lot of marines and members of the military read
this all over the world. Guaranteed, our men and women deployed
overseas read the Marine Corps Times. In this edition there is an
article about how President Obama has vowed to veto the Defense
authorization bill. We have marines fighting overseas who are reading
this, and they are not getting it.
This week in the Marine Corps Times:
The MOAA [Military Officers Association of America] and
other military advocacy groups have argued against the
presidential veto, calling the legislation a critical policy
measure that cannot be delayed. The measure has been signed
into law in each of the last 53 years, and includes a host of
other specialty pay and bonus reauthorizations.
In a statement from MOAA officials in this article that thousands of
our Active-Duty troops are reading:
The fact is that we are still a nation at war, and this
legislation is vital to fulfilling wartime requirements.
There comes a time when this year's legislative business must
be completed, and remaining disagreements left to be
addressed next year.
To govern is to choose. To govern is to prioritize.
President Obama's administration has spent years negotiating the Iran
deal and this body spent weeks debating the President's Iran deal. We
put a lot of time into it, and the President's administration put an
enormous amount of time into it.
On the Iran deal, part of the hope from Secretary Kerry, the
President, and others was that once it got passed by the U.S.
Congress--by the way, on a partisan minority vote--that Iran would
somehow start to change its behavior and say: Look, America is someone
we want to partner with.
Since the Senate passed the Iran deal, let's see what has happened.
Iran has sent troops to Syria. Iran has backed Hamas, which is now
engaging in knife-murdering attacks against Israelis. The Iranian
leader has stated that Israel shouldn't exist within the next 25 years.
Iran has violated the U.N. Security Council ballistic missile
resolutions, and this Senator and many others think Iran has already
violated the deal by firing ballistic missiles with a range of 1,000
miles. Iran has sentenced an American reporter for the Washington Post
for spying. I don't think the behavior that a lot of the supporters for
this deal anticipated is happening.
More broadly, I think it is important to put into context what is
going on with our national security, the NDAA, the moving forward with
the Iran deal, and the President's threat to veto the NDAA. The
President's Iran deal, once implemented, will be giving tens of
billions of dollars to Iran, the world's biggest state sponsor of
terrorism--but the President threatens to veto the Defense bill that
actually funds our military. The President's Iran deal will lift
sanctions on Iranian leaders such as General Soleimani, who literally
has the blood of American soldiers on his hands--but the President
threatens to veto U.S. troop pay bonuses and improved military
retirement benefits. The President's Iran deal gives Iran access to
conventional weapons, ballistic missile technology, and advanced
nuclear centrifuges--but the President threatens to veto funding for
advanced weapons systems for our Armed Forces. Finally, the President's
Iran deal certainly is going to allow more funding for terrorist groups
like Hezbollah and Hamas--but the President is threatening to veto a
bill that provides additional resources for our troops to fight
terrorists such as ISIS.
To govern is to choose. To govern is to prioritize. Has it really
come to the point where the White House is more focused on freeing up
funds for Iranian terrorists than funding America's brave men and women
in uniform? I certainly hope not.
I ask all of my fellow Senators who voted for this bill in a very
strong bipartisan way and my fellow Alaskans and Americans to reach out
to the White House. Let them know that you oppose the President's veto
of this bill.
What we need is a strong military, particularly now. We need to
support our troops and our veterans, and we need President Obama to
sign--not veto--this bill which is critical to our national defense.
I yield the floor.
The PRESIDING OFFICER. The Senator from Maryland.
Mr. CARDIN. Mr. President, I ask unanimous consent to speak as in
morning business.
The PRESIDING OFFICER. Without objection, it is so ordered.
43rd Anniversary of the Clean Water Act and EPA's Clean Water Rule
Mr. CARDIN. Mr. President, this past Sunday was the 43rd anniversary
of the enactment of the Clean Water Act. In 1972, the Clean Water Act
amended the Federal Water Pollution Control Act, which was the first
major U.S. law to address water pollution. This law was enacted with
bipartisan support--I could really say on a nonpartisan issue--because
the Congress in 1972 and the administration recognized that clean water
was in our national interest. It was important to our public health, it
was important to our environment, and it was important to our economy.
This law established the basic structure for regulating pollutant
discharges into the waters of the United States, and it has been the
cornerstone of our efforts to protect our Nation's waterways.
Several times we have done cost analysis of the cost of regulation
versus the benefit of clean water. It is overwhelmingly on the side of
the benefit to our community, better health, better environment, and a
better economy. On this occasion I would like to speak about the recent
efforts to protect America's waterways, such as the EPA's final clean
water rule, and why we should defend these efforts and allow nationwide
implementation.
In May, the EPA released their final clean water rule, which
completed another chapter in the Clean Water Act's
[[Page S7381]]
history. As the Clean Water Act worked to restore the health of our
Nation's water resources, we saw the U.S. economy grow, demonstrating
that America does not have to choose between the environment and a
robust economy. A clean environment helped build a robust economy.
Two Supreme Court decisions, however, call on the EPA and the Army
Corps to clarify the definitions of the waters of the United States.
The EPA's final rule restores some long overdue regulatory certainty to
the Clean Water Act. I might tell you, in reviewing this rule, it
basically reestablishes the longstanding understanding of what were the
waters of the United States and what was subject to regulation.
This rule allows the Clean Water Act to continue its important
function of restoring the health of our Nation's waters. The rule
became effective this August, but immediately following the
implementation and on this anniversary, there have been unprecedented
attacks on the final rule. As the rule came out, a Federal district
court in North Dakota granted a preliminary injunction, blocking its
implementation.
The EPA continued to implement the rule in all States but the 13
States that filed the suit that led to the injunction. However, in
October, the U.S. Court of Appeals for the Sixth Circuit decided to
stay the implementation of the rule for the entire country. This
attempt to overturn the clean water rule is dangerous, shortsighted,
and a step away from good governance, public health, and commonsense
environmental protection.
Let me tell you what is at risk. What is at risk are our Nation's
streams and 200 million acres of wetlands. Over half of our streams and
over 200 million acres of wetland are now at risk of not being under
regulation under the Clean Water Act.
These protections are needed for drinking supplies for one out of
every three Americans. I am very concerned about the impact on all
States, but let me just talk for a moment, if I might, about my own
State of Maryland. Marylanders rely upon our water as part of our life.
We live on the water. Seventy percent of Marylanders live in coastal
areas. We depend upon clean water. We are particularly concerned about
our drinking supply of water as well as the health of the Chesapeake
Bay.
We are at risk with the waters of the United States confusion out
there because of the Supreme Court decisions and now the stay of this
rule by the court. The Clean Water Act and EPA's final rules are
essential to the health of the Chesapeake Bay. Wetland protections are
especially critical to the Chesapeake Bay because the wetlands soak up
harmful nutrient pollution.
This past Monday, I was in Howard County at a NOAA announcement of
the Chesapeake Bay B-WET grant. These are bay, watershed, education,
and training funds. These are small dollars that go to institutions to
help educate our children. In this case, the Howard County Conservancy
received a grant because they bring all of the students from the Howard
County public schools to an outdoor experience to rate and judge the
streams in our community.
The streams, of course, flow into the Chesapeake Bay. They are giving
us a report card. I must tell you, that report card is not going to be
as good as it should be. Without the protections in the Clean Water
Act, it is going to be more difficult to meet the goals we need to in
order to protect the Chesapeake Bay and all of the watersheds in this
country for future generations.
The health of the bay is closely linked to upstream water quality and
the restoration and protection of headwaters. It should go without
saying that these waters are located in States beyond Maryland's
borders. Improvements to upstream water quality are positively
correlated with the water quality of the bay. We need a national
program. That is what the Clean Water Act is. It is a national
commitment because we know that the watersheds go beyond State borders.
In Maryland, we set up the Chesapeake Bay Partnership. Yes, Virginia
and Maryland are working together, but we also have the cooperation of
Pennsylvania, of New York, of West Virginia, of Delaware. Why? Because
these States contribute to the water supplies going into the Chesapeake
Bay. We need to protect these waters.
Protecting of America's waters is critically important to public
health. So what is at stake here? What is at stake if we derail the
clean water rule? The public health of the people of Maryland and all
States around this country. Public health and the environment in my
State and the States of my colleagues have become seriously at risk
from this decision that hinders this essential commonsense guidance.
I hope the court moves swiftly to affirm the rule in its final
decision and restores the invaluable protections needed for the
drinking supplies of one out of every three Americans. As we recognize
the anniversary of the Clean Water Act, I want us to continue to defend
this Nation's waters from pollution. This act ensures that every
citizen receives the clean water they need and deserve.
The EPA's final clean water rule provides further regulatory clarity
that we need to ensure the health of our water resources. I urge my
colleagues to continue to defend and fight for clean water as we
recognize the 43rd anniversary of the Clean Water Act. Every Congress
should, as its legacy, add to the protections that we provide for clean
water in this country. That should be the legacy of every Congress, but
we certainly don't want to hinder that record. Therefore, we need to
implement the EPA's clean water rule nationwide. I urge my colleagues
to support such action.
I yield the floor.
The PRESIDING OFFICER. The Senator from California.
Amendment No. 2612, as Modified
Mrs. FEINSTEIN. Mr. President, I call for the regular order with
respect to the Franken amendment No. 2612.
The PRESIDING OFFICER. The amendment is now pending.
Amendment No. 2612, as Further Modified
Mrs. FEINSTEIN. Mr. President, I ask that the amendment be further
modified to correct the instruction line in the amendment.
The PRESIDING OFFICER. The amendment is so further modified.
The amendment, as further modified, is as follows:
Beginning on page 4, strike line 9 and all that follows
through page 5, line 21, and insert the following:
system that is reasonably likely to result in an unauthorized
effort to adversely impact the security, availability,
confidentiality, or integrity of an information system or
information that is stored on, processed by, or transiting an
information system.
(B) Exclusion.--The term ``cybersecurity threat'' does not
include any action that solely involves a violation of a
consumer term of service or a consumer licensing agreement.
(6) Cyber threat indicator.--The term ``cyber threat
indicator'' means information that is necessary to describe
or identify--
(A) malicious reconnaissance, including anomalous patterns
of communications that appear to be transmitted for the
purpose of gathering technical information related to a
cybersecurity threat or security vulnerability;
(B) a method of defeating a security control or
exploitation of a security vulnerability;
(C) a security vulnerability, including anomalous activity
that appears to indicate the existence of a security
vulnerability;
(D) a method of causing a user with legitimate access to an
information system or information that is stored on,
processed by, or transiting an information system to
unwittingly enable the defeat of a security control or
exploitation of a security vulnerability;
(E) malicious cyber command and control;
(F) the harm caused by an incident, including a description
of the information exfiltrated as a result of a particular
cybersecurity threat;
(G) any other attribute of a cybersecurity threat, if
disclosure of such information is not otherwise prohibited by
law; or
Mrs. FEINSTEIN. Thank you.
The PRESIDING OFFICER. The Senator from North Carolina.
Amendment No. 2581, as Modified
Mr. BURR. Mr. President, I call for the regular order with respect to
the Cotton amendment No. 2581.
The PRESIDING OFFICER. The amendment is now pending.
The Senator from Louisiana.
Mental Health Reform Act
Mr. CASSIDY. Mr. President, for 25 years I have worked in the
Louisiana public hospital system. You cannot help but notice when you
work in a public hospital system, but also in private hospitals, how
often mental health issues are directly a part of a
[[Page S7382]]
patient who comes to see you. It does not just have to be a physician
seeing patients in the emergency room. Each of our families, mine
included, has a family member or a friend with serious mental illness.
It is nonpartisan. It cuts across demographic lines.
If I go before a group anywhere in my State, indeed anywhere in the
Nation, and bring up the need to address serious mental illness, all
heads nod yes. It is true of my family. It is true of yours. It is true
of almost everybody watching today. I am old enough to remember when
people would not speak of cancer. There was a stigma associated with
having cancer. That is long gone, much to our advantage, but for some
reason, there continues to be a stigma, a shame, associated with mental
illness. I will argue that stigma and sense of shame has retarded what
we can do.
This is something that we have to address, we have to discuss, and we
have to go forward. The discussion right now, frankly, is being driven
by tragedy: Lafayette, Louisiana; Newtown; Charleston; Oregon;
Tennessee. We have heard stories and they are beyond heartbreaking, but
what is not spoken of are the broken families, the parents that know
there is something wrong with their child but do not know where to go
to receive help, ending up in an overcrowded emergency room or with
their child in a jail or prison when a more appropriate setting would
be elsewhere.
It is in the midst of these terrible tragedies that at least we can
hope they can serve as a catalyst for society and Congress to begin to
fix America's broken mental health system. Maybe something good can
happen, even from tragedies as horrific as these.
The question is, If one of the roles of Congress is to respond to
societal needs that justify Federal involvement, should we not ask
ourselves why has there been such a failure to address the issue of
serious mental illness? I am pleased to say that my colleague, Senator
Chris Murphy, and I wish to change that. We have introduced the
bipartisan Mental Health Reform Act, which now has 10 cosponsors, both
Republican and Democrat.
Our bill begins to fix our mental health system and attempts to
address the root cause of mass violence, which is recognized but
untreated mental illness. How does our bill begin to do so? First,
patients too often cannot get the care they need and too often have a
long delay between diagnosis and treatment. Access delayed is access
denied. Access is hampered by a shortage of mental health providers and
too few beds for those with serious mental illness who truly need to be
hospitalized.
Related to this, right now people with major mental illness tend to
die from physical illness as much as 20 years younger than someone who
does not have serious mental illness. As a physician, I know if we
treat the whole patient, if we integrate care, it is better. Medicaid,
though, by policy, will not pay for a patient to see two physicians on
the same day.
So imagine this: A family practitioner sees a patient who clearly has
major mental illness and, because the patient is right there, would
like him to walk down the hallway to see her friend the psychiatrist,
to have both addressed immediately while the patient is there. Medicaid
will not pay the psychiatrist. On the other hand, the patient might be
seeing a psychiatrist and have seriously high blood pressure or
evidence for diabetes out of control, but the psychiatrist cannot say:
Wait a second. Let me walk you down the hallway to see my colleague,
the family practitioner, because Medicaid will not pay for that. By the
way, private health insurance will. This is a policy change we need for
public health insurance. Our bill would allow patients to use both
mental and physical health services the same day.
Secondly, most people have their first episode of serious mental
illness between the ages of 15 and 25, starting down a path that ends
with their life and their family's lives tragically altered. This bill
attempts to identify those young folks, stopping that path from ever
opening up, and preventing the first episode of serious mental illness
or, if it does occur, leading them on a path of wholeness, a path
towards wellness.
Another thing our bill does is it establishes a grant program focused
on intensive early intervention for children who demonstrate those
first signs that can evolve into serious mental illness that may only
occur in adolescence or adulthood. A second grant program supports
pediatricians who are consulting with mental health teams. This program
has already been successful in States such as Massachusetts and
Connecticut.
Third, without appropriate treatment options, prisons, jails, and
emergency rooms have become the de facto mental health care providers.
More than three times as many mentally ill are housed in prisons and
jails than in hospitals, according to the National Sheriffs'
Association. Overcrowded U.S. emergency rooms have become the treatment
source of last resort for psychiatric patients. We incentivize States
to create alternatives where patients may be seen, treated, and
supervised in outpatient settings, as opposed to being incarcerated.
Our bill creates an Under Secretary for Mental Health within the U.S.
Department of Health and Human Services. This Under Secretary's
responsibility would be to coordinate mental health services across the
Federal system to help identify and implement effective and promising
models of care.
It reauthorizes successful programs, such as the community mental
health block grant and State-based data collection. The bill also
increases funding for critical biomedical research on mental health. On
top of this, it strengthens the transparency and enforcement of mental
health parity by requiring the U.S. Departments of Labor, Health and
Human Services, and Treasury to audit the implementation of the mental
health parity movement to determine the parity between mental and
physical health services.
Our bill does other things, but the most important thing it does is
it helps prevent tragedies. It helps families, and it helps those
broken individuals affected by mental illness become whole.
In 2006, William Bruce of Maine was a 24-year-old who needed help. He
suffered with schizophrenia and had been hospitalized. Without
contacting his parents, our broken health care system allowed William
to be released--even though his doctors said he was ``very dangerous
indeed for release to the community.'' Sadly, 2 months later he
murdered his mother at home with a hatchet. This story is tragic and
heartbreaking, and even worse, it could possibly have been prevented if
we had worked then to fix our broken mental health system. We wish to
fix it now so there is not another such episode in the future.
The time for mental health reform is now. If not now, when? If not
us, who? If not now and not us, there will be more Lafayettes,
Newtowns, Charlestons, Tennessees, Oregons, and more broken families.
This bill does not wave a magic wand, but it puts us on a path where
we can say these things that once occurred perhaps no longer will.
Thank you.
I yield back the remainder of my time.
The PRESIDING OFFICER (Mr. Perdue). The Senator from Connecticut.
Mr. MURPHY. Mr. President, I am on the floor today to join my good
friend from Louisiana, Senator Cassidy, as we formally introduce to the
Chamber the Mental Health Reform Act of 2015. I thank him personally
for all the time he has put into this not only as a Member of the
Senate but previous to this as a Member of the House of
Representatives.
This effort is patterned after a bill Senator Cassidy and my
namesake, Representative Tim Murphy of Pennsylvania, worked on for
years in the House of Representatives.
I wish to begin by sharing a story with you--that is the way Senator
Cassidy ended. I will talk about a woman from Bloomfield, CT, named
Betsy. She has a 28-year-old son, John, who suffers from
schizoaffective disorder. It is a serious mental illness whose signs
began showing when John was 15 years old. He was hospitalized--think
about this--15 different times between the ages of 15 years old and 18
years old, generally only for time-limited stays ranging from about 5
days to maybe 2 weeks. Despite the severity of the condition, he was
told upon discharge there was really nowhere for him to go, no
permanent solution for this young
[[Page S7383]]
man. He was just an adolescent, but his parents were told there was no
place for him to be treated. What resulted was not only John getting to
a breaking point but his parents as well.
As we know, serious mental illness doesn't affect just the individual
person, it also affects family members who are trying to care for them.
Without needed supports and services, John became increasingly remote
and psychotic until he was hospitalized again. Upon discharge this
time, John went to a shelter--the only place he could go. Since he
couldn't follow the shelter's rules, John, whom his mother said was
``young, fragile, vulnerable and mentally unstable,'' was kicked out to
survive homeless on the streets.
John finally--finally--was able to get a bed at a place that was able
to house him for longer than 2 weeks, Connecticut Valley Hospital. That
ability to get John stabilized for a longer period of time, get him
into a real treatment plan, allowed him to then transfer into a
community bed in Middletown, CT. That is where John is today. John has
been living successfully out in the community for 3 years. But we spent
millions of dollars on John's care, which led to no better outcome for
him. We wasted millions of dollars and potentially thousands of hours
of time because he was shuttled in and out of hospitals without any
long-term treatment and without any hope for him and his family.
What Senator Cassidy and I are trying to say is that there is a
better way. We are already spending billions of dollars on inadequate
mental health care in this country. We need to do better, but a lot of
this is just about spending money in a more effective way.
One of the programs our bill helps fund is an early-intervention
program for individuals who show their first episode of psychosis. The
program the National Institutes of Mental Health just evaluated--with
findings released yesterday--was the RAISE Program. And in Connecticut
we run a similar program called the STEP Program. What this study
showed yesterday is that if you provide wraparound services to an
individual who shows a first episode of psychosis--comprehensive,
immediate services--you can get a dramatic decrease in the number of
episodes they show later in life. In Connecticut, we found that the
STEP Program reduced hospitalizations by nearly 50 percent after
individuals were given those wraparound services immediately. When they
did need hospitalizations later on, they were on average 6 days less
than when you didn't provide those wraparound services.
These are the types of programs that could have helped Betsy's son
John early so that he could have started his recovery as a teenager
rather than in his twenties. They could have saved the U.S. Government
and the State of Connecticut a lot of money as well.
The trendlines beyond the anecdotes are very disturbing. Mental
illness has been on the rise for the past few decades. One out of five
adults today is coping with mental illness. If you look at the time
period from 1987 to 2007, the number of people with mental disorders
who qualify for SSI has risen by 2\1/2\ times. From 1980 to 2000, we
put up to 72,000 people in our jails who prior to
deinstitutionalization would have been in psychiatric hospitals--people
who are in jail primarily or only because of their psychiatric
disorder.
Just in the last 2 years alone, the number of people that HRSA
estimates to be living in a mental health shortage area has gone from
91 million--that is pretty bad to start with--up to 97 million. That is
just 2 years of data. Since 2005, we have closed 14 percent of our
inpatient beds in this country. So what is happening is a dramatic
increase in the number of people who are suffering from mental illness
and a rather dramatic decrease in both outpatient and inpatient
capacity. We have to provide more resources to meet the demand, but we
also have to spend money better.
