[Congressional Record Volume 161, Number 179 (Thursday, December 10, 2015)]
[Senate]
[Pages S8571-S8573]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]
TRIBUTE TO FEDERAL EMPLOYEES
U.S. Computer Emergency Readiness Team
Mr. CARPER. Mr. President, I mentioned to the Presiding Officer in
our brief conversation before I came to the podium that one of the
things I try to do every month or so is come to the floor, usually when
things are slower and there is not a lot going on, to talk about some
of the folks who work for us and serve our country in the Department of
Homeland Security.
Earlier this week, as my colleagues may recall, an outfit called the
Partnership for Public Service released an annual report in which they
rank the best places in which to work in the Federal Government. The
report is based on surveys that are conducted literally by hundreds of
thousands of Federal employees. This year it showed an increase in
overall employee morale for the first time, I think, in 4 or 5 years.
That is good news.
Despite the progress that appears to have been made in a number of
Federal agencies, not all but many components of the Department of
Homeland Security continue to struggle to make their employees feel
good about their work and what they do for the rest of us.
I know the Secretary of the Department, Jeh Johnson, and his team
have taken a number of significant steps to make the Department a
better place to
[[Page S8572]]
work for current and future employees. They do outreach and get input
from their employees as to what needs to be done to enable them to feel
better about the work for greater job satisfaction, to make them want
to come to work. I would also say today that the Congress--those of us
who serve in the Senate and the House--also has a responsibility to
help improve morale, not just at the Department of Homeland Security
but in the Federal Government at large.
Considering the fact that we began 2015 with a fight in this body
right here over whether we should even fund the Department, I don't
believe those of us in the Senate or in the House are doing all we can
do, that we are doing our part well. As I said earlier, that is why I
come to the Senate floor on a number of occasions throughout the year
to highlight some of the extraordinary work done every day by the
dedicated men and women at the Department of Homeland Security.
Today I rise to recognize no one individual. Usually I pick one or
two people who have done extraordinary things with their lives, but
today I am going to focus on a whole team of people who do important
work every day to defend our Nation from the growing and evolving
threat our country faces in cyber space.
It seems as though we don't go a week without hearing about another
major breach at a business or a government agency. We are under
unrelenting attack from all over the world--in some cases from
sovereign nations, in other cases from criminal organizations, and in
other cases just from pranksters. Over these past few years, we have
seen major attacks on the Office of Personnel Management, on a great
many banks and other businesses, and even the email of the Director of
the Central Intelligence Agency. These attacks make clear that the
threats we face online are complex, and unfortunately we will be
struggling with how to deal with them for the foreseeable future.
Fortunately, in Congress we have been making some progress combating
these cyber threats through legislation. Last year we passed cyber
security legislation--four bills in fact--out of the Committee on
Homeland Security and Governmental Affairs. These four bills were aimed
at strengthening the ability of the Department of Homeland Security to
perform their cyber security mission.
Among those bills was one to update how our government protects its
own networks. This bill includes language clarifying the role the
Department plays in overseeing and enhancing security and other
agencies. Two other bills gave the Department some of the tools it
needs to strengthen its cyber security workforce, and just last month
the Department of Homeland Security announced that it now seeks to hire
up to 1,000 new cyber security employees over the next 6 months using
the new authorities we have given them.
We also passed legislation that codified the cyber operations center
at the Department. It is called the National Cybersecurity and
Communications Integration Center, affectionately known as the NCCIC.
Our legislation--which former Senator Dr. Tom Coburn and I coauthored,
supported by many in our committee and outside of our committee--gave
the NCCIC the strong legal foundation it needs, that it lacked, in
order to do their job and engage with the private sector in a joint
effort to better secure critical cyber networks.
