[Congressional Record (Bound Edition), Volume 156 (2010), Part 12]
[Senate]
[Pages 17716-17717]
[From the U.S. Government Publishing Office, www.gpo.gov]




              NATIONAL CYBER INFRASTRUCTURE PROTECTION ACT

  Mr. BOND. Mr. President, last June, Senator Hatch and I introduced S. 
3538, the National Cyber Infrastructure Protection Act. This bill 
responds to the concern expressed by former Director of National 
Intelligence Mike McConnell that ``[i]f we were in a cyber war today, 
the United States would lose.''
  The bill is built on three principles. First, we must be clear about 
where Congress should, and, more importantly, should not legislate. 
Second, there must be one person in charge--someone outside the 
Executive Office of the President who is unlikely to claim executive 
privilege, but who has real authority to coordinate our government 
cyber security efforts. Third, we need a voluntary public-private 
partnership to facilitate sharing cyber threat information, research, 
and technical support.
  Since filing the bill, we have continued to work with government, 
industry, and privacy experts in making sure that the solutions 
identified in this bill are effective. There are many different 
opinions out there on how best to tackle the cyber security problems we 
face, and so we remain open to looking at ideas for improving the bill. 
Earlier today, we filed a substitute amendment to S. 3538 that 
incorporates a number of these suggested improvements. It has been 
referred to committee.
  The original bill would have housed the National Cyber Center 
administratively in the Department of Defense so as to reduce start-up 
costs and logistics. We appreciate the concerns some may have with the 
appearance we are militarizing cyber security, so our substitute 
creates the center as a stand-alone entity, like the Office of the 
Director of National Intelligence. In this way, it will be clear we are 
not militarizing cyber security and one department does not have the 
inside track over any other when it comes to securing our government 
networks. In order to make sure there is appropriate input from DOD and 
DHS, we are also creating two deputy directors, instead of one, with 
each appointed by the respective Secretaries with the concurrence of 
the Director of the National Cyber Center.
  Second, the Cyber Defense Alliance is a pivotal component for 
encouraging government and the private sector to collaborate and share 
information on cyber-related matters. We recognize that the private 
sector is often on the front lines of cyber attacks, so any information 
they can provide to increase government awareness of the source and 
nature of cyber threats will make both government and the private 
sector stronger. The corollary to this is that the government must 
share its own cyber threat information, including classified or 
declassified intelligence, with the private sector.
  All of this sharing can raise significant privacy concerns. So, in 
response to suggestions we have heard, our substitute bill adds 
language to clarify that at least one of the private sector members of 
the board of directors must have experience in civil liberties matters. 
We believe this will ensure that privacy concerns are taken seriously 
at the very top levels of the Alliance. We all have an interest in 
making sure that threat information is shared, but we also have an 
interest in making sure that no one's privacy rights are violated.
  The next Congress needs to focus on passing effective cyber 
legislation. I believe that S. 3538, as amended, provides a solid 
starting point for that effort. The bill addresses the most pressing 
needs: it puts someone outside the White House in charge of cyber 
policy and the Federal cyber budget; it provides a national cyber 
center that can oversee and coordinate cybersecurity for dot.gov and 
dot.mil; and it creates a public-private partnership that will harness 
the creativity of the private sector to better protect our dot.com 
networks.
  Congress should avoid the temptation to overlegislate in this area. 
We need to walk before we can run. Once this basic cyber infrastructure 
is established, it will bring the leading public and private cyber 
experts together to shape cyber activities and policies. These experts 
will then be in an ideal

[[Page 17717]]

position to advise Congress and the administration on the need for any 
additional steps to ensure our cybersecurity.
  I thank my good friend Senator Hatch for his close collaboration on 
this legislation. I know he will be an effective advocate for this 
approach when the bill is filed in the next Congress.

                          ____________________