Senator Cassidy covered our piece of legislation accurately, so I
won't go into detail, but I wish to talk about our process. What we
decided to do at the beginning of this year was bring together all of
the groups--the provider groups, the advocacy groups, the hospital
groups--who have worked on this issue for years and then bring in those
in the House of Representatives who have been working on this as well:
Representative Tim Murphy and Eddie Bernice Johnson.
They have a bipartisan reform bill in the House. We decided not to
start from scratch but to take their piece of legislation, knowing that
it has a good chance of passage in the House, and try to build on it
and improve it.
We spent 6 months meeting with all of these groups and coming up with
our own consensus product that today has the support of a cross-section
of behavioral advocacy groups all across the country, including the
National Alliance for the Mentally Ill, the National Council for
Behavioral Health, the American Psychological Association, the American
Psychiatric Association, social workers, the American Foundation for
Suicide Prevention, and the list goes on. We also went out to our
colleagues as well, knowing that nothing in the Senate can pass without
not just bipartisan support but bipartisan support that reflects the
diversity of both of our caucuses. We think we were able to build a
good foundation of cosponsors for this bill: Senators Franken,
Stabenow, Blumenthal, and Schumer on the Democratic side, and Senators
Murkowski, Collins, Vitter, and Capito on the Republican side. We hope
that this coalition of groups on the outside, this alliance with a
reform effort in the House that we believe has legislative legs, and a
good one-for-one with some cosponsors in the Senate, will allow us to
move this bill forward, and we have to. We have to.
So I will end where Senator Cassidy began his remarks, which is why
the Nation's attention has turned to this question of how we reform our
mental health system. We lived through a tragic and gut-wrenching
episode of mass destruction in Newtown, CT. Senator Cassidy has had his
own experience with mass tragedy. The reality is that the reasons why
we see these episodes of mass shootings are complicated, but if you
read the report on Adam Lanza's intersection with Connecticut's mental
health system, you will see that it failed him. It failed him and it
failed his family. I don't know that correcting the mental health
system alone would have changed what happened in Newtown, but I know
that if we fix our mental health system, we will have a downward
pressure on the episodes of mass violence that happen in this country.
But, as Senator Cassidy said, we should fix our mental health system
because it is broken for everyone, regardless of whether an individual
has a predisposition towards violence, because, of course, the reality
is that people with mental illness are much more likely to be the
victims of violence than they are to be the perpetrators of violence.
So there is no inherent connection between mental illness and violence.
But these mass shootings have drawn the Nation's attention to what
Congress can agree on right now that will try to improve public safety
across this Nation.
We are not going to get a background checks bill this year. I hoped
we could, but we won't. What we can get is a mental health reform bill,
and that will help everyone--the case in Maine, the individual in
Bloomfield, and millions of others who have had a miserable experience
with a mental health system that is broken today, in part because of
lack of coordination and in part because of lack of funding.
I am so thankful to Senator Cassidy for being with me on the floor
today. I am grateful for his friendship and for his cooperation on
bringing this truly bipartisan Mental Health Reform Act to the floor of
the Senate. We recommend it to our colleagues. We look forward to the
upcoming hearings in the HELP Committee that we both sit on, and we
hope to be back on the floor of the Senate as soon as possible to move
forward on its passage through this body.
I say thank you to my colleague in the Senate, Senator Cassidy.
I yield the floor.
I suggest the absence of a quorum.
The PRESIDING OFFICER. The clerk will call the roll.
The legislative clerk proceeded to call the roll.
Mr. GRASSLEY. Mr. President, I ask unanimous consent that the order
for the quorum call be rescinded.
The PRESIDING OFFICER. Without objection, it is so ordered.
Mr. GRASSLEY. Mr. President, I rise to express my strong support for
the
[[Page S7384]]
bill before the Senate, S. 754, the Cybersecurity Information Sharing
Act, and I want to thank the bill's managers for their leadership in
drafting this bill and putting a lot of hard work into the bill.
Cyber security challenges that threaten us are very real challenges.
We receive almost daily reminders of the importance of effective cyber
security to protect our private data and the safety and security of the
entire Nation from cyber attacks. These attacks have compromised the
personal information of so many Americans as well as sensitive national
security information. That national security issue might even be the
biggest of the ones we hope to deal with.
The legislation before us will encourage the government and the
private sector to work together to address these cyber security
challenges. This bill helps create a strong legal framework for
information sharing that will help us respond to these threats. The
bill authorizes private companies to voluntarily share cyber threat
information with each other and with the government. In turn, the bill
permits the government to share this type of information with private
entities.
The bill reduces the uncertainty and, most importantly, the legal
barriers that either limit or prohibit the sharing of cyber threat
information today. At the same time, the bill includes very significant
privacy protections to strike a balance between maintaining security
and protecting our civil liberties. For example, it restricts the
government from acquiring or using cyber threat information except for
limited cyber security purposes.
So, as I did at the beginning, I want to salute the leadership of the
chair and vice chair of the Select Committee on Intelligence, Senator
Burr and Senator Feinstein, for their efforts on this bill. I know from
the last couple of Congresses that this type of legislation isn't easy
to put together. In the 112th Congress, I cosponsored cyber security
legislation along with several of my colleagues. This involved working
across several committees of jurisdiction. Last Congress, as then-
ranking member of the Judiciary Committee, I continued to work with the
Select Committee on Intelligence and others on an earlier version of
this bill. Unfortunately, Democratic leadership never gave the Senate
an opportunity to debate and to vote on that bill in the last Congress.
Senators Burr and Feinstein were undaunted, however, and this
Congress they diligently worked and continued to seek input from
relevant committees of jurisdiction, including the Judiciary Committee
that I chair. They incorporated the views of a broad range of Senators
and worked to address the concerns of stakeholders outside of the
Congress. This has produced their managers' amendment.
This is a bill that enjoys broad bipartisan support. As with most
pieces of legislation that come before the Senate, it is not a perfect
piece of legislation from any individual Senator's point of view, but
in finding common ground, it has turned out to be a good bill that
addresses a very real problem.
It is time for us to do our job and to vote. This is how the Senate
is supposed to work. Now is the time for action because the question
isn't whether there will be another cyber attack, the question is when
that attack will happen.
I yield the floor.
I suggest the absence of a quorum.
The PRESIDING OFFICER. The clerk will call the roll.
The legislative clerk proceeded to call the roll.
Mr. BURR. Mr. President, I ask unanimous consent that the order for
the quorum call be rescinded.
The PRESIDING OFFICER. Without objection, it is so ordered.
Mr. BURR. Mr. President, I am here to briefly talk on S. 754, the
cyber security bill. Yesterday Vice Chairman Dianne Feinstein and I
came to the floor and encouraged our Members who had amendments or who
had an interest in debating the bill to come to the floor. It was my
hope that we could finish in a couple of days with the cooperation of
Members. We have not gotten that level of cooperation. Therefore, this
will take several more days to finish. But it doesn't lessen the
importance for those Members who have amendments in the queue--meaning
they are pending--to come to the floor and talk about their amendments
if they would like to. At some point, we will culminate this process,
and those amendments that have yet to be disposed of will have votes
with a very limited amount of debate time included.
It is my hope that we will have a wholesome debate and that people
will have an opportunity to know what is in this bill if they don't
today. But more importantly, through that debate we are able to share
with the American people why a cyber security bill is so important and,
more importantly, why we have done it in a way that we think it will be
embraced and endorsed by not just corporate America but by individuals
throughout the country.
Let me announce today that this bill will be done either Monday
evening or Tuesday morning based upon what the leadership on both sides
can agree to as it relates to the debate. The Vice Chair and I also
came to the floor and we made this statement: We have worked
aggressively in a bipartisan way to incorporate in the managers'
package, which is currently pending, 14 amendments, and 8 of those
amendments were included in the unanimous consent agreement made
earlier this year when we delayed consideration of the bill until the
day when we moved forward. There were several amendments on which we
weren't able to reach an agreement or that we believed changed the
policy significantly enough that this was not just an information
sharing bill that was voluntary for corporations throughout this
country. In the absence of being able to keep this bill intact in a way
that we thought we needed to, the Vice Chairman and I have agreed to
lock arms and to be opposed to those additional amendments.
Having said that, the debate to date has focused on the fact that
there are technology companies across this country that are opposed to
this bill. Yesterday the Vice Chairman and I repeatedly reminded our
colleagues and the American people that this is a voluntary bill. There
is nothing mandatory in it. The reality is that if you don't like what
is in this, if for some reason you don't want to participate in what I
would refer to as a community watch program--it is real simple; it is
voluntary--do not participate. Choose not to inform the Federal
Government when hackers have penetrated your system and stolen personal
data out of it. Just choose not to tell us. But do not ruin it for
everybody else. In a minute I am going to go through again why I think
the cyber security bill should become law, why I think this is the
first step of how we protect the personal data of the American people,
and why hundreds, if not thousands, of businesses support this
information sharing bill. But I can't stress that enough for those who
oppose this. Most of them are, in fact, companies that hold the most
private data in the world. Let me say that again. Those who are
expressing opposition to this bill hold the largest banks of personal
data in the world.
The decision as to whether they are for the bill or against the bill
is their decision. The decision whether they utilize this voluntary
program to further protect the personal data that is in their system is
between them and their customers. But I have to say that it defies
reason as to why a company that holds that much personal data wouldn't
at least like to have the option of being able to partner with the
Federal Government in an effort to minimize data loss, whether it is at
their company or whether it is in their industry sector or whether it
is in the global economy as a whole.
The last time I checked, the health of U.S. businesses was reliant on
the health of the U.S. economy, and the health of the U.S. economy is
affected by the health of the global economy. I know the Presiding
Officer understands that because he was in business like I was for 17
years.
It really does concern me that one could be opposed to something that
insulates the U.S. economy from having an adverse impact by the cyber
security act and believes that they are OK even though it might tank
the U.S. economy.
At the end of the day, I want to try to put this in 101 terms, the
simplest terms of what the information sharing bill does. I am going to
break it into three baskets. It is about business to
[[Page S7385]]
business. This bill allows a company that has been hacked--where
somebody has penetrated their computer system and has access to their
data--to immediately pick up the phone and call their competitor and
ask their competitor whether they have had a similar penetration of
their system.
It is only reasonable to expect that the first person you would go to
is a company that has a business that looks exactly like yours. In that
particular case, this legislation provides that company with protection
under the anti-trust laws. Anti-trust forbids companies from
collaborating together. What we say is that if it has do with
minimizing the loss of data, we want to allow the collaboration of
competitors for the specific reason of discussing a cyber attack.
The Senate recognizes I have designed something in this that doesn't
require a corporate lawyer to sit in the room when the decision is
made. I have no personal dislike for lawyers other than the fact that
they slow things down. To minimize the loss of data means you have to
have a process that goes in real time from the bottom of the chain all
the way to the decisionmaking and the communication back down, not only
to that business, but to the entire economy. Having a lawyer that has
to think whether we can legally do this defeats the purpose of trying
to minimize data loss. So we give them a blanket exemption under the
anti-trust laws so they know up front that they can pick up the phone
and call their competitor, and there is no Justice Department that will
come down on them as long as they confine it to the discussion of cyber
attack.
At the same time we initiate what I call business to government,
which means that when the IT department is talking to their competitor,
the IT department can put out a notification through the Federal portal
that they have been attacked, and that initiates the exchange of a
limited amount of information that has been predetermined by everybody
in the Federal Government who needs to do the forensics of who
attacked, what tool they used, and what defensive mechanism could be
put up in the way of software that would eliminate the breach.
In the statute we have said, one, you can't transmit personal data
unless it is absolutely crucial to understanding the forensics of the
attack. We have also said in statutory language to the government
agencies: If for some reason personal data makes it through your
filters, you cannot transmit that personal data anywhere else within
the Federal Government or to the public.
We have gone to great lengths to make sure that personal data is not
disclosed through the notification process of a hack. I understand that
the personal data has already been accessed by the individual who
committed the act, but we want to make sure that the government doesn't
contribute to the distribution of that data.
In order to create an incentive in a voluntary program for a business
to initiate that notification to the Federal Government, we provide
liability protection. Anytime a company allows personal data or data on
their business to get out, there could potentially be a shareholder's
suit. What we do is provide a blanket liability protection to make sure
that a company can't be sued for the government notification of a
security breach where data has been removed and it is in the best
interest of the government to know it, to react to it, and for the
general population of businesses in America to understand it.
So we have business-to-business collaboration with your competitor,
anti-trust protection, business-to-government liability protection, no
personal data transmitted, and the last piece is government to
business.
It is hard for me to believe that the government didn't have the
statutory authority to convey to businesses across America when a cyber
attack is in progress. The Federal Government has to be asked to come
in and typically will be asked by the company that has been attacked,
but how about their competitors? How about the industry sector? How
about the whole U.S. economy? There is no authority to do that. This
bill creates the authority in the Federal Government to receive that
information from a company that has been penetrated, to process it, to
understand who did it, to understand the attack tool they used, to
determine the defensive mechanism of software that it can be put on,
and then to notify American businesses that there is an attack
happening now, and here is the attack tool and software you can buy off
the shelf and put on your computer system to protect you. That is it.
That is the entire information sharing bill, and it is voluntary.
I will touch on eight items very briefly. Why is there a need for
cyber legislation? I don't want to state the obvious, but we have
already seen that individuals and nation states penetrate the private
sector and steal personal data, and the Federal Government can steal
personal data. I thought it would hit home with my colleagues when the
Office of Personnel Management was breached, and now we are up to 22 to
24 million individuals who were compromised. More importantly, the
personal data at OPM extended to every individual who had ever applied
for a security clearance, who had ever been granted security clearance,
and who had security clearances and are now retired, but for some
reason that application remained in the database. That application,
which consists of 18 pages, has the most personal information one can
find. It lists your parents and their Social Security numbers, your
brothers, your sisters, where you lived since you graduated from
college. It even has a page that asks you to share the most obvious way
that someone might blackmail you. It has probably some of the most
damaging personal information that one can have breached.
Cyber attacks have harmed multiple U.S. companies. If this weren't
serious, would the President of China and the President of the United
States, when they met several weeks ago, have come to an agreement
about how they would intercede if one country or the other commits a
cyber attack against each other? Probably not.
Our bill is completely voluntary, and I think it is safe to say that
those who want to share data can, in fact, share data on this.
I mentioned the words ``real time.'' What we want to do is create a
real-time system because we want a partnership. We want a partnership
with other private companies and we want a partnership with the private
and public sector, and you can't get a partnership by mandating it. All
you can get is an adversarial relationship. We maintain that voluntary
status in the hope that the sharing of that information is, in fact,
real time. We can control--once you transmit to the Federal
Government--how to define ``real time.'' I have no control over a
private company's decision once they know they have been breached to
the point that they actually make a notification to the Federal
Government, but with the liability protection and anti-trust coverage,
we are convinced that we are structured from the beginning to create an
incentive for real time to take place.
We protect personal privacy. Many have come to the floor and have
suggested that this is a surveillance bill. Let me say to my colleagues
and to the American people: There is no capability for this to become a
surveillance bill. The managers' amendment took those items that people
were concerned with and eliminated it. We can be accused of a lot of
things, but to accuse this of being a surveillance bill is either a
sign of ignorance or a sign that one is being disingenuous. It is not a
surveillance bill. Be critical of what we are attempting to do, be
critical of what we do, but don't use the latitude to suggest that this
is something that it is not.
We require private companies and the government to eliminate any
irrelevant personal, identifiable information before sharing the cyber
threat indicators or putting up defensive mechanisms.
This bill does not allow the government to monitor private networks
or computers. It does not let government shut down Web sites or require
companies to turn over personal information.
This bill does not permit the government to retain or use cyber
threat information for anything other than cyber security purposes,
identifying a cyber security threat, protecting individuals from death
or serious bodily or economic harm, protecting minors, or investigating
limited cyber crime offenses.
This bill provides rigorous oversight and requires a periodic
interagency inspector general's report to assess
[[Page S7386]]
whether the government has violated any of the requirements in this
bill. The report also will assess any impact this bill may have on
privacy and civil liberties. In the report, we require the IG to report
to us whether anybody does anything outside what the statute allows
them to do, but we also ask the IG to make a gut call on whether we
have protected privacy and civil liberties.
Finally, our managers' amendment has incorporated an additional
provision to enhance privacy protections first. Our managers' amendment
omitted the government's ability to use cyber information to
investigate and prosecute serious and violent felonies. Let me raise my
hand and say I am guilty. I felt very strongly that that should have
been in the bill. If we find during an investigation that an individual
has committed a felony that is not related to a cyber attack, I thought
we should turn that information over to law enforcement but, no, we
dropped it. I don't want there to be any question as to whether this is
an effective cyber information sharing bill.
Our managers' amendment limited cyber threat information sharing
authorities to those items that are shared for cyber security purposes.
Both of these changes ensure that nothing in our bill reaches beyond
the focus of cyber security threats that are intended to prevent and
deter an attack, and nothing in this bill creates any potential for
surveillance authorities.
Now, as I said, despite rumors to the contrary, this bill is
voluntary. It is a voluntary threat indicator to share with authorities
and does not provide in any way for the government to spy on or use
library and book records, gun sales, tax records, educational records,
or medical records. There is something in that for every member of
every State.
I can honestly look at my librarians and say we haven't breached the
public libraries' protection of personal data. I will say librarians
are not fans of this legislation. I don't think they have read the
managers' amendment that spells out the concerns we heard and then
said: This can't go there. I am not sure we can statutorily state it
any clearer than what we have done.
Given that cyber attackers have hacked into, stolen, and publicly
disclosed so much private, personal information, it is astounding to me
that privacy groups would oppose this bill. It has nothing to do with
surveillance, and it seeks to protect private information from being
stolen.
There are no offensive measures. This bill ensures that the
government cannot install, employ or otherwise use cyber security
systems on private sector networks. In other words, no one can hack
back into another computer, even if the purpose is to protect against
or squash a cyber attack. It can't be done. It is illegal.
The government cannot retain or use cyber threat information for
anything other than cyber security purposes, including preventing,
investigating, disrupting, and prosecuting limited cyber crimes,
protecting minors, and protecting individuals from death or serious
bodily harm, or economic harm.
The government cannot use cyber threat information in regulatory
proceedings. Let me state that again. The government cannot use cyber
threat information in regulatory proceedings. If somebody believes this
is not voluntary and that there is some attempt to try to get a
mandatory hook in here where regulators can turn around and bypass the
legislative responsibility of the Congress of the United States, let me
just say, we are explicit. It cannot be done. But we are also explicit
that the government cannot retain this information for anything other
than the list of items I discussed. This provides focused liability
protection to private companies that monitor their own systems and
share cyber threat indicators and defensive mechanisms in accordance
with the act, but the liability protection is not open-ended. This
doesn't provide liability protection for a company that engages in
gross negligence or willful misconduct. I am not a lawyer, but I have
been told that ties it up pretty tightly; that it makes a very small,
narrow lane that companies can achieve liability protection, and that
lane means they are transferring that information to the Federal
Government.
Last, independent oversight. This bill provides rigorous oversight.
It requires a periodic interagency inspector general's report to assess
whether the government has violated any of the requirements of this
act. The report also will assess any impact that this bill may have on
privacy and civil liberties as well as an assessment of what the
government has done to reduce any impact.
This bill further requires an independent privacy and civil liberties
oversight board to assess any impact this bill may have on privacy and
civil liberties and is, in fact, reviewed internally by an inspector
general. The inspector general checks to make sure they live by the
letter of the law. The inspector general makes an assessment on the
privacy and civil liberties, and we set up an independent board to look
at whether, in fact, privacy and civil liberties have been protected.
I say to my colleagues, if there is more that they need in here, tell
us what it is. The amendment process is open.
Here is where we are. Privacy folks don't want a bill, period. Some
Members don't want a bill, period. I get it. I am willing to adapt to
that. I only need 60 votes for this to pass, and then I have to
conference it with the House that has two different versions. Then I
have to go to the other end of Pennsylvania Avenue, and I have to
convince the President and his whole administration to support this
bill. Let me quote the Secretary of the Department of Homeland
Security. They support this bill. The National Security Council
tomorrow is going to come out in support of this bill. Why? Because
most people recognize the fact that we need this, that this is the
responsible thing to do. This is why Congress was created.
If, in fact, there are those who object, don't participate. I say to
those businesses around the country, I am not going to get into your
decisionmaking, although I think it is flawed. You hold most of the
personal data of any companies out there. Yet you don't want to see any
coordinated effort to minimize data loss in the U.S. economy. I think
that is extremely shortsighted. I think your customers would disagree
with you, but the legislation was written in a way that allows you to
opt out and to say: I don't want to play in this sandbox.
I say to my colleagues and to the American people: Is that a reason
for us not to allow the thousands of companies that want to do it,
representing hundreds of thousands and millions of customers who want
to protect their credit card number, their health records, all the
personal data that is out there on them--if they want to see that
protected, should they not have that done because some companies say
they don't want to play? No. We make it voluntary, and we allow them to
opt out. They can explain to their customers why. If I am with another
tech company and they are participating in this, they must be more
interested in protecting my data. I think it is a tough sell myself as
a guy in business for 17 years.
