[Congressional Record (Bound Edition), Volume 161 (2015), Part 14]
[Senate]
[Pages 20007-20009]
[From the U.S. Government Publishing Office, www.gpo.gov]




                      TRIBUTE TO FEDERAL EMPLOYEES


                 U.S. Computer Emergency Readiness Team

  Mr. CARPER. Mr. President, I mentioned to the Presiding Officer in 
our brief conversation before I came to the podium that one of the 
things I try to do every month or so is come to the floor, usually when 
things are slower and there is not a lot going on, to talk about some 
of the folks who work for us and serve our country in the Department of 
Homeland Security.
  Earlier this week, as my colleagues may recall, an outfit called the 
Partnership for Public Service released an annual report in which they 
rank the best places in which to work in the Federal Government. The 
report is based on surveys that are conducted literally by hundreds of 
thousands of Federal employees. This year it showed an increase in 
overall employee morale for the first time, I think, in 4 or 5 years. 
That is good news.
  Despite the progress that appears to have been made in a number of 
Federal agencies, not all but many components of the Department of 
Homeland Security continue to struggle to make their employees feel 
good about their work and what they do for the rest of us.
  I know the Secretary of the Department, Jeh Johnson, and his team 
have taken a number of significant steps to make the Department a 
better place to work for current and future employees. They do outreach 
and get input from their employees as to what needs to be done to 
enable them to feel better about the work for greater job satisfaction, 
to make them want to come to work. I would also say today that the 
Congress--those of us who serve in the Senate and the House--also has a 
responsibility to help improve morale, not just at the Department of 
Homeland Security but in the Federal Government at large.
  Considering the fact that we began 2015 with a fight in this body 
right here over whether we should even fund the Department, I don't 
believe those of us in the Senate or in the House are doing all we can 
do, that we are doing our part well. As I said earlier, that is why I 
come to the Senate floor on a number of occasions throughout the year 
to highlight some of the extraordinary work done every day by the 
dedicated men and women at the Department of Homeland Security.
  Today I rise to recognize no one individual. Usually I pick one or 
two people who have done extraordinary things with their lives, but 
today I am going to focus on a whole team of people who do important 
work every day to defend our Nation from the growing and evolving 
threat our country faces in cyber space.
  It seems as though we don't go a week without hearing about another 
major breach at a business or a government agency. We are under 
unrelenting attack from all over the world--in some cases from 
sovereign nations, in other cases from criminal organizations, and in 
other cases just from pranksters. Over these past few years, we have 
seen major attacks on the Office of Personnel Management, on a great 
many banks and other businesses, and even the email of the Director of 
the Central Intelligence Agency. These attacks make clear that the 
threats we face online are complex, and unfortunately we will be 
struggling with how to deal with them for the foreseeable future.
  Fortunately, in Congress we have been making some progress combating 
these cyber threats through legislation. Last year we passed cyber 
security legislation--four bills in fact--out of the Committee on 
Homeland Security and Governmental Affairs. These four bills were aimed 
at strengthening the ability of the Department of Homeland Security to 
perform their cyber security mission.
  Among those bills was one to update how our government protects its 
own networks. This bill includes language clarifying the role the 
Department plays in overseeing and enhancing security and other 
agencies. Two other bills gave the Department some of the tools it 
needs to strengthen its cyber

[[Page 20008]]