I think we have made real progress on cyber security legislation this
year as well. I think we are maybe poised to do even more. I would like
to use a football analogy. The team flips a coin and somebody receives
and somebody kicks the ball. Receiving takes the ball maybe deep in
their own territory, and then they march down the field across the 50-
yard line into the other team's territory, then they get to the 20-yard
line, and then moving closer to the other team's goal line, they would
say they are in the red zone. In terms of our march on cyber security
legislation here and in the House, thanks to the good work of the Intel
Committee here and the Committee on Homeland Security and Governmental
Affairs as well, we are not just in the red zone, we are inside the 10-
yard line and it is first down and goal to go.
Unfortunately, the clock is running out and we don't have forever to
get the job done, but if we are smart and don't give up, we can have a
real success for the American people in strengthening our cyber
defenses in a real way.
The legislation we passed this fall was called the Cybersecurity
Information Sharing Act, and it represents a collaboration on a number
of cyber security issues. In the bill the Department of Homeland
Security plays a central role as they interface between industry and
the government. The bill also includes provisions to enhance the cyber
security program at the Department of Homeland Security known as
EINSTEIN, which uses classified threat intelligence to protect all of
our civilian agencies.
I am mentioning all of this legislation to show the critical role or
underline the critical role the Department of Homeland Security plays
in security for our Nation. At the center of the Department's cyber
security operation is the U.S. Computer Emergency Readiness Team, which
is also known as US-CERT.
To my left is a picture of our President, and the handsome fellow he
is speaking to is a fellow named Jeh Johnson, who is the Secretary of
the Department of Homeland Security, a role he has filled for I believe
most of 2 years now. I think he is doing a splendid job, with the great
support of the Deputy Secretary there, Alejandro Mayorkas, and a couple
of thousand people who are committed to defending our homeland.
This is a picture of the President addressing, along with Secretary
Johnson, the employees at US-CERT. I think it was taken earlier this
year. Again, US-CERT--the U.S. Computer Emergency Readiness Team--is
the main operational team within the NCCIC. It is the operational team
within the NCCIC itself.
What do they do? They pool information and they share that
information throughout the Federal Government. The US-CERT also shares
information with our partners in the private sector across the country
and with our allies around the world. It is an important job. It is not
a job that is done for 5 days a week, 8 hours a day. It is a 24-hour-a-
day, 7-day-a-week operation, and these men and women work to stay ahead
of the bad actors who are trying to steal our personal information and
trying to really harm our economy. In some cases they are plotting to
damage our critical infrastructure such as our electric grid, our
financial systems, and our communications systems.
US-CERT was established 12 years ago as the Department of Homeland
Security was first being stood up. The mission of US-CERT is simple, I
think: to make the Internet a safer place for everyone by helping to
improve cyber security across the country. I will say that again. The
mission of US-CERT is very simple--not easy but simple. It is to make
the Internet a safer place for everyone by helping to improve cyber
security across our country. To do this, US-CERT operates a wide
variety of programs. These programs include several information sharing
collaboration programs, incident response teams that provide onsite
assistance to attack victims, programs such as the EINSTEIN intrusion
detection and prevention system to protect Federal agencies, education
and awareness programs, and deeply technical forensic analysis. The US-
CERT partners with a wide variety of organizations. Among them, they
partner with powerplants and utilities, they partner with financial
institutions, they partner with software companies, with researchers,
and they partner with certain teams in other countries and other cyber
operation centers such as those over at NSA, the National Security
Agency, and the FBI as well.
When a major attack occurs in the Federal Government or the private
sector, the men and women at US-CERT mobilize to travel to the victim's
location. They help mitigate the attack. They help to strengthen the
victim's cyber systems, and then they communicate with their partners
so everyone can secure their systems against similar attacks. We
learned from that bad experience, and hopefully we can help reduce the
likelihood that someone else will suffer a similar fate.
Earlier this year, when the Office of Personnel Management discovered
a
[[Page S8573]]
data breach of personal data belonging to millions of Federal
employees, they called the NCCIC and asked for its team of experts. US-
CERT was deployed to play a central role in, first of all,
investigating the attack but also in responding to that attack. For the
next 4 months, the team worked literally around the clock at OPM to
assess and to monitor Federal networks and to develop new protections
against this type of intrusion that OPM had experienced.