I know what is up here. Some are looking at this as a marketing tool.
They are going to go out and say: We don't participate in transferring
data to the Federal Government. Oh, really. Wait until the day you get
penetrated. Wait until the day they download all of that personal
information on all of your customers. You are going to be begging for a
partnership with the Federal Government. Then we are going to extend it
to you, whether you liked it or not, whether you voted for the bill or
supported the bill or spoke in favor of the bill or ever participated
in it. If we pass this bill, which I think we will, they will have an
opportunity to partner with the Federal Government and to do it in an
effective way. In the meantime, I think there will be just as many
businesses using a marketing tool that says: We like the cyber
information sharing bill, and if we ever need to use it, we are looking
forward to partnering with the Department of Homeland Security, the
FBI, and the National Security Agency because we want to minimize the
exposure of the loss of data our customers could have.
Mark my words. There is a real battle getting ready to brew here.
Again, putting on my business hat, I like the idea of being able to go
out and sell the fact that I am going to partner if something happens
much better than selling
[[Page S7387]]
the pitch that I am going to do this alone. Think about it. A high
school student last week hacked the personal email account of the
Secretary of the Department of Homeland Security and the Director of
the CIA. This is almost ``Star Trek.'' ``Beam me up, Scotty.''
There are people who believe that this is just going to go away. It
is not going away. Every day there is an attempt to try to penetrate a
U.S. company, an agency of the Federal Government for one reason: to
access personal data. The intent is there from individuals and from
nation states. For companies that think this is going to go away or
think they are smart enough that it is not going to happen to them, I
have seen some of the best and they are one click away from somebody
downloading and entering their system and that click may not be
protected by technology. It may be the lack of ability of an employee
to make the right decision on whether they open an email, and, boom,
they have just exposed everybody in their system.
So I will wrap up because I see my good friend and colleague Senator
Wyden is here. We will have several days, based upon the process we
have in front of us, to talk about the good, and some will talk about
the bad, which I don't think exists, but let me assure my colleagues
that the ugly part of this--the ugly part of this--is that cyber theft
is real. It doesn't discriminate. It goes to where the richest pool of
data is. In the case of the few companies that are not supportive of
this bill, they are the richest depositories of personal data in the
world. I hope they wake up and smell the roses.
I yield the floor.
The PRESIDING OFFICER (Mr. Scott). The Senator from Oregon.
Mr. WYDEN. Mr. President, I would like to inform my colleague, the
distinguished chairman of our Intelligence Committee, I am always
thinking about the history of the committee. I believe Chairman Burr,
the ranking minority member Senator Feinstein, and I have been on the
Intelligence Committee almost as long as anybody in history.
I always like to work with my colleague. This is an area where we
have a difference of opinion. I am going to try to outline what that is
and still try to describe how we might be able to work it out.
Mr. BURR. May I thank my colleague?
Mr. WYDEN. Of course.
Mr. BURR. Mr. President, I thank my colleague. I think he
diplomatically referred to me as old, but I know that wasn't the case.
He is exactly right. We have served together for a long time. We agree
on most issues. This is one that we disagree on, but we do it in a
genuine and diplomatic way. Contrary to maybe the image that some
portray to the American people, we fight during the day and we can have
a drink or go to dinner at night, and we are just as likely to work on
a piece of legislation together next week. So that is what this
institution is and it is why it is so great.
Mr. WYDEN. Well said. There is nothing better than having Carolina
barbecue unless it is Oregon salmon. Yes, we old jocks, former football
players and basketball players, we have tough debates and then we go
out and enjoy a meal.
Here is how I would like to start this afternoon. The distinguished
chairman of the committee is absolutely correct in saying that cyber
security is a very substantial problem. My constituents know a lot
about that because one of our prominent employers, SolarWorld, a major
manufacturer in renewable energy, was hacked by the Chinese simply
because this employer was trying to protect its rights under trade law.
In fact, our government indicted the People's Liberation Army for their
hacking into this major Oregon employer. So no question that cyber
security is a major problem.
Second, there is no question in my mind that information sharing can
be very valuable in a number of instances. If we know, for example,
someone is associated with hackers, malware, this sort of thing, of
course it is important to promote that kind of sharing. The difference
of opinion is that I believe this bill is badly flawed because it
doesn't pass the test of showing that when we share information, we
have to have robust privacy standards or else millions of Americans are
going to look up and they are going to say that is really not cyber
security. They are going to say it is a surveillance bill. So that is
what the difference of opinion is.
Amendment No. 2621, as Modified
Let me turn to how I have been trying to improve the legislation. I
am going to speak for a few minutes on my amendment No. 2621 to the
bill that we have been discussing and that is now pending in the
Senate. Obviously, anybody who has been watching the debate on this
cyber security bill has seen what we would have to call a spirited
exchange of views. Senators are debating the substance of the
legislation and, as I just indicated to Chairman Burr and I have
indicated to ranking minority member Senator Feinstein, there is
agreement on a wide variety of points and issues.
Both supporters and opponents of the bill agree that sharing
information about cyber security threats, samples of malware,
information about malicious hackers, and all of this makes sense and
one ought to try to promote more of it. Both supporters and opponents
now agree that giving corporations immunity from customer lawsuits
isn't going to stop sophisticated attacks such as the OPM personnel
records breach.
I am very glad that there has been agreement on that point recently,
because proponents of the bill sometimes said that their legislation
would stop hacks such as the one that took place at OPM. When
technologists reviewed it, that was clearly not the case, and the claim
has been withdrawn that somehow this bill would prevent hacks like we
saw at OPM.
The differences of opinion between supporters and opponents of the
bill--who do agree on a variety of these issues--surround the likely
privacy impact of the bill. Supporters have essentially argued that the
benefits of this bill, perhaps, are limited--particularly now that they
have withdrawn the claim that this would help against an OPM attack--
but that every little bit helps. But there is no downside to them to
just pass the bill. It makes sense. Pass the bill. There is no
downside.
Opponents of the bill, who grow in number virtually every day, have
been arguing that the bill is likely to have a significant negative
impact on the personal privacy of a large number of Americans and that
this greatly outweighs the limited security benefits. If an information
sharing bill doesn't include adequate privacy protections, I am telling
you, colleagues, I think those proponents are going to have people wake
up and say: I really don't see this as a cyber security bill, but it
really looks to me like a surveillance bill by another name.
(Mr. TOOMEY assumed the Chair.)
Colleagues who are following this and looking at the bill may be
trying to sort through this discussion between proponents and
opponents. To help clarify the debate, I would like to get into the
text of the bill for just a minute.
If colleagues look at page 17 of the Burr-Feinstein substitute
amendment, which is the latest version with respect to this bill,
Senators are going to see a key section of the bill. This is the
section that discusses the removal of personal information when data is
shared with the government. The section says very clearly that in order
to get immunity from a lawsuit a private company has to review the data
they would provide and remove any information the company knows is
personal information unrelated to a cyber security threat. This
language, in my view, clearly creates an incentive for companies to
dump large quantities of data over to the government with only a
cursory review. As long as that company isn't certain that they are
providing unrelated personal information, that company gets immunity
from lawsuits. Some companies may choose to be more careful than that,
but this legislation and the latest version--the Burr-Feinstein
substitute amendment--would not require it. This bill says with respect
to personal data: When in doubt, you can hand it over.
My amendment No. 2621 is an alternative. It is very simple. It is
less than a page long. It would amend this section that I have just
described to say that when companies review the data they provide, they
ought to ``remove, to the extent feasible, any personal information of
or identifying a specific
[[Page S7388]]
individual that is not necessary to describe or identify a
cybersecurity threat.'' The alternative that I am offering gives
companies a real responsibility to filter out unrelated personal
information before that company hands over large volumes of personal
data about customers or people to the government.
The sponsors of the bill have said that they believe that companies
should only give the government information that is necessary for cyber
security and should remove unrelated personal information. I agree with
them, but for reasons that I have just described, I would say
respectfully that the current version of this legislation does not
accomplish that goal, and that is why I believe the amendment I have
offered is so important.
For an example of how this might work in practice, imagine that a
health insurance company finds out that millions of its customers'
records have been stolen. If that company has any evidence about who
the hackers were or how they stole this information, of course it makes
sense to share that information with the government. But that company
shouldn't simply say here you go, and hand millions of its customers'
medical records over for distribution to a broad array of government
agencies.
The records of the victims of a hack should not be treated the same
way that information about the hacker is treated. Companies should be
required to make a reasonable effort to remove personal information
that is not needed for cyber security before they hand information over
to the government. That is what my amendment seeks to achieve. That is
not what is in the substitute amendment.
Furthermore, if colleagues hear the sponsors of the substitute saying
this bill's privacy protections are strong and you have heard me making
the case that they really don't have any meaningful teeth and they are
too weak, don't just take my word for it. Listen to all of the leading
technology companies that have come out against the current version of
this legislation.
These companies know about the importance of protecting both cyber
security and individual privacy. The reason they know--and this is the
case in Pennsylvania, Oregon, and everywhere else--is that these
companies have to manage the challenge every single day. Companies in
Pennsylvania and Oregon have to ensure they are protecting both cyber
security and individual privacy. Those companies know that customer
confidence is their lifeblood and that the only way to ensure customer
confidence is to convince customers that if their product is going to
be used, their information will be protected, both from malicious
hackers and from unnecessary collections by their government.
I would note that there is another reason why it is important to get
the privacy protections I am offering in my amendment at this time. The
companies that I just described are competing on a global playing
field. These companies have to deal with the impression that U.S. laws
do not adequately protect their customers' information. Right now these
companies--companies that are located in Pennsylvania and Oregon--are
dealing with the fallout of a decision by a European court to strike
down the safe harbor data agreement between the United States and the
European Union. The court's ruling was based on the argument that U.S.
laws in their present form do not adequately protect customer data.
Now, I strongly disagree with this ruling. At the same time, I would
say to my colleagues and to the Presiding Officer--he and I have worked
closely on international trade as members of the Finance Committee--and
I would say to colleagues who are following this international trade
question and the question of the European Union striking down the safe
harbor for our privacy laws, in my view this bill is likely to make
things even more difficult for American companies that are trying to
get access to those customers in Europe.
To give just a sampling of the leading companies that have come out
against the CISA legislation, let me briefly call the roll. There is
the Apple company. They have millions of customers. They know a great
deal about what we have to do to deal with malicious hackers and to
protect privacy. There is also Dropbox, Twitter, Salesforce, Yelp,
Reddit, and the Wikimedia Foundation. I point to the strong statement
by the Computer & Communications Industry Association. Their members
include Google, Amazon, Facebook, Microsoft, Yahoo, Netflix, eBay, and
PayPal. Those individual companies I have mentioned have millions of
customers. The organization that speaks for them says: ``CISA's
prescribed mechanism for sharing of Cyber threat information does not
sufficiently protect users' privacy.''
On top of this, there has been widespread opposition from a larger
spectrum of privacy advocacy organizations. Here the groups range from
the Open Technology Institute to the American Library Association.
I was particularly struck by the American Library Association's
comments in opposition to this bill. I think the leadership said--
paraphrasing--something to the effect of when the American Library
Association opposes legislation that authors say will promote
information sharing, they indicate there was a little something more to
it than what the sponsors are claiming.
Wrapping up, I want to make clear, as I said yesterday, that I
appreciate that the bipartisan leadership of our committee has tried to
respond to these concerns. They know that these large companies with
expertise in collecting data and promoting cyber security have all come
out against the bill. I heard talk about privacy protections. I don't
know of a single organization that is looked to by either side of the
aisle, Democrats and Republicans, for expertise and privacy that has
come out in favor of the bill.
So the sponsors of this legislation and the authors of the substitute
amendment, which I have tried to describe at length here this
afternoon, are correct in saying that they have made some changes, but
those changes do not go to the core of the bill.
For example, the amendment I have described would really, in my view,
fix this bill by ensuring that there was a significant effort to filter
out unrelated personal and private information that was sent to the
government under the bill.
So I hope Senators will listen to what groups and the companies that
have expertise in this field have said. I hope Senators on both sides
of the aisle will support the amendments I and others have offered. The
Senate needs to do better than to produce a bill with minimal effects
on the security of Americans and significant downside for their privacy
and their liberty.
I yield the floor.
The PRESIDING OFFICER. The Senator from Rhode Island.
Amendment No. 2626, as Modified
Mr. WHITEHOUSE. Mr. President, I would like to speak for 5 or 6
minutes on the cyber bill.
Unfortunately, I am here to express my distaste for the manner in
which this bill has proceeded. I have an amendment that is not going to
be voted on. Let me describe some of the characteristics of that
amendment.
First of all, it is bipartisan. It is Senator Graham's and my
amendment.
Second, it has had a hearing. We have had a hearing on it in the
Judiciary Committee. Considerable work has gone into it.
Third, it has the support of the Department of Justice. It repairs
holes in our criminal law for protecting cyber security that we worked
on very carefully with the Department of Justice and which we have had
testimony in support of from our Department of Justice prosecutors.
Last, it was in the queue. It was in the list of amendments that were
agreed to when we agreed to go to the floor with this bill.
So I don't know how I am going to vote on this bill now. But if you
have a bipartisan amendment that has had a hearing, that was in the
queue, and that has the support of the Department of Justice and you
cannot even get a vote on it, then something has gone wrong in the
process.
I remember Senator Sessions coming to the floor and wondering how it
is that certain Senators appoint themselves masters of the universe and
go off in a quiet room someplace and decide that certain amendments
will and will not be heard. I am very sympathetic to Senator Sessions'
concerns right now.
[[Page S7389]]
Let me tell you what the substance of our amendment would do.
First, there are people out there around the world in this cyber
universe of fraud and crime who are trafficking in Americans' financial
information for purposes of fraud and theft. If they don't travel to
America or if they don't have a technical connection to America, we
cannot go after them. There is an American victim, but we cannot go
after them. That is a loophole that harms Americans that this bill
would close.
I cannot believe there is one Member of this institution who would
oppose closing a loophole that allows foreign criminals access to
Americans' financial information for fraudulent purposes but puts them
beyond the reach of our criminal law. That is one part of what our bill
does.
Second, it raises penalties for people who intrude on critical
infrastructure. You can go all around this country, you can go to
military installations that have way less security concerns than our
critical infrastructure, like our electric grid, and you will see
chain-link fences that say department of whatever, U.S. Government,
stay out. You cannot go in there to picnic, you cannot go in there
because you are curious, you cannot go in there for a hike, and the
reason is because there is a national security component to what is
going on in there.
Well, there is a huge national security component to our critical
infrastructure, like our electric grid. All this would do is raise the
penalties. You could still go in, but if you get caught doing something
illegal there, then it is a little different if you are attacking
America's critical infrastructure than if you are just prowling around
in some other portion of the Web that does not have that.
Again, I think if that came to a vote, we would probably get 90
percent of this body in favor. Who is in support of allowing people to
mess around in our critical infrastructure?
The third is botnet brokers. Botnets are out there all over the
Internet. They are a plague on the Internet. There is no such thing as
a good botnet. Everyone would be better off if they were removed. They
are like weeds on the Internet. There are people who are brokers who
allow access to botnets, and because our laws are so out of date, if
you are just brokering access to a botnet for criminal purposes, there
is no offense. Why would we not want to empower our Department of
Justice to be able to go after people who are criminal brokers allowing
access for criminals to botnets to use for criminal purposes against
Americans? I don't understand that.
Lastly, botnet takedowns. A botnet is a weed. We wait until somebody
actually encounters that weed and is harmed by it before we allow our
Department of Justice to act. We should be out there taking down
botnets on a hygiene basis all the time. We are limited because of this
artificiality. That is the fourth piece of the bill. It empowers botnet
takedowns like the Bugat takedown we just did. We should be doing a lot
more of that. Again, unless somebody here is in the botnet caucus and
is in favor of more botnets out there, this is something which would
probably pass unanimously. Yet I cannot get a vote.
It is bipartisan, has had a hearing, is in the queue, is supported by
the Department of Justice, and those are the four sub-elements of it.
For some reason, the masters of the universe have gone off and had a
meeting in which they decided this is not going to be in the queue. I
object to that procedure.
I am sorry we are at this stage at this point because I think that on
the merits this would win. This is a bipartisan, good, Department of
Justice-supported, law enforcement exercise to protect people against
cyber criminals. I don't know what the sense is that there is some
hidden pro-botnet, pro-foreign cyber criminal caucus here that won't
let an amendment like mine get a vote.
I will yield the floor. I see Senator Carper here, and he has done
great work to try to be more productive than my amendment reflects. I
hope we can sort this out to a point where an amendment like mine,
which was in the queue in the original deal that got us to this bill,
can now get back in some kind of a queue so that we can get this done.
I yield the floor.
The PRESIDING OFFICER. The Senator from Delaware.
Mr. CARPER. I appreciate the yielding by Senator Whitehouse. Let me
just say that if your provision, Senator Whitehouse, does not end up in
this bill and we actually do pass it, I am sure we will conference with
the House. There will be an opportunity to revisit this issue. So I
hope you will stay in touch with those of us who might be fortunate
enough to be a conferee.
Mr. WHITEHOUSE. I appreciate that very much, more than the Senator
can know.
Mr. CARPER. Mr. President, I rise today in support of the cyber
security information bill introduced by my colleagues, Senators Burr
and Feinstein. I want to commend my colleagues and their staff for
their leadership and for their tireless efforts on this extremely
important piece of legislation.
As ranking member and former chairman of the Homeland Security and
Governmental Affairs Committee, I have been following cyber security
and this information sharing proposal in particular literally for
years. In fact, when Senator Feinstein first introduced an information
sharing bill in 2012--that was like two or three Congress's ago--it was
referred to Homeland Security and Governmental Affairs, on which I
served. That bill was ultimately folded into a comprehensive cyber
security bill that I had the honor of cosponsoring with Senators Joe
Lieberman, Susan Collins, Jay Rockefeller, and Senator Feinstein. We
were not able to pass that bill, but I think it has paved the way for
other cyber legislation, including the bill that is before us today and
a number of the amendments that are going to be offered to that bill in
the managers' amendment, especially.
Last Congress, I worked with our ranking member on homeland security,
Dr. Tom Coburn, and our House counterparts to get not one, not two, not
three, but four cyber security bills enacted into law, signed by the
President. I believe these four bills laid a very strong foundation for
some significant improvements on how the Department of Homeland
Security carries out its cyber security mission and really for this
bill before us too.
What the legislation Dr. Coburn and I worked on during the last
Congress did, in essence, was to better equip the Department of
Homeland Security to operate at the center of the kind of robust
information sharing program that the Burr-Feinstein bill would set up.
How do they do that? One, make sure the Department of Homeland Security
would have the ability to attract and retain top-flight talent, much
like the National Security Agency already has.
The legislation actually takes something called the cyber ops center,
NCCIC, within the Department of Homeland Security and makes it real and
functional and an entity that people would use and listen to.
Finally, we took an old law called FISMA, the Federal Information
Sharing Management Act--we took something that was just a paperwork
operation, this FISMA legislation--like a once-in-a-year check to see
how good a cyber security agency might be--and turned it into not a
paperwork operation, not a once-every-365-days operation, but a 24/7
surveillance operation on the lookout for intrusions within and across
the Federal Government broadly.
That legislation, affectionally known as FISMA, was also designed to
make clear what the division of labor was between the Office of
Management and Budget, OMB, and the Department of Homeland Security on
protecting the dot.gov domain. We made it clear that the job of OMB is
to, if you will, steer the ship. The job of the Department of Homeland
Security is to row the ship, to row the boat. That is a good division
of labor given that OMB only has six employees who work on this stuff
and the Department of Homeland Security has hundreds. So I think we
figured out the sharing of labor, the division of labor, and also made
sure the Department of Homeland Security has the resources--the horses,
the resources--and the technology they need.
Sharing more cyber security threat information among and between the
private sector and the Federal Government players who are on the
frontline in cyber security is critical for national security. Over the
last couple of
[[Page S7390]]
years, we have witnessed many troubling cyber attacks against our
banks, but not just our banks, against retailers, health providers,
government agencies, and God knows how many others.
Some of those launching these attacks were just criminals. Some of
them were just criminals. They want to steal information. They want to
make money off of our personal information, off our intellectual
property, like our intellectual seed corn, if you will, for companies
large and small and for universities as well. Others just want to be
disruptive or they want to make political points. Some actors, however,
are capable or would like to develop the capability to use a cyber
attack to harm people and cause physical damage.
It is long past time for this body to take action to more effectively
combat these threats we now face in cyber space. That is why earlier
this year I introduced a similar information sharing bill. This bill
largely mirrored the administration's original proposal.
The administration asked me to introduce their information sharing
bill. Before I did that, we actually had a hearing in the committee on
homeland security. Part of the centerpiece of the hearing was the
administration's proposal. We got some good ideas on how to make it
better. We made it better and introduced that bill to use, if you will,
as a point-counter point in a constructive, positive way with the
legislation that worked its way through the Intelligence Committee. But
we did not stop there. We took information from a lot of experts and
stakeholders.
The measure we are discussing today shares the same goals as my
original bill--largely the administration's original bill--to increase
the sharing of cyber threat information between the Federal Government
and the private sector and between different entities within the
private sector. I am pleased that we are finally discussing these
critical issues on the Senate floor.
The substitute amendment we are debating today makes a number of
improvements to the bill that was first made public after the
Intelligence Committee reported it out. It also includes several
changes that I, as well as several of my colleagues, have been calling
for--including the chairman of our committee.
I would like to thank Senators Burr and Feinstein. I thank their
staff for working closely with our staff and others to produce what I
believe is a significantly smarter and stronger bill. Is it perfect?
No, not yet. But I can say there is always room for improvement. That
is why we still have a debate on a number of amendments and those like
the one mentioned by Senator Whitehouse that may be germane in a
different kind of way in conference.
While there may not be agreement on everything in this bill, I
believe most of our colleagues would come to the conclusion that it
really will help to improve our Nation's cyber security and, by
extension, our national security and, by extension, our economic
security.
First, the bill would ensure that the government--our government--is
providing actionable intelligence to private sector entities that are
seeking to better protect themselves in cyber space. Businesses around
our country are hungry for information they can use to fend off attacks
and better protect their systems and their customers. This bill would
make the Federal Government a much stronger partner for them.
Many companies that I have talked to of late also want to share more
information with the Federal Government about what they are seeing
online every day, but they are unsure of the rules of the road. In
other words, companies want more predictability and they want more
certainty when it comes to working with our government. This bill would
give them that by clarifying that they won't be putting themselves in
legal jeopardy if they choose to share cyber threat information with
our Federal Government.
If companies do want to avail themselves of the legal protections the
bill offers, they would have to, with two narrow exceptions, use the
information sharing portal at the Department of Homeland Security. This
puts the Department of Homeland Security, a civilian entity, at the
center of the information sharing process. I think this is smart and
the right thing to do. In fact, many experts and companies that I have
talked to across the country as recently as last week out in Silicone
Valley and out on the west coast--they agree with what I have just
said.
I know many Americans are uneasy with companies they do business with
directly handing over data to an intelligence or law enforcement
agency. The Department of Homeland Security will carry out its
responsibilities under this bill through the cyber ops center I
mentioned earlier called the National Cyber Security and Communications
Integration Center--that is a mouthful. We affectionately call it N-
Kick. It is the cyber ops center. It includes folks from DHS and other
Federal agencies. It includes a number of representatives of financial
services, the utility industry, our retail industry, and so forth, all
together under one roof, talking together and working together to help
us support one another and make it strong and more secure.
One of the bills I worked on with Dr. Coburn last Congress formally,
as I said earlier, authorized this center. We are pleased to see that
this bill would make the most out of the resources we have already
invested in this cyber ops center, NCCIC.
Earlier this month, Secretary Jeh Johnson of the Department of
Homeland Security told our Homeland Security and Governmental Affairs
Committee that beginning in November, the cyber ops center, NCCIC, will
have the capability to automate the distribution and receipt of cyber
threat indicators. I will say that again--to automate the distribution
and the receipt of cyber threat indicators that they receive from
others, including those in the private sector. In other words, the
Department of Homeland Security will have the ability to share
information with other agencies in real time--not next month, not next
week, not tomorrow, not in an hour, but in real time, which is really
what this little bill before us today requires.
I know that the real-time sharing is incredibly important to the
bill's sponsors, and it is important to me and probably to many of our
colleagues and stakeholders. Equally important, however, is the ability
of the Department of Homeland Security to apply what I call a privacy
scrub to the information it receives from industry, the threat
indicators that come from industry--see something, say something--stuff
that they send to the Department of Homeland Security.
In the bill that I authored with others in my committee, including
our chairman, we allow the Department of Homeland Security to, if you
will, receive information through its portal from various entities that
witness threat indicators, to see it and to put it through the portal,
to bring it through the portal to do a privacy scrub. That is one of
the things the Department of Homeland Security has expertise in doing.
I used an example at lunch earlier today. I talked about baseball. I
know the Presiding Officer has some interest in baseball. There are
teams called the Phillies in Philadelphia and the Pirates in
Pittsburgh. I would just say to him, thinking about baseball for a
minute, let's say you are in the playoffs. Let's say you have a team in
the playoffs. You are in the ninth inning, and you need to get somebody
out of the bullpen to close. You have a one-run lead. You look to the
bullpen. He is now retired, but Mariano Rivera was the best closer in
baseball history. You have Mariano Rivera in the bullpen to come in and
close the game, and you have three other guys you just called up from
the Minor League, so maybe from AAA.
You say: Well, whom do I put in to close the game? Do I put in the
best closer we have ever had in baseball history or do I bring in three
rookies, three Minor League guys?
Well, you bring in Mariano Rivera.
When it comes to being able to do privacy scrubs, the Department of
Homeland Security--that is what they do. That is what they do. Now they
have the horses, the ability, and the technology to do it even better.
I know some of my colleagues are concerned that a privacy scrub will
slow down the information sharing process. I share those concerns, but
I have been assured by the Department--the bright, smart people at the
Department of Homeland Security--that less
[[Page S7391]]
than 1 percent of the information it receives would actually ever need
to be reviewed by a human, by a person. The rest--roughly 95 percent to
99 percent--would be shared with other agencies at machine speed.
Bingo.
I am very pleased that DHS has come to an agreement on this process
with its agency partners. We will be up and running with a portal in
the way I have described in the next couple weeks.
One of the amendments I filed speaks to this privacy scrub process.
It would make clear that the Department of Homeland Security could
carry out an automated privacy scrub in real time and without delay. In
fact, my amendment would add just one word to the bill so that DHS
could continue to automatically remove irrelevant or erroneous data
from cyber threat information.
I am very pleased that Senators Burr and Feinstein have taken this
amendment into consideration and have now modified their substitute
amendment to make sure the Department of Homeland Security can do what
it does best, and that is to apply a privacy scrub--pulling out
personally identifiable information that actually shouldn't be passed
on to other Federal agencies. The substitute amendment now calls on DHS
to work with its agency partners to agree on a process to share
information while protecting privacy. This is a process DHS is already
undertaking.
I thank Senators Burr and Feinstein, as well as our friends at the
Department of Homeland Security and other agencies, for working so hard
to find agreement on this language and for working with my staff and me
on this important matter.
Another amendment I put forward with our committee chairman, Senator
Johnson, aims to improve what we call cyber hygiene across the Federal
Government and to prevent attacks against Federal agencies. This
language is based on a bill that Senator Johnson and I introduced and
had reported out of our homeland security committee by a unanimous
vote. The amendment does three main things.
First, it would require all Federal agencies to implement specific
best practices and state-of-the-art technologies to defend against
cyber attacks. For example, we had experts testify about the importance
of strong authentication and data encryption. This amendment would make
sure that agencies are taking these commonsense steps to bolster their
cyber security defenses.
Second, the amendment would accelerate the deployment and adoption of
the Department of Homeland Security's cyber intrusion and detection
program, known as EINSTEIN, as in Albert Einstein, but you don't have
the ``Albert'' in the name of this technology; it is called EINSTEIN.
For my colleagues who may not be familiar with EINSTEIN, with respect
to homeland security and cyber security, let me take a couple of
minutes to describe its main features.
We had EINSTEIN 1 present at the beginning, EINSTEIN 2 was follow-on
technology, and then there is EINSTEIN 3. EINSTEIN basically analyzes
Internet traffic entering and leaving Federal civilian agencies to
identify cyber threats and to try to stop attacks.
This system has been rolled out in phases over the last several
years. EINSTEIN 1 is the first step. It sees and actually records
Internet traffic, much like a guard at a checkpoint watches cars go by
and maybe writes down and records the license plates. EINSTEIN 2
detects anything out of the ordinary and sets off alarms if a piece of
malware is trying to enter a Federal network. For example, a car comes
through and it is not supposed to come through. That would set off an
alarm and enable EINSTEIN 2 to actually detect a cyber intrusion. It
doesn't do anything about blocking. It doesn't block the car, in this
example. It doesn't block anything. EINSTEIN 3A, the latest version,
uses unclassified and classified information to actually block the
cyber attack.
So initially EINSTEIN 1 records basically what is being detected,
EINSTEIN 2 actually detects bad stuff coming through in terms of an
intrusion, and EINSTEIN 3A blocks it. The problem is that less than
half of our Federal civilian agencies actually have EINSTEIN 3A in
place. They have the ability to record an intrusion, the ability to
detect an intrusion, but not the ability to block an intrusion. They
need the ability to block. What our legislation would do would be to
make sure that agencies have EINSTEIN in place, including the ability
to block intrusions, within 1 year.
Finally, our amendment incorporates the language originally drafted
by Senator Susan Collins, the former chair of the homeland security
committee and a great colleague of ours for many years, Senator Mark
Warner, Senator Kelly Ayotte, Senator Claire McCaskill, Senator Dan
Coats, and Senator Barbara Mikulski. They are all cosponsors of the
amendment Senator Collins offered. These provisions would strengthen
the ability of the Department of Homeland Security to shore up cyber
defenses at civilian agencies and to address cyber emergencies across
the Federal Government.
Again, I am incredibly grateful that Senator Feinstein and Senator
Burr agreed to include our language in the substitute amendment
language that worked its way through our committee. We had hearings and
had the opportunity to mark up the legislation. It worked the way it is
supposed to work. And I think that without exception it had bipartisan
support coming through our committee. It is the perfect complement to
the information sharing bill we are discussing this week. I think it
makes a good bill that much better.
I thank the Senators for working with me and Senator Johnson on it.
Just one more thing before I close. I know the Presiding Officer
thinks a lot about root causes, and rather than just address the
symptoms of a problem, let's think about what is the root cause of the
problem. The Senator who is waiting to follow me on the floor, the
former Governor of Maine, thinks similarly. I do too. It is not enough
to just address the symptoms of these problems. A part of what we need
to be thinking about is, How do we get to the root cause?
Until fairly recently, a lot of our financial services institutions
in this country were under constant attack by somebody who was trying
to overload their Web sites and essentially trying to shut them down.
It is sort of like when we were first standing up the Affordable Care
Act, they had so much traffic on their Web site that it would kind of
break down.
There are so many cyber threats from around the world. We think Iran
is behind it. They are trying to do that, to bring down our financial
services business--and sometimes with some success.
About a year ago, when we got very serious about negotiating with the
Iranians and our partners--the French, the Brits, the Germans, the
Russians, and the Chinese--some kind of an agreement where the Iranians
would give up any hope they had of having a nuclear weapon and the
terms for our lifting our economic sanctions--when it became clear that
those were serious negotiations, that something might actually happen
from those negotiations, guess what happened to those attacks. We call
them DDoS. What do you suppose happened? Well, guess what, they started
letting up little by little until the time we actually voted here to
let that agreement be enacted and hopefully be administered and
implemented. That was a root cause being addressed.
Another root cause we had over in China--for years the Chinese have
sought to use cyber attacks to get into our most successful businesses,
some of our research and development operations in those businesses,
and work being done within Federal agencies on research and
development--actually, the intellectual seed corn for creating jobs and
opportunity in this country. The cyber attacks were--we believe it was
China trying to steal information from our universities. They were
doing a lot of research that could lead to economic activity and job
creation. We didn't like it. We don't do that. We don't do that to
them, and we don't want them to do that to us. We complained about it
and complained about it and called out some of the folks whom we
thought were behind this in China.
President Xi visited us in this city about 3 week ago. He and our
President had some tough, direct, and probably not entirely comfortable
conversations. One of them dealt with this
[[Page S7392]]
issue, what we believe is the intrusion by Chinese actors in order to
steal our intellectual seed corn, in order to maybe have a short step,
a shortcut to economic development, economic activity. They would not
have to spend the money, the time, and the energy to do all the
research that would lead to this innovation and job-creation activity.
The agreement that came out of that was the Chinese and our country
have agreed that neither side will knowingly steal this kind of
information from the other. ``Knowingly'' is a very broad term, and so
we have to make sure that ``knowingly'' actually means something.
Secretary Jeh Johnson, the head of the Homeland Security Department,
and Attorney General Loretta Lynch have been assigned to build on this
initial agreement and see what we can make of it.
I will close with this. A lot of people in our country don't
understand what all this cyber security stuff is--intrusion, EINSTEIN,
and all the items we are talking about that are in the legislation
which is before us this week. They do know this: It is not good when
people can steal the kind of information that needs to be protected.
Whether it is part of the government domain, military or intelligence
secrets; whether it is economic secrets or developments that lead to
economic gain; whether it is personally identifiable information that
can be used for blackmail purposes or to monetize and to somehow make
money off of that information, we know it is not good. There is no one
silver bullet to actually stop this kind of activity, but there are a
lot of silver BBs, and some of them are pretty big.
The legislation that is before us today, bolstered by similar
legislation that has come out of the Committee on Homeland Security and
Governmental Affairs, is a pretty good-sized BB. They are not going to
enable us to win this war by themselves, but they will enable us to
make real progress. It will make us feel a good bit more secure than we
have, knowing that this is an enemy across the globe and that a number
of enemies wish us harm. They are not going to give up. There is a lot
of money involved. They will be back at us, and we have to bring our
``A'' game to work every day in the Department of Homeland Security and
other Federal agencies working in tandem with the private sector.
Hopefully, with this information, the folks in the private sector--if
they want to get the liability protection and share information with
the Federal Government, we want them to use the portal through the
Department of Homeland Security. The Department of Homeland Security,
to the extent that privacy scrub is needed--it does not happen often.
It happens less than 1 percent of the time with the information that
comes through the portal. The legislation before us, with the
amendments that are offered, will enable us to have that kind of
security about our private information and at the same time to do a
very good job--a much better job--in protecting what is valuable to us.
Mr. President, I think that is about it for me. I appreciate very
much the opportunity to speak. I appreciate the patience of Senator
King, and I will yield the floor to him.
I will just say in closing--no, Senator Blunt, I will yield to you
next. It is good to be with both of you. I look forward to working with
you on these and, with respect to the Senator gentleman from Missouri,
very closely on related matters.
Thank you so very much.
The PRESIDING OFFICER. The Senator from Missouri.
Mr. BLUNT. Mr. President, I thank the Senator from Delaware. He and I
have worked on legislation together to protect data security, to have
one standard for notifying people whose information has been accessed
by people who shouldn't have it, and we are going to continue to work
on that and look for opportunities, whether it is this bill or some
other bill, to add that important element to what we are doing here.
I come to the floor today, as I am sure many others have, to express
support for this bill--for the Cybersecurity Information Sharing Act--a
bill that gives us tools we don't currently have, and to break down
barriers that we do currently have. This is a bill that would allow
individuals who see the information they are responsible for being
attacked to call others in their same business and say: Here is what is
happening to us right now. If you are not seeing it already, you should
be looking for it. When they do that, it doesn't violate any
competitive sharing of information. What it does is bring everybody
into the loop of defense as quickly as possible and allow them to look
for help from the government as well.
So I express support for this bill. We know that day after day
Americans who read, watch, or listen to the news learn of another cyber
attack. Some involve attacks of government systems, while others
involve the private sector.
In 2012 and 2013, hacker groups linked to Iran targeted American bank
Web sites and sustained an attack on those Web sites in a way that was
designed to disrupt people trying to do business--trying to pay their
own personal bills, trying to do things people should expect to be able
to easily do.
Early in 2014, we learned that cyber criminals had stolen 40 million
credit card numbers from a major retailer and had probably compromised
an additional 70 million accounts. We also have learned that a lot of
times when we hear about these, they seem bad enough at first, but they
seem a whole lot worse later when we find out what really happened,
when we see how deep these criminals were able to go, how deep these
terrorists were able to go, how deep these government-sponsored
entities were able to go to get at information they shouldn't have.
In September of that same year, September 2014, we learned another
major retailer had suffered a data breach. In that case there were 56
million credit card holders.
In February of this year, we learned a health insurance provider's
system had been hacked, and 80 million customers were affected. This
was a data breach that particularly impacted my State--particularly
impacted Missourians--and we saw a huge change in the IRS fraud that
occurred this year because, we believe at least, because criminals
suddenly had all this sensitive personally identifiable information
they had stolen. Suddenly somebody besides you was filing your tax
return. Only later did the people who really had the income tax return
to file find out that somebody had filed it for them.
In June of this year--maybe the most surprising to all of us who have
heard over and over again that the private sector is struggling, we
suddenly found out the U.S. Office of Personnel Management increased a
previous estimate of how many people were affected by its own data
breach. The files of Federal employees and people related to those
files was revised upward to 21.5 million people. Then we found out that
also included roughly 5.5 million sets of fingerprints.
I am not exactly sure what you could do with somebody's fingerprints
on the Internet today. I can only imagine what you might be able to
figure out to do with those fingerprints. Remember, your fingerprints
don't change, and probably the government entity responsible for that
hacking that has those fingerprints is always going to have those
fingerprints as they think of new and malicious ways to use them. So we
are talking about well over 100 million Americans who already have
their personal information in the hands of people it shouldn't be in.
The challenge before us is as clear as it is urgent. Virtually every
aspect of our society and our economy rely on information technology.
It has enabled tremendous economic growth, it has enabled tremendous
efficiencies in every sector, but it has put all kinds of information
out there in ways that, looking back, we are going to wonder why we
made that information so available in so many places and left so
unprotected.
Federal, State, and local governments rely on that information
technology as well. As the technology advances, its widespread adoption
has also opened us to new dangers. Modern cyber security threats are
sophisticated, they are massive, and they are persistent. This doesn't
just happen every day, it happens all the time every day.
The culprits of these attacks and intrusions range in terms of their
motives and their abilities. We just heard of a teenager who figured
out how to
[[Page S7393]]
get into the personal account of the CIA director--at least that is the
public media report--and the homeland security director. This is not a
particularly sophisticated individual, but obviously a pretty capable
person who gets to two individuals that one would think would be the
most cautious.
Some of these people are bent on sheer vandalism--just the thrill of
cyber vandalism--while others are determined to steal intellectual
properties from American companies. The motive there is clear. It is
easier to steal intellectual property than it is to go through the hard
work of creating it. Suddenly that information is out there, and the
people who created it have been robbed.
I hear this all the time when I visit companies in my State. We have
seen cyber intrusions used for espionage. We have seen one major
company attacked for no reason other than to embarrass the company
because a foreign government didn't like something the company had
done. It is quite a way to have a movie review, that we are just going
to destroy as much of your technology as we can by a cyber invasion.
A great many more of these people are motivated by greed--pilfering
other people's identities, getting access to other people's account
information, and selling that information on the black-market. This
becomes a real opportunity for them. The more you remove it from the
person who initially got it, the harder it is to find out who initially
got it and what they did with it.
Underneath all this is the implication of more serious attacks that
can cause physical harm and can cause mass disruption of critical
infrastructure of the country that is very dependent on cyber security.
This really begs the question: What are we doing to protect our country
and our citizens from these cyber adversaries? I have been in Senate
for 5 years. I have had the great opportunity to represent the people
of Missouri here for 5 years. And during every one of those 5 years, we
have been talking about how important it is that we do something about
cyber security. This is the only approach I have seen in those 5 years
that has bipartisan support. It has a bicameral consensus. This is
something that can happen.
This is a problem that it is time to stop talking about. Do we want
some other government to have everybody's fingerprints before we do
something about it? This is the time to do something about it. As a
member of the Senate Select Committee on Intelligence, I am certainly
here to support the chairman of that committee and the vice chairman of
that committee to finally pass this bill, a bill to enhance the public-
private partnerships that can provide the kind of cyber defense we
need.
We need to do that and we need to encourage lots of sharing. We need
to encourage sharing of attacks. We need to encourage early on, as I
said, the ability to call somebody else in your same business and to
contact them and say: This is happening right now. That is the best
time to say it. The other option is to say: This happened to us late
last night or happened yesterday, but this is happening to us. Is it
happening to you?
There is lots of misunderstanding about this concept. Without getting
too technical, cyber threats are the malicious codes and algorithms
used to infect computer systems and attack networks. They are
techniques that use bits and bytes. They are the ones and zeros of the
digital age that allow hackers to intrude upon private systems, steal
information, perpetrate fraud, or disrupt activities over the Internet.
In very dangerous circumstances, these techniques can be used to
remotely control critical infrastructure management systems, such as
supervisory control and data acquisition systems. I saw something on
the news the other day where some hackers, for no intent other than
maybe just to see if they could do it, had figured out how to take over
one of the cars that was driving itself. Suddenly the car wasn't
driving itself; the hacker was driving the car.