Now, once US-CERT realized that other Federal agencies were also
vulnerable to this kind of a breach, they immediately shared the
indicators of the attack with network analysts across the Federal
Government. This allowed other Federal agencies to scan their systems
and to make sure they had not been compromised by the same hacker and
to be on alert for that hacker's attack.
Because of the scale and impact of the OPM breach, which I think
actually ended up affecting more than 20 million people, the US-CERT
team worked long hours to make sure they could provide guidance to
Federal agencies as quickly as possible so they could protect their
networks from similar attacks and prevent the attacker from using the
information they obtained against us. Their work not only strengthened
the Office of Personnel Management's cyber security posture, it also
bolstered cyber security across the entire Federal Government.
US-CERT and all the cyber warriors at the NCCIC work tirelessly every
day to out-think and out-innovate our cyber enemies. The legislation we
enacted last year and the bill we are working hard to send to the
President this year with great bipartisan support here in the Senate
and the House as well puts the Department of Homeland Security in the
spotlight and entrusts them with ever-greater responsibility for years
to come. We in Congress recognize the critical role US-CERT plays in
strengthening our Nation's cyber security, and we must continue to
support these hard-working men and women in their mission.
Mr. President, I will close by telling a story. I have told this
story before, but it is a good one, and it is certainly germane to what
we talked about here today.
A couple of years ago, I was listening to a radio station on my way
to the train station in Delaware, and I caught NPR news right at 7 a.m.
as I made my way to the train station in Wilmington. On the news that
morning, they gave a report about an international survey that was
taken where they asked thousands of people in different countries and
here: What is it about your work that you like? What is it about your
work that makes you like your job or not like your job?
Some of the people who were asked said: Well, the thing I like about
my job is I like getting paid--not that they are in it for the money,
but they like getting paid. Others said they like vacations. Some
people said they had health care. Others said they like the folks they
work with. Other people said they like the environment--a beautiful
place like this in which they work. But what most people said they
liked were really two things: No. 1, they knew the work they were doing
was important, and No. 2, they felt as though they were making
progress. Think about that. They knew the work they were doing was
important and they felt as though they were making progress.
Well, there is probably nobody in our country--at least working
within the Federal Government--who does work more important than the
folks at the Department of Homeland Security. The House and the Senate
have worked in recent years to strengthen the ability of the Department
of Homeland Security, including the US-CERT team, to be able to do
their job even better.
My hope is that in years to come, as we hear these annual reports on
best places to work within the Federal Government, that we are going to
find that the people at the Department of Homeland Security, including
NCCIC and US-CERT, will be saying more and more: I like working here
because I know the work I do is important, and I feel as though we are
making progress.
This Senator would just say to everyone at US-CERT, thank you for all
the good you do for us. Thank you for your service to this country. And
to each of you, we wish you happy holidays and Merry Christmas. We
would also say, here is hoping that we will all have a more peaceful
new year. I think the American people are ready for that. I know the
Presiding Officer is, and so am I.
With that, I yield the floor.
I suggest the absence of a quorum.
The PRESIDING OFFICER (Mrs. Fischer). The clerk will call the roll.
The senior assistant legislative clerk proceeded to call the roll.
Mr. SANDERS. Madam President, I ask unanimous consent that the order
for the quorum call be rescinded.
The PRESIDING OFFICER (Mrs. Ernst). Without objection, it is so
ordered.
(The remarks of Mr. Sanders pertaining to the introduction of S.
2391, S. 2398, and S. 2399 are printed in today's Record under
``Statements on Introduced Bills and Joint Resolutions.'')
Mr. SANDERS. I yield the floor.
The PRESIDING OFFICER. The Senator from Connecticut.
____________________