When a particular company finds itself subjected to some novel new
approach, the quicker they can share that, the better. When the
government discovers a new method being used to infiltrate information
technology systems abroad or here, they need to be able to share that
with American companies quickly so they can protect themselves. There
are things the private sector sees that the government does not, and
there are things the government sees that the private sector does not.
This legislation gives the obligation and opportunity to both of them
to join together in this important fight. Modern communications
networks move at an incredibly rapid pace. We need to be fighting back
at that same kind of rapid pace.
This bill establishes a strictly voluntary program. Unlike some of
the other programs we have talked about to secure ourselves in a post-
9/11 world, this is a strictly voluntary program that leverages
American ingenuity to unleash the arsenal of democracy against cyber
adversaries.
When it comes to the cyber threat, we have to act for a common
purpose. Throughout this debate there has been a great deal of
discussion about the need to protect liberty in the information age. I
truly think liberty and security are not at odds with one another in
this legislation. When it comes to this bill, it comes the closest to
having the balance we all would like to see. It takes into
consideration the importance of liberty, but it also takes into
consideration what happens as we protect our security.
I would close by saying of all the attacks we have had, and as bad as
they have been, none of them have been the sort of catastrophic
infrastructure attack that we may see that would impact the grid, that
impacts our ability to communicate, impacts our ability to make the
water system work, or impacts our ability to make the electrical system
work. If that happens, the Congress will not only act, the Congress
will overreact.
This is the right time to have this debate. Let's put this
legislation on the books right now. Let's give the people a law that
makes sense at a time when we have the time to debate it, instead of
waiting to see the direction we will turn to when we should have
debated this and moved in this direction right now. I encourage my
colleagues to vote for this bipartisan bill that I think will wind up
on the President's desk and become law.
Mr. President, I yield to my patient friend from Maine, who has been
waiting. He and I serve on the Select Committee on Intelligence
together, and I look forward to his comments.
The PRESIDING OFFICER (Mr. Scott). The Senator from Maine.
Mr. KING. Mr. President, the United States is under attack. We are
under attack--not a week ago, a month ago, September 11 or yesterday,
but right at this moment. We are under attack from state actors, from
terrorist nonstate actors, and from garden-variety criminals. This
cyber issue is one of the most serious that we face.
When I first got here, I was appointed to the Armed Services and
Intelligence Committees. On those two committees over the past 3 years,
at least half of our hearings have touched upon this issue and the
threat that it presents to this country. The leaders of our
intelligence community and our military community, in open session and
in closed session, have sounded the alarm over and over and over. The
most dramatic--I don't remember what the hearing was--was when one of
our witnesses said: ``The next Pearl Harbor will be cyber.''
As the Senator from Missouri just pointed out, we are fortunate that
we have had a number of warning shots but none have been devastating.
But we have had warning shots--at Sony, at Target, at Anthem, at the
Office of Personnel Management of the U.S. Government, and at the home
email of the Director of the CIA. We have had large and small
intrusions and cyber attacks that have been more than annoying, but, so
far, they haven't been catastrophic. That is just a matter of time.
That is why we have to move this bill.
This bill isn't a comprehensive answer to this question, but it is at
least a piece of it. It is a beginning. We are going to have to talk
about other aspects of our cyber strategy, but at least we can pass
this bill, which came out of the committee 14 to 1. It is bipartisan,
and it has support in the House. Let's do something.
I do not want to go home to Maine and try to explain to my
constituents,
[[Page S7394]]
when the natural gas system or the electric system is brought down,
that we couldn't quite get around to it because of the difference of
committee jurisdictions or because we had other priorities or because
we were tied up on the budget. This is a priority. It is something we
should be doing immediately, and I am delighted that we have moved to
it.
Now, as I have sat in the Intelligence Committee every Tuesday and
Thursday afternoon for the past 3 years, it occurred to me several
months into those debates and the discussions of this and other issues
that really we in the Intelligence Committee and also we in this body
really are working with and weighing and balancing two constitutional
provisions.
The first is the preamble of the Constitution. The most basic
responsibility of any government, anywhere, anytime, is to provide for
the common defense. That is why governments are formed, to provide the
security, and also to insure domestic tranquility. Those two together
are the basic functions of why we are here--to protect our people from
harm. And that is clearly what this bill is talking about.
But the other constitutional provision in the picture that we also
have to weigh is the Fourth Amendment: ``The right of the people to be
secure in their persons, houses, papers, and effects, against
unreasonable searches and seizures, shall not be violated. . . . ''
That is a fundamental premise of who we are as a people.
These two provisions of the Constitution are intentioned--neither one
dominates, neither one controls the other--and it is our job in this
body to continuously weigh and calibrate these two provisions and their
balance in light of threats and evolving technologies.
When the Fourth Amendment was written, nobody had ever heard of
telephones. They certainly had never heard of the Internet. They never
thought about any of these things. But they said: The rights ``shall
not be violated.'' It is interesting--``unreasonable searches and
seizures.'' They didn't know the threats we would be facing when they
said it was a fundamental premise of the U.S. Constitution that we
should protect against both foreign and domestic enemies. That is what
we have to do, and that is what this bill does.
This bill is very carefully worked up, with a lot of discussion and
negotiation, to be effective in protecting the public, while, at the
same time, to be effective in protecting the public's privacy rights in
respecting these two principles. We have had warning after warning
after warning, and now it is time for us to act.
The good news about the United States is that we are the most wired
nation in the world. Technology has been a huge boon to our economy and
to our people, and we are way ahead of a lot of the rest of the world
in our interrelationship with technology and how we have used it to
enhance our lives. That is the good news. The bad news is that we are
the most wired country in the world, because that means we are the most
vulnerable--asymmetric vulnerability. We are more vulnerable because we
are more connected. That means we have to take great care in this
country to be sure that we don't allow that vulnerability to result in
a catastrophic loss for our people.
Not only are we talking about national security issues, but we are
talking about individual people's lives. If the electric grid went
down, people's lives would and could be lost--in hospitals, at traffic
intersections, across the country. If the natural gas system--the vast
pipeline system that links our country in terms of energy--somehow went
awry because of a cyber intrusion into the operating system, that would
have devastating consequences for human lives and also, of course, for
the economy of our country. Somebody could get into the routing system
of a railroad, and a train carrying hazardous material would be caused
to derail. These are the kinds of things that can happen and will
likely happen unless we take steps to protect ourselves.
Some of these attacks and intrusions are sponsored by nation-states.
We know that. Some of them are sponsored by just garden-variety
criminals who are trying to steal our money. Or some of them are large
international criminal organizations that are trying to steal our
commercial intelligence and how we build our products and how we
compete. Some of them are terrorist organizations that see this as a
cheap way to attack America. Why go to all the trouble to build a bomb
and smuggle it into the country and all the risk that entails, when you
can disrupt the country in just as great a way with a few strokes on a
laptop?
It is economic security, national security, economics. It has been
estimated worldwide that cyber crime costs our country $445 billion a
year. That is to the global economy--a half trillion dollars a year.
Some 200,000 jobs in the United States could be and are being affected,
and 800 million personnel records were stolen, and 40 million were
Americans.
The cost of cyber crime is estimated to be between 15 and 20 percent
of the value created by the Internet. We always talk that we don't want
any taxes on the Internet. This is a tax. This is a tax we are all
paying. The users of the Internet are paying to ward off this epidemic
of cyber crime.
It is not only the government. Of course, it is companies, such as
Sony, Target, Anthem, the industrial base, JP Morgan, Home Depot. The
list goes on and on. Most importantly, it is not just the big guys.
Sometimes we feel that OK, this is the large banks, the large insurance
companies that have to worry about this. In the State of Maine, we have
to worry about it.
My staff and I in Maine have reached out to businesses large and
small across the State. Every single one, with one exception, listed
cyber intrusion as one of their greatest issues.
The Maine Credit Union League, with $2.5 million a year, and local
credit unions are having to deal with cyber intrusion.
One of our Maine health care providers has experienced thousands of
attempts to steal confidential data every year. Keeping the data safe
is costing them more than $1 million. This is costing us real money.
At one of our Maine financial institutions, 60 to 70 percent of the
emails they get in the bank are phishing emails trying to compromise
their secured data.
One of our utilities spent over $1 million a year just on
preventative costs to defend against cyber crime. This is in a State of
1.3 million people. This is real. This is real in our State.
I had a forum over the August break with businesses throughout
Maine--mostly small businesses and homeland security. We had 100
businesses come just to visit and sit for a day to talk about this
issue. These were small businesses, and all of them were seeing these
kinds of problems.
One was a small business with 35 employees that did a deal overseas,
and a cyber criminal in effect stole their payment. They sent a fake
invoice to the customer overseas, the customer paid it, and the money
went to the crook, not to my company in Maine. That is the kind of
thing that is happening, and that is one of the reasons we have to take
action today.
No business is immune. No individual is immune. And, of course, this
country is not immune.
The price of inaction is just too high. This is something we must
attend to. As I mentioned, this bill is not the whole answer, but it is
a part of the answer.
Some people say: Well, it is not broad enough. My answer is this: OK,
I understand that, but let's do what we can do and then take it one
step at a time.
Some people say it compromises privacy. I don't believe that it does.
Extraordinary measures were imported into this bill in order to protect
the privacy of individuals. This is not about individual data. This is
about a company voluntarily telling the government and perhaps some
other companies: Here is what I am seeing as an attack. How can we
collectively defend ourselves against it?
That is what this bill is really all about. We have to take action,
and now is the time.
I thank the chair and the vice chair of the Intelligence Committee,
the members of the Homeland Security and Governmental Affairs
Committee, the members of the Judiciary Committee, and all of those who
have contributed to the finalization of this important piece of
legislation.
There is an attitude out there that we can't get anything done around
[[Page S7395]]
here. I think this gives us an opportunity to prove that idea wrong. We
can get things done. We should get things done. This is a chance for us
to protect our people, to provide for the common defense--which is our
most solemn constitutional responsibility--in a way that also protects
the interests of the Fourth Amendment and individual privacy rights.
I hope we can move swiftly, complete the consideration of this bill
this week, work out our differences with the House, and get this matter
to the President. We have no place to hide if we don't get this done.
This is what we are here for.
Again, I thank my colleagues who worked so hard to bring us to this
point.
I yield the floor.
The PRESIDING OFFICER. The Senator from Arizona.
Mr. McCAIN. Mr. President, before the Senator leaves the floor, I
wish to thank him on a well-planned, well-thought-out, and very
convincing presentation, and an argument that, frankly, I can add very
little to. So I will make my remarks very brief.
I thank the Senator from Maine for highlighting the absolute
importance of the passage of this legislation. And, I might add, he is
one of the most serious and hard-working members of the Senate Armed
Services Committee as well. I won't go any further.
Mr. President, I rise in strong support of S. 754. I thank my
colleagues, Chairman Burr and Vice Chairman Feinstein, for their
ongoing leadership.
In the short 2 months since this bill was last on the Senate floor,
the need for action on information sharing has only increased. It is
not for a lack of trying. We have continuously failed to make progress
on this bill. As the Senator from Maine just made clear, that must
change. Enacting legislation to confront the accumulating dangers of
cyber threats must be among the highest national security priorities of
the Congress.
The need for congressional action, in my view, is also enhanced by
the administration's inability to develop the policies and framework
necessary to deter our adversaries in cyberspace.
Earlier this week we learned just how ineffective the administration
has been in addressing our cyber challenges. Within days of reaching an
agreement to curb the stealing of information for economic gain,
China--China--repeatedly, reportedly, continues its well-coordinated
efforts to steal designs of our critical weapons systems and to wage
economic espionage against U.S. companies. It is not a surprise, but it
serves as yet another sad chapter in this administration's inability to
address the cyber threats.
I guess in the last couple of days it has been made known that some
hacker hacked into the information of both the Director of the CIA and
the chairman of the homeland security committee. That is interesting.
As the President's failed China agreement clearly demonstrates, our
response to cyber attacks has been tepid at best and nonexistent at
worst. Unless and until the President uses the authority he has to
defer, deter, defend, and respond to the growing number in severity of
cyber threats, we will risk not just more of the same but embolden
adversaries in terrorist organizations that will continuously pursue
more severe and destructive attacks.
Addressing our cyber vulnerabilities must be a national security
priority. Just this week, Admiral Rogers, the head of Cyber Command,
reiterated, ``It's only a matter of time before someone uses cyber as a
tool to do damage to critical infrastructure.''
My colleagues don't have to agree with the Senator from Maine or me
or anybody else, but shouldn't we listen to Admiral Rogers, the head of
Cyber Command, probably the most knowledgeable person or one of the
most knowledgeable who said, ``It is only a matter of time before
someone uses cyber as a tool to do damage to critical infrastructure.''
According to the recently retired Chairman of the Joint Chiefs of
Staff, General Martin Dempsey, our military enjoys ``a significant
military advantage'' in every domain except for one--cyber space. As
General Dempsey said, cyber ``is a level playing field. And that makes
this chairman very uncomfortable.''
I will tell you, it makes this chairman very uncomfortable as well.
Efforts are under way to begin addressing some of our strategic
shortfalls in cyber space, including the training of a 6,200-person
cyber force. However, these efforts will be meaningless unless we make
the tough policy decisions to establish meaningful cyber deterrence.
The President must take steps now to demonstrate to our adversaries
that the United States takes cyber attacks seriously and is prepared to
respond.
This legislation is one piece of that overall deterrence strategy,
and it is long past time that Congress move forward on information
sharing legislation. We have been debating similar cyber legislation
since at least 2012. I am glad this body has come a long way since that
time in recognizing that government mandates on the private sector,
which operates the majority of our country's critical infrastructure,
will do more harm than good in cyber space. The voluntary framework in
this legislation properly defines the role of the private sector and
the role of the government in sharing threat information, defending
networks, and deterring cyber attacks.
At the same time, it is unfortunate that it has taken over 3 years to
advance this commonsense legislation. The threats we face in cyber
space are real and imminent, as well as quickly evolving. All aspects
of the Federal Government, including this body, must commit to more
quickly identifying, enacting, and executing solutions to counter cyber
threats. If we do not, we will lose in cyber space.
As chairman of the Armed Services Committee, I consider cyber
security one of the committee's top priorities. That is why the
National Defense Authorization Act provides a number of critical
authorities to ensure that the Department of Defense can develop the
capabilities it needs to deter aggression, defend our national security
interests, and when called upon, defeat our adversaries in cyber space.
I find it unacceptable that the President has signaled his intent to
veto this legislation that, among other key Department of Defense
priorities, authorizes military cyber operations and dramatically
reforms the broken acquisition system that has inhibited the
development and delivery of key cyber capabilities.
More specifically, the National Defense Authorization Act extends
liability protections to Department of Defense contractors who report
on cyber incidents or penetrations, and it authorizes the Secretary of
Defense to develop, prepare, coordinate and, when authorized by the
President, conduct a military cyber operation in response to malicious
cyber activity carried out against the United States or a U.S. person
by a foreign power. The NDAA authorizes $200 million for the Secretary
of Defense to assess the cyber vulnerabilities of every major DOD
weapons system. Finally, Congress required the President to submit an
integrated policy to deter adversaries in cyber space in the fiscal
year 2014 National Defense Authorization Act. I tell my colleagues that
we are still waiting on that policy. This year's NDAA includes funding
restrictions that will remain in place until it is delivered.
As we dither, our Nation grows more vulnerable, our privacy and
security are at greater risk, and our adversaries are further
emboldened. The stakes are high, and it is essential that we pass the
Cybersecurity Information Sharing Act without further delay.
Let me also mention in closing that probably the most disturbing
comment I have heard in a long time on this issue in this challenge is
when Admiral Rogers said that our biggest challenge is we don't know
what we don't know. We don't know what the penetrations have been, what
the attacks have been, whether they have succeeded or not, where they
are in this whole realm of cyber and information at all levels. When
the person we placed in charge of cyber security says we don't know
what we don't know, my friends, that is a very serious situation.
I want to congratulate again both the managers of the bill in their
coordination and their cooperation in this bipartisan effort.
I yield the floor.
Mr. KING. Will the Senator yield for a question?
Mr. McCAIN. I will be pleased to yield.
[[Page S7396]]
Mr. KING. I ask the Senator, would you agree that this bill
represents an important part of our cyber defense but that in order to
deter attacks in the long term, we must have a cyber policy that goes
beyond simple defensive measures?
Mr. McCAIN. I would certainly agree, I would say to my friend from
Maine, because if the adversaries that want to commit cyber attacks
against the United States of America and our allies believe that there
is no price to pay for those attacks, then where is the demotivating
factor in all of this which would, if they failed, then keep them from
doing what they are doing? It seems to me that this is an act of war,
and I don't use that term lightly but I am trying to use it carefully.
If you damage intentionally another nation's military or its economy or
its ability to function as a government--I would ask my friend from
Maine--wouldn't that fit into at least a narrow interpretation of an
act of war? If so, then should we only have defenses? Have we ever been
in a conflict where we only have defenses and not the capability to go
out and deter further aggression?
Mr. KING. I would suggest to the Senator that if you are in a fight
and all you can do is defend and never punch, you are going to
eventually lose that fight. I think this is an important area. The
theory of deterrence, as distasteful as it might have been, the
mutually assured destruction during the nuclear era did in fact prevent
the use of nuclear arms for some 70 years. I think we need to be
thinking about a deterrence that goes beyond simply defensive measures.
I commend the chairman for raising this issue and appreciate your
thoughtful consideration.
Mr. President, I yield the floor.
Mr. LEAHY. Mr. President, it seems as though every week, the American
people learn of yet another data breach in which Americans' sensitive,
private information has been stolen by cyber criminals or foreign
governments. This is a critical national security problem that deserves
action by Congress. But our actions must be thoughtful and responsible,
and we must recognize that strengthening our Nation's cyber security is
a complex endeavor with no single solution.
According to security researchers and technologists, the most
effective action Congress can take to improve our cyber security is to
require better and more comprehensive data security practices. That is
why earlier this year, I introduced the Consumer Privacy Protection
Act. That bill requires companies to utilize strong data security
measures to protect our personal information and to help prevent
breaches in the first place. Companies that benefit financially from
gathering and analyzing our personal information should be obligated to
take meaningful steps to keep it safe.
But rather than taking a comprehensive approach that addresses the
multiple facets of cyber security, the Republican majority appears to
be focused entirely on passing the Senate Intelligence Committee's
cyber security information sharing bill. While legislation to promote
the sharing of cyber threat information could, if done right, be useful
in improving our cyber security, it is a serious mistake to believe
that information sharing alone is the solution. Information sharing
alone would not, for example, have prevented the breach at the Office
of Personnel Management, nor would it have prevented other major
breaches, such as those at Target, Home Depot, Anthem, or Sony.
Instead of ensuring that companies better safeguard Americans' data,
this bill goes in the opposite direction, giving large corporations
more liability protection and even more leeway on how to use and share
our personal information with the government--without adequate privacy
protections.
Also troubling is the fact that the Republican majority has been
intent on jamming this bill through the Senate without any regard for
regular process or opportunity for meaningful public debate. Only last
year, the Republican leader declared his commitment to ``a more robust
committee process'' and plainly stated that ``bills should go through
committee.'' But the bill was drafted behind closed doors by the Senate
Intelligence Committee, and it has not been the subject of any open
hearings or any meaningful public debate. The text of the bill was only
made public after it was reported to the Senate floor, and no other
committee of jurisdiction--including the Judiciary Committee--was
allowed to consider and improve the bill.
The Judiciary Committee was prevented from considering this bill even
though it contains numerous provisions that affect matters squarely
within our jurisdiction. First and foremost, the bill creates a
framework of information sharing that could severely undermine
Americans' privacy. The bill also overrides all existing law to provide
broad liability protections for any company that shares information
with the government. It also overrides important privacy laws such as
the Electronic Communications Privacy Act, ECPA, and the Foreign
Intelligence Surveillance Act, FISA, over which the Judiciary Committee
has long exercised jurisdiction. CISA even amends the Freedom of
Information Act, FOIA, and creates new exemptions from disclosure.
This is just the latest attempt by the majority leader to bypass the
Judiciary Committee and jam a bill through the Senate that contains
provisions within the jurisdiction of the committee. The bill reported
by the Senate Intelligence Committee includes a broad and unnecessary
FOIA exemption. FOIA falls under the exclusive jurisdiction of the
Senate Judiciary Committee and changes affecting this law should not be
enacted without full and careful consideration by the Judiciary
Committee. This important transparency law certainly should not be
amended in closed session by the Senate Intelligence Committee.
Shortly after the text of the bill was released, I shared with
Chairman Grassley my concern that the Judiciary Committee should also
consider this bill. He assured me that there would be a ``robust and
open amendment process'' if this bill were considered on the Senate
floor. But only a few weeks later, the Republican leadership--with
Chairman Grassley's support--attempted to jam the Intelligence
Committee's bill through the Senate as an amendment to the National
Defense Authorization Act, NDAA, without any opportunity for meaningful
debate. Republicans and Democrats joined together to reject the
majority leader's effort to force the cyber security bill onto the
NDAA. Despite this rebuke from both sides of the aisle, just a few
weeks later, the majority leader again attempted to jam the bill
through the Senate in the final days before August recess, without any
serious opportunity to debate and offer amendments.
The majority leader's actions have been part of a consistent
disregard for regular order. He has talked about providing an
opportunity for fair debate, but at the same time, he has used all
procedural mechanisms to stifle process on this bill. Yesterday
afternoon, the Senate moved to consideration of this bill--but then not
even 2 hours later, the majority leader moved to end debate. That
speaks volumes about whether the majority leader is really interested
in a full and open debate, and it is not how the U.S. Senate should
operate--particularly when it comes to a bill with such sweeping
ramifications for Americans' privacy.
Senator Feinstein, the ranking member of the Intelligence Committee,
has consistently said that the Senate ``should have an opportunity to
fully consider the bill and to receive the input of other committees
with jurisdiction in this area.'' She has worked hard to improve the
underlying bill with a managers' amendment that addresses a number of
my concerns, particularly in regard to FOIA, limiting the sharing of
information for cyber security purposes only, and ensuring that the
bill would not allow the government to use information to investigate
crimes completely unrelated to cyber security. I appreciate these
improvements, and Senator Feinstein's efforts to include them in the
bill. But again, this bill still has some serious problems and requires
a full, public debate. The bill still includes, for example, a FOIA
exemption that I believe is overly broad and unnecessary.
In July, the Department of Homeland Security wrote a letter to
Senator Franken stating that in their view the bill raises significant
operational concerns and certain provisions threaten to severely
undermine Americans' privacy. Last week, the Computer & Communications
Industry Association--an
[[Page S7397]]
organization that includes Google, Facebook, and Yahoo!--voiced serious
concerns that the bill fails to protect users' privacy and could
``cause collateral harm'' to ``innocent third parties.'' And this week,
major tech companies such as Apple, Dropbox, Twitter, and Yelp have
vocally opposed the bill citing concerns for their users' privacy.
The latest version of the bill contains a number of improvements that
I and other Senators have been fighting for, and I am glad to see that
we are making progress. But we still have work to do on this bill, and
the Senate must have an open and honest debate about the Senate
Intelligence Committee's bill and its implications for Americans'
privacy. I agree that we must do more to protect our cyber security,
but we must be responsible in our actions. Legislation of this
importance should not be hastily pushed through the Senate, without a
full and fair opportunity for Senators to consider the ramifications of
this bill. Unfortunately, by moving so quickly to end debate, it
appears that the majority leader is trying to do just that.
Ms. MIKULSKI. Mr. President, I wish to support the Cybersecurity
Information Sharing Act of 2015.
Cyber security is the most pressing economic and national security
threat facing our country today. As a member of the Senate Select
Committee on Intelligence, I am keenly aware of the damage cyber
attacks cause on our Nation. As vice chairwoman of the Senate
Appropriations Committee, I believe we must have a clear and
comprehensive approach to funding cyber security.
In boardrooms and around kitchen tables, concern over cyber security
is heightening. It is gaining new traction following the cyber attack
on the Office of Personnel Management, which compromised the personal
information of more than 22 million Federal employees, contractors, and
their families.
The American people expect serious action by Congress. This can and
must be done, while respecting privacy and avoiding data misuse by the
government or businesses. Congress must act with a sense of urgency to
pass the Cybersecurity Information Sharing Act. If we wait for another
major cyber attack, we risk overreacting, overregulating, overspending,
and overlegislating. The time to act is now.
Our Nation is under attack. Every day, cyber attacks are happening.
Cyber terrorists are working to damage critical infrastructure by
taking over the power grid or disrupting air traffic control. Cyber
spies are moving at breakneck speeds to steal state secrets,
intellectual property, and personal information. Cyber criminals are
hacking our networks, stealing financial information, and disrupting
business operations. These cyber attacks can disrupt critical
infrastructure, wipe out a family's entire life savings, take down
entire companies, and put human lives at risk. In the past year alone,
we've seen cyber attacks against Sony, Home Depot, UPS, JP Morgan
Chase, Experian, T-Mobile, Scottrade, and the list goes on. The
economic losses of cyber crime are stunning. In 2014, the Center for
Strategic and International Studies and McAfee estimated the annual
cost from cyber crime to be over $400 billion.
I have been working on cyber issues since I was elected to the
Senate. Our cyber warriors at the National Security Agency are in
Maryland, and I have been working with the NSA to ensure signals
intelligence was a national security focus even before cyber was a
method of warfare.
In my role on the Intelligence Committee, I served on the Cyber
Working Group, which developed findings to guide Congress on getting
cyber governance right, protecting civil liberties, and improving the
cyber workforce.
As vice chairwoman of the Appropriations Committee and the Commerce,
Justice, and Science Subcommittee, I put funds in the Federal checkbook
for critical cyber security agencies. These include the Federal Bureau
of Investigation, which investigates cyber crime; the National
Institute of Standards and Technology, which works with the private
sector to develop standards for cyber security technology; and the
National Science Foundation, which researches ways to secure our
Nation. As a member of the Appropriations Subcommittee on Defense, I
fight for critical funding for the intelligence and cyber agencies,
including the National Security Agency, Central Intelligence Agency,
and Intelligence Advanced Research Projects Activity, who are coming up
with the new ideas to create jobs and keep our country safe. These
funds are critical to building the workforce and providing the
technology and resources to make our cyber security smarter, safer, and
more secure.
This bill does three things from a national security perspective.
First, it allows businesses and government to voluntarily share
information about cyber threats. Second, it requires the Director of
National Intelligence to share more cyber threat information with the
private sector, both classified and unclassified. Third, it establishes
a Department of Homeland Security ``portal'' for cyber info-sharing
with the government to help dot-gov and dot-com in a constitutional
manner. These three provisions are an innovation. Despite all the
amazing talent companies have, many are being attacked and don't even
realize it. This legislation allows unprecedented dot-com and dot-gov
cooperation. There are also key provisions on privacy protections and
liability protection for companies that monitor their own networks or
share information.
Why do we need a bill to make these vital partnerships happen?
America is under attack every second of every day. The threat is here,
and it is now. If we do not act or if we let the perfect be the enemy
of the good, this country will be more vulnerable than ever before, and
Congress will have done nothing.
This bill is not perfect. The Department of Homeland Security's role
has been criticized by many, including myself. I have been skeptical
about their ability to perform some duties assigned in this bill. I am
still skeptical, although less so than before. But this bill takes
important steps to diversify government and private sector actors, so
we are not just focusing on DHS, but also keeping civilian agencies in
charge. We cannot have intelligence agencies leading this effort with
the private sector. Some would like to see that go further, but that is
what the amendment process is for.
People in the civil liberties community worry that this bill could
allow government intrusions into people's privacy. This was of
tantamount concern for me. If we don't protect civil liberties, the
added security is for naught because we lose what we value most: our
freedom. The authors of this bill, especially Senator Feinstein, have
made key improvements on issues of law enforcement powers and
protecting core privacy concerns. While not everyone is entirely
pleased, this bill has made important strides to balance information
sharing and privacy.
The business community is concerned because it fears strangulation
and overregulation. They worry that they will open themselves up to
lawsuits if they participate in the program with the government. I have
heard from Maryland businesses and these are valid concerns.
Importantly, this bill has made strides in accommodating business and
builds a voluntary framework to allow businesses to choose that
protection. Protection does not come without responsibility for
participants, but this bill links the need for cyber security,
appropriate liability protection, and the expertise of our business
community in a way that answers a lot of companies' concerns. We cannot
eliminate all government involvement in this issue because it simply
won't work, and we will lose key government expertise in the Department
of Defense, Federal Bureau of Investigation, and elsewhere. However, we
can work to try to minimize it while maintaining the government's role
in protecting national security.
I am so proud that the Senate came together in a bipartisan way to
draft and pass this legislation. The Senate must pass this legislation
now. Working together, we can make our Nation safer and stronger and
show the American people we can cooperate to get an important job done.
Amendment No. 2557
Mr. President, today I wish to speak about my amendment to the cyber
security bill. This amendment would provide an additional $37 million
for the Office of Personnel Management, OPM,
[[Page S7398]]
to accelerate completion of its information technology, IT,
modernization and thwart future cyber attacks.
This additional funding would allow OPM to make needed upgrades to
cyber security and network systems 1 year ahead of schedule. This means
OPM will not have to wait another year to protect sensitive personnel
data by implementing hardware and software upgrades recommended by
security experts.
The $37 million is designated as an emergency under the Budget
Control Act of 2011.
For over a year, the Office of Personnel Management's systems were
compromised. This hack exposed the financial and personal information
of 22 million Federal employees and their families, contractors, job
candidates and retirees. This is unacceptable.
OPM's retirement services and background investigation databases
contain the most sensitive data OPM holds, including Social Security
numbers, health information and fingerprints.
I have heard from employees across the government. Data breaches
undermine morale and complicate their ability to serve the American
people.
OPM has moved to provide protections, but that is not enough.
Securing these systems must be done now. We can't wait for the next
budget cycle.
I urge support for my amendment. This is a crisis, so we ought to
treat it like one. Twenty-two million Americans who entrusted their
data and fingerprints to the government deserve the highest standard of
protection.
There is a reason OPM was exploited. Federal cyber security has been
weak. The Appropriations Committee has consistently given agencies the
resources they asked for to protect their dot-gov systems. But under
sequester-level budgeting it hasn't been enough. Constrained agencies
don't ask for what is truly needed to do the cyber security job.
Tight budgets mean immediate problems get requested and funded before
other much needed IT protection and maintenance. We aren't even doing
the simple things.
After the OPM breach, the Office of Management and Budget, OMB,
conducted a cyber sprint. OMB asked agencies to take four minimal
steps: No. 1, deploy Department of Homeland Security malicious activity
detectors; No. 2, patch critical vulnerabilities; No. 3, tighten
privileged user policies; and No. 4, accelerate deployment of
multifactor authentication.
While there was improvement, only 14 of the 24 agencies met the
fourth goal. Some of it is a lack of will, but some is a lack of
resources.
OPM knows it needs to harden its information technology.
That is why I am offering this amendment, providing $37 million in
emergency spending to harden OPM systems now--not a year from now.
These funds meet the criteria for being designated as emergency
spending as set out in the Budget Control Act of 2011. OPM's needs are
urgent, temporary, and, regrettably, unforeseen.
What does it mean to designate funds as emergency spending? It means
no offsets, so we don't pay for this amendment by drawing from existing
funding used to defend the Nation or help America's families.
The need is urgent--our adversaries are still trying to attack us.
The need is temporary--these are one-time costs to accelerate IT
reform. And the need is unforeseen which is sadly the reason they were
not requested in the President's fiscal year 2016 budget in February.
Some say this funding is premature, and OPM is not ready to deploy it
effectively. However, those reports were written before Beth Cobert
became OPM Acting Director. She is turning OPM around, but she needs
the resources to secure OPM's IT systems, and cyber security is a
critical issue.
Government can't be reckless with the sensitive data it has. We must
do better with dot-gov and get our own house in order. We know what OPM
needs to do--they have the will, they have a business plan, and now
they need the wallet.
Vote for my amendment No. 2557 to get OPM the resources it needs.
The PRESIDING OFFICER. The Senator from Wisconsin.
Unanimous Consent Request--H.R. 3594
Ms. BALDWIN. Mr. President, last week when I was back in my home
State of Wisconsin, I had the privilege of hosting a roundtable with
college students from all across the southeastern area of the State.
The focus of the conversation was how we in Congress could help keep
college affordable and accessible. During the course of that
conversation, it was abundantly clear that most of the students were
very frustrated that Congress could not take some of the most
commonsense steps to make that happen. I told them that I shared their
frustration and ensured them that I would be going back to Washington,
DC, this week to fight on their behalf.
This morning I hosted a Google Hangout and spoke with campus
newspapers from across the State of Wisconsin to reiterate my
commitment on this issue. So here I am, almost 1 month from the day
that I last stood here on the Senate floor, 1 month since a single
United States Senator stood up and blocked a commonsense and bipartisan
measure that would have continued to provide critical financial support
for America's low-income college students.
In the short month since our efforts to reauthorize the Federal
Perkins Loan Program were obstructed, the immediate impacts are already
becoming quite clear. Last week, the Coalition of Higher Education
Assistance Organizations began surveying colleges and universities that
participate in the Perkins loan program to learn more about how this
obstruction is impacting their students. After a few days, they heard
from over 100 students outlining how allowing Perkins to expire is
harming students and institutions alike. There are real impacts being
felt by real students right now across America. If we don't act, this
damaging impact will ripple across our community. Therefore, we cannot
sit idly by.
Mr. President, I ask unanimous consent that the Senate proceed to the
immediate consideration of H.R. 3594, which is at the desk, that the
bill be read a third time and passed, and the motion to reconsider be
considered made and laid upon the table with no intervening action or
debate.
The PRESIDING OFFICER. Is there objection?
Mr. McCAIN. Mr. President, on behalf of the leadership, I object.
The PRESIDING OFFICER. Objection is heard.
Ms. BALDWIN. Mr. President, this is incredibly frustrating. I am
going to spend a few minutes talking about how this objection, this
obstruction is impacting the students of America and the higher
education institutions of America. There are real impacts that are
being felt right now. Students who have previously received Perkins
loans will lose their future eligibility if they change institutions or
academic programs. Students seeking Perkins loans for the upcoming
winter and spring semesters will not be eligible at all if we don't act
soon to reauthorize this program. Finally, all future students will be
ineligible for this program.
This afternoon right before I came down to the Senate floor, I
received a letter from the president of the University of Wisconsin's
system, Ray Cross--a letter that was co-signed by all 14 of the UW
system university chancellors. In their message, they shared compelling
insight into how the sudden end to the Federal Perkins Loan Program is
already affecting Wisconsin students. They then closed their letter
with this:
[W]e need to keep this program in place. After all, our job
is to help students who would not otherwise be able to attend
higher education and to help them overcome barriers,
particularly financial barriers, all of which helps to ensure
access, retention, completion, and a skilled workforce. These
are goals upon which all of us can agree.
One month ago our colleagues in the House of Representatives--a body
rarely called a place of agreement--took up and passed a measure that
would extend this student loan program for 1 year. I previously called
up that bill here in the Senate and asked unanimous consent that we
extend the Federal Perkins Loan Program. While I look forward to a
broader conversation about improving Federal supports for students as
we look to reauthorize the Higher Education Act, I don't believe--and I
still don't--that we can sit idly by while America's students are left
with such uncertainty.
As everyone heard, I asked unanimous consent to proceed to the
consideration of the bill, and one Senator stood up on behalf of
Republican leadership and blocked our ability at this
[[Page S7399]]
point in time to extend the Federal Perkins Loan Program by 1 year.
Again, I understand a desire, and frankly, share a desire to have a
broader conversation about Federal student aid as part of the Higher
Education Act reauthorization effort. I still do not think it is right
or fair to let this program expire to the detriment of thousands of
students in need. Frankly, this is a perfect example of why the
American people are so upset with Washington.
Since 1958, the Federal Perkins Loan Program has been successfully
helping Americans access affordable higher education with low-interest
loans for students who cannot borrow or afford more expensive private
student loans.
In Wisconsin, the program provides more than 20,000 low-income
university and college students with more than $41 million in aid, but
the impact of this program isn't just isolated to the Badger State. In
fact, the Federal Perkins Loan Program aids over half a million
students with financial need each year across 1,500 institutions of
higher learning.
The schools themselves originate, service, and collect the fixed
interest loan rates, and what is more, institutions maintain loans
available for future students because these are revolving funds.
Since the program's creation, institutions have invested millions of
dollars of their own funds into the program. In addition to making
higher education accessible for low-income students, the program serves
as an incentive for people who wish to go into public service by
offering targeted loan cancellations for specific professions in areas
of high need, such as teaching, nursing, and law enforcement.
As a member of the Senate Health, Education, Labor and Pensions
Committee, and as a Senator representing a State with such a rich
history of higher education, it is among my highest priorities to fight
to ensure that the Federal Perkins Loan Program continues for
generations to come, but unfortunately, as we saw, one single Senator
stood up again today and said no to students across America who ask for
nothing more than an opportunity to pursue their dreams--students such
as Andrew.
Andrew is currently a student at the University of Wisconsin in
Stevens Point. Without the support of his Perkins loan, Andrew said he
would not have had the means to attend college. He has little to no
income at his disposal. Today, not only is Andrew making the dean's
list every semester, but he now has his sights set on attending law
school, also at the University of Wisconsin. Andrew said: ``Without the
assistance I get from the Perkins Loan I would be forced to either take
out other high-interest loans, or delay my graduation date, or drop
out--which is the last thing I want to do.''
Today this body also stood up and once again said no to students such
as Nayeli Spahr. Nayeli was raised by a single mother who was an
immigrant and worked two full-time jobs. Nayeli attended 10 different
schools in 3 different States before she finished high school. Without
the Federal Perkins Loan Program, Nayeli said her opportunity to get a
college education would have been ``an illusionary dream.''
Today Nayeli is the first in her family to finish college and is now
in her last year of medical school. She is planning to work with those
who are underserved in our urban communities. She finished by saying:
The Perkins loan program helped me reach this point. And
its existence is essential to provide that opportunity for
other young adults wanting to believe in themselves and to
empower their communities to be better. Please save it!
You don't have to look very far to find the dramatic impact that this
investment has on America's students. There are thousands of stories
like the ones I just shared, representing thousands of students who are
still benefitting from the opportunities provided to them by this
hugely successful program.
I am disappointed and frustrated that our bipartisan effort in the
Senate has again been obstructed. I will continue to fight to extend
support for America's students in the form of extending the Federal
Perkins Loan Program so that we can find a way to show the half-million
American students who rely on this loan program that we are standing
with them and that we are committed to helping them build a stronger
future for themselves and our country.
I thank the Presiding Officer, and yield back the remainder of my
time.
The PRESIDING OFFICER (Mr. Gardner). The Senator from Ohio.
Mr. PORTMAN. Mr. President, I join my colleague from Wisconsin and
other Members who are here on the floor to talk about the Perkins Loan
Program. It is a really important program. It serves the needs of many
of the students in our States, and it serves a unique need. It provides
flexibility that other programs don't provide, and it also allows the
colleges and universities to actually contribute to it.
I hope we can get this 1-year extension done, and I hope that the
objection will be overridden by the common sense of doing something
that the House has already done. By the way, the House of
Representatives did it for 1 year also at no cost to the Federal
Government because there is no reason to pay for a 1-year extension of
a program that is a loan program where the colleges and universities
take the payments that are made--the repayments--and put them back into
the program. So this program is at no cost, and it is certainly an
important program that we ought to continue.
I know there is discussion about broader education reform, and I
support that. I know this program is not perfect. There are other ways
that we could possibly improve it. I am perfectly willing to enter into
that discussion and debate it. We should have that debate. We should
debate how to make sure college is more affordable for all students,
but let's not at this point stop this program that is working and is
providing for young people in my State and around the country what they
need to be able to afford a quality education.
I was out here a few weeks ago talking about this program, and at
that time I talked about some specific schools and the people in my
State who depend on this program. It is the oldest Federal program out
there that allows students to be able to take advantage of some kind of
help in order to get through school, and boy, it is needed now more
than ever with tuition costs going up and more and more families
feeling the squeeze.
When I go back home, I hear from parents and the students themselves.
It is tough. Wages are flat, and in many cases declining. Yet expenses
are up, and this is one of them, along with health care and electricity
bills. This is not the time to stop the program but to continue this
really important program. At the same time, we need to engage in the
important debate of how we can reform higher education more generally
in order to ensure that everybody has access to an affordable
education.
Since 1958, this program has provided more than $28 billion in loans.
It is a program that supports 60 different schools in my State. In the
Buckeye State of Ohio, we have 60 schools that have loans under this
program. Last year, more than 25,000 Ohio students received financial
aid through this program--3,000 young people at Kent State and over
1,700 at the Ohio State University in Columbus.
One of those students is an outstanding young woman. Her name is
Keri. She is a junior at Kent State. She interned for me last summer.
When I talked to Keri about this program, she said that this is
something she absolutely needs to be able to stay in school.
Keri is a young woman for whom I have a lot of respect because she
fought the odds. She was in foster care. She went from one foster home
to another while she was growing up. Yet she not only fought the odds.
She is now excelling in college and doing a great job, but she doesn't
have the resources to stay in college without this program. She is a
Pell grant recipient, but she also needs the Perkins Loan Program to be
able stay in school.
This is not just about numbers, folks. This is about people. This is
about Keri. This is about young people whom we want to be able to have
the opportunity and to be able to get the education they need to get
ahead, because it does provide help for those who are most in need.
Well beyond Ohio, of course, 1,700 postsecondary institutions now
participate in this program. It shouldn't be
[[Page S7400]]
controversial. Again, the House passed it for 1 year. It is something
that does not require a new appropriation. It is a flexible program. So
many of our student loan programs, including the Pell Grant Program and
so on, are programs where the schools cannot provide any kind of
flexibility. With many of our families and many of our students, Keri
being an example, that flexibility is really important. Circumstances
change. They may find themselves in a situation where they need a
little help to stay in school so they can finish their academic major.
They may find they need a little bit of help because of an unfortunate
event that they could not anticipate happening in their families, and
this program provides that flexibility. Again, the colleges and
universities actually contribute to it. It is a matching program where
they have to step up and be counted.
Let's not allow these students to fall through the cracks, and let's
consider what happens if we do allow that to happen. Students who are
applying for the winter semester, which starts in January, or the
spring semester may well find that they are not able to receive the aid
they need.
I am told that students can lose their eligibility if they change
institutions or if they change their majors. These kids could fall
between the cracks even if they have a Perkins loan now.
Finally, of course, if we don't act pretty soon, then next fall when
there will be up to 150,000 freshman looking for a Perkins loan, they
may find they are not eligible for it. This is not acceptable. Let's be
sure we do everything we can here to make sure that college is not
road-blocked for low-income students who are trying to get a college
degree and pursue their dreams. Let's help them get ahead.
Let's pass this. It creates certainty for the students who benefit
from the loans, it creates certainty for these colleges and
universities, and it ensures that students who need this funding are
not stopped and blocked by these high tuitions.
I wish to thank my colleagues Senator Collins and Senator Casey, whom
I see is on the floor. I also wish to thank Senator Baldwin, Senator
Ayotte, Senator Murphy, and I see Senator Coons and others who are
here.
This is bipartisan, and it is something we can do here in the Senate,
just as the House has already acted. Let's not block this program
because this could block the students from attaining the educational
background they need to be able to succeed in life. Let's move forward
with this while at the same time continuing our discussion on the need
to ensure that higher education is more broadly reformed to allow
everybody to have that opportunity to pursue their dreams.
I thank the Presiding Officer, and I yield my time.
The PRESIDING OFFICER. The Senator from Connecticut.
Mr. MURPHY. Mr. President, let me associate myself with the remarks
of Senator Baldwin and Senator Portman. I thank them for making this
bipartisan clarion call to bring this body together on behalf of
students. There are over 6,000 students in my State of Connecticut.
I believe Senator Blumenthal is going to give some remarks as well to
add Connecticut's list of schools and to debate this issue on the
floor.
We have over 1,000 students at the University of Connecticut, over
700 at Yale University, 600 at the University of Bridgeport, 500 at
Central Connecticut, and 400 in Eastern Connecticut. All across
Connecticut, students are able to attend college because of the Perkins
Loan Program. As one of the few Members of the Senate who is still
paying back my student loans, who is also saving as fast as I can for
my two boys who will hopefully go to college, this debate we are having
today strikes me as crazy. We should be having a debate about how we
expand access to college. Instead, we are simply trying to protect the
existing access we have.
In 10 years the United States has gone from the No. 1 country in the
world with respect to the number of 25- to 35-year-olds with college
degrees to number 12 in the world. In 10 years we have gone from first
to twelfth. The answer for that is the cost of college. The cost of
college is making it unaffordable for people to start and unaffordable
for many others to complete it.
The Perkins Loan Program is one that doesn't require any additional
expenditure of taxpayer dollars. Those 6,000 kids in Connecticut will
get to continue to attend college with Perkins loans, with no
additional obligation on behalf of taxpayers. That is as good a deal as
we can get--no additional expenditure from the Federal Government and
hundreds of thousands of kids all across the country--6,000 of them in
Connecticut--get to continue in college.
I simply wanted to come to the floor to express my bewilderment that
the Republican leadership is standing in the way of simply preserving
the student loan programs that are on the books today. If we go back
home to our districts, we are not going to hear from a lot of people
who are sympathetic to this argument. They want Congress to be talking
about how to make college more affordable. They would be as bewildered
as many of us are that Republicans in the Senate are trying to make
college less affordable, when there is absolutely no additional
expenditure required in order for us simply to preserve the Perkins
Loan Program as it currently exists.
Let me just add one story to the mix--the story of Amanda, who is a
senior at the University of Hartford. Her family makes about $67,000 a
year. People are going to be familiar with her story because that is
just a little bit too much for her to be able to qualify for a Pell
grant. So she has to work two different jobs to put money on top of her
Stafford loans, to put money on top of the contribution her parents
make, just to get into the neighborhood of being able to afford
college, but what makes that final difference for Amanda is the Perkins
loan.
The only reason she is able to go to the University of Hartford is
because of the Perkins loan. She is doing everything we ask. Her
parents are putting in some money, she is taking out loans, and she is
working two jobs. She says:
I can't imagine how difficult it would have been if federal
funding sources such as the Perkins loan had been eliminated
as options for me. I've utilized the Perkins loan offered to
me, in the full amount, every single year to resolve my
account balance. Even now, in my senior year, I have no
choice but to work two jobs and I'm barely getting by.
Without the Perkins and other financial aid, I truly believe
that I would have had to transfer to a community college
where I would not have been able to accomplish nearly as much
as I have here at the University of Hartford.
On behalf of her and the six other students in Connecticut who will
lose their Perkins loan eligibility as long as this Republican
objection lasts, I hope it will come together.
Thank you, Mr. President.
I yield the floor.
The PRESIDING OFFICER. The Senator from Delaware.
Mr. COONS. Mr. President, I stand to join in with the voices we have
already heard from, including Senator Murphy of Connecticut and Senator
Portman of Ohio--bipartisan, of course--who have stood in support of
the unanimous consent request of Senator Baldwin, blocked by the
opposing party, that we move forward with reauthorizing the Perkins
Loan Program.
The voice that I think is so often missing from the deliberations in
the Senate is the voice we just heard brought forward by Senator Murphy
of Connecticut, the voice of our constituents--the constituents who
connect with us when we are home in our States; the constituents who
reach out to us by letter and by email. I just wanted to add the voices
of my constituents from the State of Delaware.
Apparently, our colleagues have failed to hear from thousands--even
hundreds of thousands--of our home State constituents who rely on
Federal Perkins loans. This program is a critical lifeline for students
across the country who would be well on their way to a college degree
if it weren't for the skyrocketing, unsustainable costs of higher
education. I think Congress's failure to reauthorize the Perkins Loan
Program is already having a negative impact on students and on
households across our country. We can see the real-world impact in our
home States if we will but listen to our constituents.
Let me give two examples of Delawareans who have recently reached out
to me.
Frank, an incoming University of Delaware student, was counting on
the
[[Page S7401]]
Perkins Loan Program to help cover a gap in affording the cost of his
higher education. Now that those funds are no longer available, now
that the Perkins loans have expired, his family is struggling to figure
out how they will pay for his education.
There is also Taylor, a Delawarean, already a college student, who
had signed up for a promising new course of study because of a Perkins
loan that would make the additional cost possible. Without this funding
moving forward, future students like Taylor will also have to turn to
private loans--sometimes less accessible, sometimes less affordable--to
fill that gap. Frank and Taylor's stories are just a few examples of
many that I have received in my office from constituents or
conversations I have had at home in Delaware.
When I am with working Delawareans, there is no topic raised more
frequently amongst those in my age bracket of how they can afford to
send their kids to college. Just the other night, standing around on
the sideline of a soccer game, I heard a whole group talking about how
can we possibly afford the skyrocketing expenses of higher education.
So the question we are here today to address isn't the great big
question of how can we make college affordable, it is just a simple
question of how can we extend the Perkins Loan Program. I am proud to
join with my colleagues in calling for a permanent extension of this
program. In my State of Delaware, nearly 2,000 Delawareans last year
received Perkins loans from 2013 to 2014. Those are 2,000 of my
constituents who had the chance to go to college, invest in their
education, improve their lives for the better, and that is in just 1
year of the program.
In the 50 years since Perkins was created, the program has awarded
nearly $30 billion through 26 million loans across this entire country.
Those are big, abstract numbers, but for my colleagues who remain
undecided on whether to support the extension, I urge them to think
about the Franks, the Taylors, their constituents, and folks from towns
and cities, big and small, all across this country. They are not asking
for a free education. The average Perkins loan is just $2,000. It is
not even a rounding error in the scope of the total Federal budget that
we fight over here week in and week out, but that is an amount that one
student, one family can singlehandedly determine--for an aspiring
teacher or a business owner or an inventor or someone who just wants to
advance themselves through education--whether they can continue their
steady forward progress.
This extension alone is not the Higher Education Act reauthorization
many of us have been calling for; it is not the substantial education
investment many of us know would be a huge boost to our country, its
competitiveness, and our constituents' well-being; it is not a perfect
solution to the Delawareans I talk to every day who wonder how they can
afford college; it is an important start. So let's come together and
act. Even the House of Representatives, of all places, has acted on a
bipartisan basis to extend the Perkins Loan Program. We can and should
do the same.
I thank my colleagues for their work on this critical issue, and I
urge this Chamber to come together to approve an extension of the
Federal Perkins Loan Program without delay.
Thank you. I yield the floor.
The PRESIDING OFFICER. The Senator from Pennsylvania.
Mr. CASEY. Mr. President, I rise to speak about the same subject that
my colleague from Delaware just raised and so many others before him.
It is bipartisan. This loan program, which we have had the luxury, I
guess, all these years of relying upon, has allowed us to say that as a
country we value higher education. We value that for no matter what
family a person is from or what level of income. As I have often said,
we believe not only in the context of early learning, when someone is
at the beginning of their learning years, but much later when they are
in the years of higher education, that they can learn more now and earn
more later. That linkage, that direct nexus between learning and
earning, is a substantial factor in whether someone can have a good job
and a career and success in their life.
However, for a lot of folks, the cost of college, as so many have
outlined today, becomes an impossible barrier over which they cannot
climb, especially if they are low income. All they are asking for is a
fair shot--a fair shot at learning, a fair shot at going to an
institution of higher education.
We know this program has meant so much not only to folks across the
country, but when we look State by State and examine the number of
students, the number of families who are affected now, it is
extraordinary, whether we are talking about the Presiding Officer's
home State of Colorado or Senator Coons and his constituents in
Delaware or Connecticut or Wisconsin or Ohio. Wherever we are, we can
see the numbers.
In Pennsylvania, 40,000 students today are beneficiaries of the
Perkins Loan Program. We are told as well that this isn't just a
program that affects all different income levels; this is a program
which is designed and has benefited those who most need it. We are told
that one-quarter of recipients are from families with incomes of less
than $30,000. The maximum loan amount per student is $5,500. If someone
is going to a school where it costs $45,000 or $50,000, that may not
seem like a lot, but for a lot of students who are at institutions that
are not so high in cost, that is a big number--or a fraction of that
number is a big number. If you are going to graduate school, you can
get up to $8,000 from the Perkins Loan Program. It is a 10-year
repayment period. As the Senator from Ohio pointed out, it is a
revolving fund. So as one student is paying their Perkins loan back
over 10 years, another student is benefiting from that revolving fund.
We have all had individuals in our States--I have talked a couple of
times about Nikki Ezzolo. Nikki is a recent graduate of Edinboro
University. She had a long and difficult pathway through her higher
education years. She is a single mom. She was in school and then out of
school. When she finally got through school and had the benefit of a
Perkins loan, among other things, she said the following in talking
about her own circumstances as a single mom:
I am proud to be a college grad and my daughter is proud of
me too. I am so grateful for getting a Perkins loan to help
me. I know that I wouldn't be where I am right now--
Meaning with a job after graduating from Edinboro--
without it, and that is a really scary thought.
So she is thinking about where she would have been without a Perkins
loan. Where she would have been is highly likely out of school and
therefore not working. And the job she got is with a major company in
our State.
So that is Nikki.
I also mentioned on the floor a couple of weeks ago--and I will not
repeat it, but I just want to remind folks of her name. Kayla McBride.
She is a recent graduate of Temple University in Philadelphia. She is
in one corner of the State in Philadelphia, the opposite corner of the
State where Nikki went to school in Edinboro. She indicated she
received a Perkins loan to help with tuition after her mother was laid
off.
Then we have another example, someone I met during the break, right
near my hometown. We were meeting with students all across the State
about this issue. One of them was in Wilkes-Barre. His name is Anthony
Fanucci, the student body President, and a senior at Wilkes University
in Wilkes-Barre. Anthony's father works overtime to pay for his
tuition, and Anthony works every weekend and two jobs over the summer.
His Perkins loan helped him stay in school. I met Anthony and he spoke
that day in public. Among the things he said was the following:
My strengths got me to Wilkes University, but without
financial funding, your strengths and your resume and what
you've done before that mean nothing. I never ever seek pity
for my financial situation because my financial situation is
far from rare.
He is talking about so many students out there who face a fork in the
road at some point. If they have Perkins, they can likely stay in
school. If they don't have Perkins, many of them--far too many--will
not be able to continue their higher education.
We know the program expired on September 30. Here is what it means
for--here is the practical implications
[[Page S7402]]
for students. No new students can receive loans, and while the current
recipients are ``grandfathered'' for 5 years, there is uncertainty
because we have never been in this circumstance where the program has
expired and we don't know exactly what will happen with regard to the
implementation of any kind of new changes or new policy by the
administration. It is important to note that some will not be
benefiting from the grandfathering provision. A student would not be
grandfathered if they do one of the following: if they change their
major, if they alter their course of study, or if they transfer. I
should also mention the cutoff for the grandfathering was June 30,
2015.
Let's consider one of those circumstances--if they change their
major. We are told by a recent study in our State that 75 percent of
students will change their major at some point in their years in
college. Let's just say that it is 50 percent or 33 percent. Whatever
the number is, that is a lot of students changing their major and
thereby maybe taking themselves out of the protection of that
grandfathering provision for Perkins loans now that we are in the
period after it has expired.
Financial aid officials who have written to us talk about other
circumstances. I won't read a full letter, but in one letter we got
from a financial aid official they talked about ``significant changes
in a family's financial circumstances'' and ``unexpected financial
difficulties.'' That is the real world of real students and real
families without Perkins or at least with the uncertainty with regard
to Perkins. Neither situation in my judgment is acceptable. Not having
a 1-year extension to a Perkins loan program makes no sense to me and
to a lot of students. If we had an extension, we could debate if
someone wanted to make changes or debate the elements of a program, but
having it expire makes no sense. Even if the expiration doesn't
definitively impact you, the uncertainty about that should not be part
of a college student's experience. While they are studying, while they
are getting through their coursework, especially as freshmen, they
should have the certainty or at least the expectation that it will
continue to help them.
In summary we should, No. 1, continue to work together in a
bipartisan fashion to solve this problem. The good news is, despite the
partisan rancor and divisions in Washington and in the Senate and the
House, on this we have broad bipartisan support--something on the order
of 28 co-sponsors, and at last count 6 are Republicans. So we have got
folks in both parties working on this.
We all believe that we have an obligation to do everything we can to
support higher education. No student should have to drop out of college
because Congress has not done its job.
We have more work to do on this, and I would urge those who have
concerns about it or want to have another point of view be debated,
that I hope we could work together to get through this impasse and get
the Perkins loan at least extended for 1 more year as was done in the
House most recently by voice vote.
With that, Mr. President, I yield the floor.
The PRESIDING OFFICER. The Senator from Tennessee.
Mr. ALEXANDER. Mr. President, this discussion by very good Senators--
and I congratulate the Senator from Pennsylvania and the other Senators
who have spoken. The Senators from Pennsylvania and Wisconsin are both
on the education committee and we have worked well together and we will
continue to discuss this. This shows how difficult it is to do what
most Americans have said they would like to see us do, which is to
simplify, deregulate, and make it easier and simpler for students to go
to college. That is what we are trying to do in the Senate.
Almost every witness who came before us said this: It is too
complicated to fill out a form for the current form of student aid, so
simplify it. The witnesses have said: Have one undergraduate student
loan, have one loan for graduate students, and have one loan for
parents. Right now undergraduate students might have three different
loans with different interest rates and different terms.
The application process is so complicated that it turns away
millions, we have been told, of students who are frustrated by that.
The repayment program, which is very generous--not for the Perkins
loan, which I will get to in a minute, but for all other direct loans--
is so complicated that students don't take advantage of it.
We are toward the end of our work in the Senate education committee
to take our giant student loan program, which loans more than $100
billion taxpayer dollars a year and has more than $1 trillion dollars
of outstanding loans, and simplify it to make it easier and cheaper for
students to go to college.
One way to do that is to replace the Perkins loan with a direct loan
that has a lower interest rate and a more generous repayment plan. What
we are proposing to do is to replace the Perkins loan with a direct
loan that is available to every single student who is enrolled in an
eligible accredited college. You show up, you enroll, you get the loan.
That is available to you. The interest is 4.29 percent today. That is
lower than your Perkins loan, and when you pay back the direct loan,
you may pay it back like a mortgage over 10 years or you may pay it
back over 20 or 25 years, not paying more than 10 or 15 percent of your
disposable income. And if you haven't paid it back after those years,
it is forgiven. That is what the taxpayers have said to the students.
So that lower interest rate and generous repayment program are not a
part of the Perkins loan program. What we, a bipartisan group of
Senators, are saying is that we need to replace the Perkins loan with
that better opportunity.
Let's be clear about who is affected by this. Perkins loans are about
1 percent of all student loans. So, about 99 percent of those students
who have student loans are not affected by this discussion. Of those
who have Perkins loans, you can keep your Perkins loan. The Department
of Education notified all the institutions early in this calendar year
and said the Perkins loan expires in the fall. If you grant a new
Perkins loan this fall, it will be a 1-year loan. For everybody else
who has already got a Perkins loan, you can keep receiving Perkins
loans through the end of your program. So, in almost every case, you
either got a 1-year loan if you got a new loan for the first time, or
if you are already in a program, you keep it through to the end of your
program. That is the situation.
It is important for students to know that the bipartisan effort here
is to simplify the student loan program and give them a lower interest
rate and a better repayment program. Why would you not want that
instead of this? One might say we may want to have both. Sure, you
would like to have both, but the Congressional Budget Office says it
will cost $5 billion over 10 years to continue the Perkins loan
program. The testimony we heard and our recommendation by this
bipartisan group of Senators is we have a better use for that $5
billion.
We might have a higher amount of money that you could borrow. We know
there are going to be more Pell grants granted if we simplify the
application process and the repayment process. We would like to give
students the opportunity to use their Pell grants year-round. Some way
we have got to pay for that, and one way to pay for that is to simplify
the system. If we take $5 billion to continue the Perkins loan program
so we can give students a higher interest loan and a worse repayment
program, we are also taking money away from the new Pell grants, from
the possibility of a year-round Pell grant, and from the other reforms
that we would like to make. Why should we be trying to change this now,
when the Department has notified all the institutions that this is how
things are going to be?
We are toward the end of our work in our committee. We work in a very
good bipartisan way. We don't agree on everything; we don't expect to.
But Senator Murray and I have the Elementary and Secondary Education
Act. We expect to be able to do that with the Higher Education Act. The
Senators will have a chance to offer amendments in the committee and on
the floor. If the full Senate decides that it wants to keep the Perkins
loan program and take $5 billion out of the funds available to give
year-round Pell grants to students or the extra Pell grants that we
would be able to grant by simplifying the application and instead
continue a program with a higher
[[Page S7403]]
interest rate and a worse repayment program, then the full Senate can
do that. I won't recommend it and I won't vote for it, but that is the
purpose here.
It is important for everyone considering this to know that President
Bush recommended that the program end. President Obama recommended that
the program be changed and folded in, in effect, with the regular
direct loan program.
The Federal Government hasn't contributed any new money to the
Perkins loan program since 2004 because most people know that it is not
as good a loan opportunity for almost all students. It is not as fair a
use of the money as is the direct loan program.
I prefer private loan programs, but the Congress has decided it is a
Federal loan program. To reemphasize, if you are enrolled in any
accredited institution, and we have 6,000 of them, all you have to do
is show up and you are eligible for the loan. We think you are better
off. You will be less likely to over borrow and you will be more likely
to go to college if it is a simpler program and if you have a single
undergraduate loan, a single graduate loan, and a single loan for
parents. That is the purpose behind my point of view on this.
This Senator would like for our committee to finish our work.
Hopefully we can do that and give it to Senator McConnell and let him
put it on the floor early in the year, and the Senate can decide which
loan programs it wants. If we want to continue the mumbo jumbo of
student loan programs we have today, which discourage students from
going to college and taking advantage of repayment programs and
discourage the kinds of education that most of us want, then the Senate
can do that, but I will be arguing against that.
That is why I asked the Senator from Arizona to object today to
bringing immediately to the floor this continuation of a program that
every institution in the country knew was supposed to end when it
ended, and that one President has tried to end and another President
has tried to change. Almost every witness that came before our
committee said that students will be better off. Students are the ones
we care about. As long as we are fair to taxpayers, students will be
better off if we simplify the system and have a single undergraduate
loan, a single graduate loan, and a single loan for parents.
In addition to that, there is a Federal grant system. If you are in
Colorado or Tennessee or Connecticut or Pennsylvania and you want 2
years of college, for those who are eligible for the Pell grant, which
you do not have to pay back, the 2 years of college is basically free.
The average tuition for a 2-year community college is about $3,300 a
year, and the average Pell grant is about $3,300 a year. So we are
offering the students of this country--it is never easy to pay for
college, but the taxpayers have been pretty generous. Basically, we are
saying that everywhere in the country if you want 2 years of college
and you are in the 40 percent of community college students that are
lower income, your 2 years are basically free. If you need more money,
you are entitled to a loan that you can pay back at an interest rate
this year of 4.29 percent. That is a low interest rate for somebody
with no credit rating and no collateral. You can't get that anywhere
else, but you can get it from the Federal Government so you can go to
college. We are saying in addition to that, you can pay it back over 20
years with your disposable income. If that isn't enough, if you are a
teacher or fireman or someone who has not made as much to pay it back,
it is forgiven by the taxpayers. We would like the Perkins loan
students to have the lower interest rate and the more generous
repayment program, and that is why I object to circumventing the
committee's decisions.
Let us finish our work. Let us make a decision that we should be able
to make as a whole Senate by early next year, and let the students who
already have Perkins loans continue all the way through to the end of
their program. Let the students who got it for the first time since
July know that they will have that program for this 1 year. This is
what every single university in the country was told about earlier this
year and reminded of by the Department of Education in September.
Let's do this in an orderly way and let's put the students first. All
of us are interested in helping students make it easier and simpler to
attend college. I think our bipartisan proposal will replace the
Perkins loan with a direct loan opportunity with a lower interest rate
and a more generous repayment program. It is a better deal for students
and avoids spending that $5 billion that I would like to use for the
year-round Pell grant and for the additional Pell grants that are going
to be created by a simpler student aid program.
I thank the Presiding Officer, and I yield the floor.
The PRESIDING OFFICER. The Senator from Connecticut.
Mr. BLUMENTHAL. Mr. President, I do respect the expertise and
experience and dedication of my colleague and friend from Tennessee. I
especially understand and am grateful for his leadership as the
chairman of the Health, Education, Labor and Pensions Committee, which
has jurisdiction over this legislation. I understand that he is moving
toward reform and overhaul of the current system of financial aid and
loans that will make it better for students. That is the goal, that it
will be ready perhaps sometime early next year.
As we know from our experience in this body, timelines frequently
shift and give way. So early next year may turn into later next year or
the spring of next year or at some point in time. In the meantime,
futures are in the balance--the futures of students in Connecticut and
around the country who are trying to plan in their senior year. Their
faces and voices are with me and with all of us every day. Their
futures are the future of this country.
The House has extended the Perkins Loan Program for 1 year. Why won't
the Senate do it? My colleague from Tennessee urges that we simplify
the program. Well, let's simplify decisions that are being made right
now at the kitchen tables and the living rooms of families across the
country and make available this option even as we simplify and reform
the program because the failure to do so vastly complicates and
confuses the lives of students who are making real-life decisions while
we debate. We are, in fact, debating right now a cyber security
information sharing act which pertains to the cloud and computing that
takes place in the cloud. We are talking here in the clouds compared to
real-life decisions being made by students and their families every
day. I am hearing from them. I am hearing from financial aid
administrators, for example at Quinnipiac University in Hamden, CT, who
tell me that there is a level of anxiety and angst they have not seen
in recent years because of this body's inaction, its failure to
continue a program that has worked and worked well for countless
students. In fact, in the 2014-2015 school year, institutions in
Connecticut disbursed over $20 million through the Perkins Loan
Program, using that funding to provide targeted financial aid to
support their very neediest students. Low-income students who face a
gap in funding and who have to make hard decisions about real dollars
and cents need this program not early next year but right now.
The Senate's failure to act, as the House has done, to extend it for
1 year, abrogates its responsibility. In previous years, Quinnipiac,
for example, would have been able to offer these students Perkins loans
to close the gaps between what financial aid they are receiving and
what they need to continue their education. This year, they are telling
students: Sorry, no help available.
These students are the future of our country. They are the ones who
are going to be doing the computer science that is necessary for our
cyber security. They are the intellectual infrastructure of this
country. Our failure to invest in them--and this expiration is only one
reflection of that failure to invest--is a failure for the entire
country.
I received a note from Nicole Deck--a sophomore at the University of
New Haven--telling me how she benefitted from the Perkins program. She
is pursuing a double major in marine biology and environmental science.
She wrote to me saying: ``I appreciate every day that I spend at the
University of New
[[Page S7404]]
Haven thanks to the aid of the Federal Perkins loans.''
She said: ``Receiving money from the Federal Perkins Loan has allowed
me to achieve many of my goals and has opened many doors of
opportunity.''
The doors of opportunity for Nicole in marine biology and
environmental science on the shores of Long Island Sound, where she can
put that science to work to help to save Long Island Sound and to help
us nationally to preserve our environment, are not only doors of
opportunity for her, they are doors of opportunity for our whole
country. The failure to extend the Perkins loan program closes those
doors.
I met recently with seniors at the New Britain High School. At New
Britain High School, these seniors are thinking about where they will
be going to school. They are making life-changing and transformative
decisions about their futures based on their financial alternatives.
When I asked them ``How many of you have, in effect, abandoned the
school of your first choice because you couldn't afford it and Federal
aid was not available and no scholarships were accessible?'' about half
of them raised their hands.
I thought to myself, well, things often work out for the better but
sometimes not. Sometimes futures are constrained and warped and
distorted because a young person with great potential is unable to
develop it because of an avenue of education blocked by financial
unaffordability.
My colleagues have stated very powerfully and eloquently and it has
been a bipartisan debate about what the Perkins Loan Program means to
so many students.
I will close by saying that this program involves an example of real
institutional skin in the game. It requires institutional capital
contributions as a requirement for a school's participation. It fills
the gap of affordability that affects our very neediest and often most
deserving students.
Our constituents will rightly ask us: Did you reject the student loan
program?
No, we did not reject it.
Did you renew it?
No. We simply allowed it to die.
This program has gone into the cloud. We have allowed this to expire
when we could extend it for 1 year without really damaging the reform
effort underway.
I want to repeat that I respect the HELP Committee chairman's
intention and goal to reform all student loan programs, but in the
meantime, futures of American students are affected unfairly and
unwisely by the inaction by this body.
I yield the floor.
The PRESIDING OFFICER. The Senator from Tennessee.
Mr. ALEXANDER. I thank the Senator from Connecticut for his eloquent
remarks. Let me offer this different perspective. You don't need a
Perkins loan to go to a 2-year college. The average tuition at a
community college--and they are a terrific opportunity in my State and
most States--is about $3,300. About 40 percent of the students who
attend them qualify for a grant of about, on average, $3,300. So those
2 years are free for most students who need the money. Those students
are also entitled to a direct loan if they enroll at the community
college. Usually it is $4,000, $5,000, to $6,000. They just walk up and
they are entitled to it if they think they need it.
You probably don't need a Perkins loan to go to most of the State
universities. At the University of Tennessee, the tuition and fees is
about $12,000. Many of the best colleges and universities are State
institutions.
You are entitled to your Pell grant. You are entitled to your direct
loan. Then many States and universities have their own programs. For
example, in Tennessee there is the HOPE Scholarship, and almost all of
the students at the University of Tennessee Knoxville have one.
Where the Perkins loan has been useful--and I will grant that--has
been at the expensive private colleges. If it is $50,000 a year to go
to a private college, you can get your Pell Grant, you can get two
direct loans, and then you can get a Perkins loan. Then you can end up
being in the newspaper for having borrowed so much that people write
articles in the Wall Street Journal about how we have created a
circumstance where students are overborrowing and cannot pay back their
student loans.
So I think the question really is, Should taxpayers spend $5 billion
more over the next 10 years to make it possible for a the student to go
to a $50,000-a-year tuition school or should taxpayers spend that money
to create a year-round Pell Grant and hundreds of thousands of
additional Pell Grants for low-income students who want another 2 years
or 4 years of education? I think that is the question.
Government is about setting priorities. If we had an unlimited amount
of money, we could do everything. Except, we do have a problem with
overborrowing and complexity. When you add a third loan on top of two
other loans so that can you go to a $50,000-a-year tuition college,
that is a choice an American has to make. I am proud of the fact that
we have those choices. But we have lots of 18-, 19-, 20-year-olds, and
many graduate students, too, who 5 or 10 years later will find they
cannot pay it back.
I think we are better off with a single undergraduate loan, a single
graduate loan, and a single parent loan that is available to every
single student. I think we are better off using whatever savings we
have to expand the number of Pell Grants and to offer a year-round Pell
Grant.
As I said before, every single institution--all 6,000 of our
institutions were told by the Department of Education earlier in 2015:
If you grant a Perkins loan this fall to someone who never received one
before, it will be for 1 year because the program is ending.
Also, they were told: If someone already has a Perkins loan, you will
be able to keep it all the way through the end of their program.
So this is an honest difference of opinion. There are a lot of
university presidents--I know a bunch of them. They like the program
because it gives them one more tool to use. The question is not just
whether they like the program; the question is, What is best for the
students? I think taking the available amount of money we have and
expanding it for simplifying the student aid system and making the
year-round Pell and the other programs available to students who need
it the most--I think that is what we should be doing.
We will finish our work in the Senate education committee hopefully
within a few weeks. We will have it ready to come to the floor. We can
debate it, and the Senator from Connecticut and I can continue our
discussion.
I yield the floor.
The PRESIDING OFFICER. The Senator from Arizona.
Amendment No. 2582
Mr. FLAKE. Mr. President, I rise to speak in support of the Flake
amendment No. 2582 that is currently pending before the body. This
amendment is very simple. It simply adds a 6-year sunset to the bill.
This amendment also keeps in place the liability protections
established by the Cyber Security and Information Sharing Act for
information that is shared pursuant to the requirements of the bill.
Furthermore, the amendment ensures that the requirements on how the
information is shared under the act is to be handled remain in effect
after the sunset date.
That is all this amendment does. It simply sunsets the bill in 6
years, and it does so in a reasonable and responsible way. I believe in
the sunset provision. It is good for us to consider our past decisions
6 years from now, to determine whether what we enacted is operating
well, and to debate the overall success of the legislation that we
passed 6 years prior. We ought to do that, frankly, on a lot of other
legislation we pass.
I do believe the bill we are currently considering, as it is written,
strikes the right balance. It puts in place the proper privacy
protections, and I plan to support the legislation. However, it is
important to make sure that we are forced to go back and evaluate it in
the years to come to make sure we actually got it right. Given the
nature of the bill being debated before us, it is all the more
important to do so in this instance.
I would also note that this 6-year sunset is similar to sunset
provisions that were included in both House-passed cyber security
bills. So if it is in the House, we ought to have it in the Senate as
well.
Both the Protecting Cyber Networks Act, which passed the House by a
vote
[[Page S7405]]
of 307 to 116, and the National Cybersecurity Protection Advancement
Act, which passed the House by a vote of 355 to 63, include a 7-year
sunset.
I ask my colleagues to support this amendment. I think it does
strengthen the bill. It ensures that we evaluate, as we should, any
legislation that we pass to ensure that it is having its intended
effect.
I yield back the remainder of my time.
I suggest the absence of a quorum.
The PRESIDING OFFICER (Mr. Lee). The clerk will call the roll.
The senior assistant legislative clerk proceeded to call the roll.
The PRESIDING OFFICER. The Senator from Louisiana.
Mr. VITTER. I ask unanimous consent that the order for the quorum
call be rescinded.
The PRESIDING OFFICER. Without objection, it is so ordered.
Unanimous Consent Request--S. 697
Mr. VITTER. Mr. President, I rise in strong support of the Frank R.
Lautenberg Chemical Safety for the 21st Century Act. Over 2 years ago,
I sat down with now the late Senator Frank Lautenberg of New Jersey in
an attempt to find compromise and to work together on updating the
drastically outdated Toxic Substances Control Act. Updating this law
was a long-time goal and passion of Frank's. It was a real goal of
mine, although we came at it from very different directions, at least
initially. I am saddened Frank isn't here with us to see it finally
being brought up for consideration on the floor of the Senate. We
worked closely together and forged a significant, productive, positive
bipartisan compromise--the sort of work we don't see often enough in
the Senate or the Congress itself, but we got it done here, and it is a
strong, positive compromise in substance as well.
After Frank's passing, Senator Tom Udall stepped in to help preserve
Frank's legacy and continued working with me to move this reform
forward. We have done that consistently over months and months, working
on issue after issue, detail after detail, to produce a strong result.
I am very proud of the substance of this result because it achieves two
very important goals: On the one hand, we certainly protect health and
safety and give the EPA the proper authorities to do that with regard
to chemicals in commerce. On the other hand, we make sure we don't
overburden industry and put them at a disadvantage in terms of
remaining America's world leaders in innovation and chemistry. We are
world leaders now. We innovate, we produce new chemicals and new uses
and new products on a spectacular basis, and we certainly don't want to
threaten that. Our Frank R. Lautenberg Chemical Safety for the 21st
Century Act doesn't threaten it. It enhances it, it protects health and
safety, and that is why I am so proud of this bipartisan work.
We have done that work so completely we are now in a position to pass
this bill through the Senate in very short order. In fact, we only need
2 hours of floor time, and we need no amendment votes related to the
bill in any way. That is virtually unheard of in the Senate, but it
goes to the work that so many folks have done on both sides of the
aisle. So with 2 hours of floor time, no amendment votes, we can pass
this bill and move it on to the House. We have been in contact with the
House for months, so we are very hopeful we can follow up our action
with House action and a final result in relatively short order.
Mr. President, that is why we are coming to the floor today, to ask
unanimous consent to establish that process in the near future--a very
simple, very short process so we can get this done and achieve this
result. Again, no amendment votes are necessary--whether they are
germane, related or unrelated, no amendment votes are necessary--and
then pass it on to the House. I certainly hope we can have that
agreement to move forward in a productive fashion.
With that, let me yield to my Democratic colleague Senator Udall, who
has been such a great partner in this effort following Frank
Lautenberg's unfortunate passing.
The PRESIDING OFFICER. The Senator from New Mexico.
Mr. UDALL. Mr. President, I thank my colleague Senator Vitter. It has
been a real pleasure working with him on the Toxic Substances Control
Act. I think we have brought this a long way.
First, let me speak on the pending cyber security legislation, and
then I will be seeking unanimous consent to process another bill.
Protecting our national security and economic interests from cyber
attack is a very important priority. I commend Senator Burr and Senator
Feinstein for their hard work on their legislation. I know they have
also gone through a lot to get floor time on their bill and are working
to process amendments. It is clear they have made a serious effort. I
respect the chairman, vice chairman, and their staffs for their work.
My understanding is this will pass with a large bipartisan majority
in the Senate. As Chairman Burr stated yesterday, the House has already
acted on cyber security legislation. He is eager to start reconciling
differences and get a bill to the President's desk. That is what good
legislators do.
As the chairman knows, I have also been working for a number of years
on a complicated legislative project, working with Senator Vitter,
Senator Inhofe, and many other Senators of both parties. We are very
close to the reform of the totally outdated Toxic Substances Control
Act. We all know TSCA is broken. It fails to protect families and it
fails to provide confidence in consumer products. We have a chance
today to change that and to show that Congress can actually get things
done.
I am pleased Chairman Burr is a cosponsor of our legislation, along
with over half of the Senate. After years of work, we are now also in a
position to seek unanimous passage of TSCA reform so we can go to
conference with the House of Representatives. It has been a long road
with lots of productive debate and discussion and cooperation and
compromise. This is a balanced bill, one that Republicans, Democrats,
industry, and public health groups can all support moving forward.
Not everyone loves our Senate product, but its staunchest opponents
are now ready to allow for Senate passage. We can then reconcile our
bill with the House, just as Senator Burr seeks to do on cyber security
legislation. We have cleared this legislation on the Democratic side of
the aisle with a short time agreement. My understanding is that there
is nearly unanimous consent--unanimous signoff--on the Republican side
as well.
With that, I join with Senators Vitter and Inhofe in asking for
unanimous consent. I ask unanimous consent that at a time to be
determined by the majority leader, in consultation with the Democratic
leader, the Senate proceed to the consideration of Calendar No. 121, S.
697; further, that the only amendment in order be a substitute
amendment to be offered by Senator Inhofe; that there be up to 2 hours
of debate equally divided between the leaders or their designees; and
that following the use or yielding back of that time the Senate vote on
adoption of the amendment, the bill be read a third time, and the
Senate vote on passage of the bill, as amended, if amended, with no
intervening action or debate.
The PRESIDING OFFICER (Mr. Vitter). Is there objection?
Mr. BURR. Reserving the right to object.
The PRESIDING OFFICER. The Senator from North Carolina.
Mr. BURR. Mr. President, let me say to the authors, I have deep
respect for both of you, and you have done an incredible job with this
bill. It is one of the reasons I am a cosponsor, because it is good
legislation.
It is no surprise to the Senate that I have had a deep desire to add
the Land and Water Conservation Fund reauthorization, which has
expired, as an amendment to this bill. I seek no time. I only seek the
vehicle for an up-or-down vote and a ride--a ride that I can't seem to
get by itself. As a matter of fact, I think the authors of this bill
know that I have said if somebody can offer me a stand-alone
opportunity to debate and vote on the Land and Water Conservation Fund,
we can unanimous consent TSCA. We can't achieve that. I certainly don't
want to take anything away from what I think is a great bill, and I
wouldn't even require time, I would only require a vote.
[[Page S7406]]
So I would ask the authors to modify their unanimous consent request
to include a vote on the Burr-Ayotte-Bennet amendment in relation to
the Land and Water Conservation Fund.
The PRESIDING OFFICER. Will the Senator so modify his request?
Mr. BURR. I ask unanimous consent that the consent be modified to
include a vote on the Burr-Ayotte-Bennet amendment in relation to the
Land and Water Conservation Fund.
The PRESIDING OFFICER. Will the Senator so modify his request?
Is there objection to the modification?
The Senator from Utah.
Mr. LEE. Mr. President, reserving the right to object, we have an
opportunity to update and reform the Land and Water Conservation Fund,
and to do so in a way that would ensure it works more efficiently and
helps solve the problems facing our Federal Government and States. To
do so, we need to pursue a few goals.
First, more money from the LWCF should be sent to the States to
implement the worthwhile projects. When the LWCF was conceived, 60
percent of its funding was required to go to the States. That statutory
requirement was removed years ago, and now just 12 percent of LWCF
money is given to the States, with minimal Federal strings attached.
Next, the LWCF should be used to solve, not to exacerbate, the
current Federal lands maintenance backlog. The Federal Government has
undertaken an impossible task in trying to manage more than 600 million
acres of variant terrain dispersed across thousands of miles. Evidence
of the Federal Government's failure to manage its holdings is found in
the $13 billion through $20 billion maintenance backlog, a number that
has grown nearly every single year since President Obama has been in
office.
Since LWCF was created some 50 years ago, Congress has appropriated
nearly $17 billion to the fund, and 62 percent of this money has been
spent on land acquisition, resulting in 5 million acres being added to
the Federal estate.
We should work together to improve the LWCF. Let's work together to
make sure that North Carolina, New Hampshire, New Mexico, and every
other State in this country gets more money. Let's work together to
make sure that the Federal Government only acquires such land as it can
adequately manage.
On that basis, I object.
The PRESIDING OFFICER. Objection is heard.
Is there objection to the original request?
Mr. BURR. I object.
The PRESIDING OFFICER. Objection is heard.
The Senator from New Mexico is recognized.
Mr. UDALL. Mr. President, again, I respect Senator Burr, but I am
very disappointed in that objection. I take a back seat to no one in
supporting the Land and Water Conservation Fund. It is extremely
popular in New Mexico and critical to enabling our outdoors economy.
Senator Burr has been a strong leader on the LWCF. He has brought much
needed attention and passion to the issue of reauthorization, and I
want to work with him on that. But the current strategy of holding TSCA
hostage for LWCF is not the proper one. This is the sort of thing that
gives the Senate a bad reputation for dysfunction, and I do not see how
it will lead to any progress on LWCF. I have not objected to Senator
Burr's efforts to pass reauthorization in the Senate. In fact, I have
appraised his efforts. I share his frustration that a small minority of
Republicans have blocked his efforts. But now, instead of one bill
being blocked, we have two. Without this objection, TSCA would pass
today almost unanimously after years of hard work.
So instead of holding TSCA hostage, why not consider LWCF on Senator
Burr's legislation?
With that, I suggest the absence of a quorum.
The PRESIDING OFFICER. The clerk will call the roll.
The legislative clerk proceeded to call the roll.
Mr. VITTER. Mr. President, I ask unanimous consent that the order for
the quorum call be rescinded.
The PRESIDING OFFICER (Mr. Lee). Without objection, it is so ordered.
____________________