security workforce, and just last month the Department of Homeland 
Security announced that it now seeks to hire up to 1,000 new cyber 
security employees over the next 6 months using the new authorities we 
have given them.
  We also passed legislation that codified the cyber operations center 
at the Department. It is called the National Cybersecurity and 
Communications Integration Center, affectionately known as the NCCIC. 
Our legislation--which former Senator Dr. Tom Coburn and I coauthored, 
supported by many in our committee and outside of our committee--gave 
the NCCIC the strong legal foundation it needs, that it lacked, in 
order to do their job and engage with the private sector in a joint 
effort to better secure critical cyber networks.
  I think we have made real progress on cyber security legislation this 
year as well. I think we are maybe poised to do even more. I would like 
to use a football analogy. The team flips a coin and somebody receives 
and somebody kicks the ball. Receiving takes the ball maybe deep in 
their own territory, and then they march down the field across the 50-
yard line into the other team's territory, then they get to the 20-yard 
line, and then moving closer to the other team's goal line, they would 
say they are in the red zone. In terms of our march on cyber security 
legislation here and in the House, thanks to the good work of the Intel 
Committee here and the Committee on Homeland Security and Governmental 
Affairs as well, we are not just in the red zone, we are inside the 10-
yard line and it is first down and goal to go.
  Unfortunately, the clock is running out and we don't have forever to 
get the job done, but if we are smart and don't give up, we can have a 
real success for the American people in strengthening our cyber 
defenses in a real way.
  The legislation we passed this fall was called the Cybersecurity 
Information Sharing Act, and it represents a collaboration on a number 
of cyber security issues. In the bill the Department of Homeland 
Security plays a central role as they interface between industry and 
the government. The bill also includes provisions to enhance the cyber 
security program at the Department of Homeland Security known as 
EINSTEIN, which uses classified threat intelligence to protect all of 
our civilian agencies.
  I am mentioning all of this legislation to show the critical role or 
underline the critical role the Department of Homeland Security plays 
in security for our Nation. At the center of the Department's cyber 
security operation is the U.S. Computer Emergency Readiness Team, which 
is also known as US-CERT.
  To my left is a picture of our President, and the handsome fellow he 
is speaking to is a fellow named Jeh Johnson, who is the Secretary of 
the Department of Homeland Security, a role he has filled for I believe 
most of 2 years now. I think he is doing a splendid job, with the great 
support of the Deputy Secretary there, Alejandro Mayorkas, and a couple 
of thousand people who are committed to defending our homeland.
  This is a picture of the President addressing, along with Secretary 
Johnson, the employees at US-CERT. I think it was taken earlier this 
year. Again, US-CERT--the U.S. Computer Emergency Readiness Team--is 
the main operational team within the NCCIC. It is the operational team 
within the NCCIC itself.
  What do they do? They pool information and they share that 
information throughout the Federal Government. The US-CERT also shares 
information with our partners in the private sector across the country 
and with our allies around the world. It is an important job. It is not 
a job that is done for 5 days a week, 8 hours a day. It is a 24-hour-a-
day, 7-day-a-week operation, and these men and women work to stay ahead 
of the bad actors who are trying to steal our personal information and 
trying to really harm our economy. In some cases they are plotting to 
damage our critical infrastructure such as our electric grid, our 
financial systems, and our communications systems.
  US-CERT was established 12 years ago as the Department of Homeland 
Security was first being stood up. The mission of US-CERT is simple, I 
think: to make the Internet a safer place for everyone by helping to 
improve cyber security across the country. I will say that again. The 
mission of US-CERT is very simple--not easy but simple. It is to make 
the Internet a safer place for everyone by helping to improve cyber 
security across our country. To do this, US-CERT operates a wide 
variety of programs. These programs include several information sharing 
collaboration programs, incident response teams that provide onsite 
assistance to attack victims, programs such as the EINSTEIN intrusion 
detection and prevention system to protect Federal agencies, education 
and awareness programs, and deeply technical forensic analysis. The US-
CERT partners with a wide variety of organizations. Among them, they 
partner with powerplants and utilities, they partner with financial 
institutions, they partner with software companies, with researchers, 
and they partner with certain teams in other countries and other cyber 
operation centers such as those over at NSA, the National Security 
Agency, and the FBI as well.
  When a major attack occurs in the Federal Government or the private 
sector, the men and women at US-CERT mobilize to travel to the victim's 
location. They help mitigate the attack. They help to strengthen the 
victim's cyber systems, and then they communicate with their partners 
so everyone can secure their systems against similar attacks. We 
learned from that bad experience, and hopefully we can help reduce the 
likelihood that someone else will suffer a similar fate.
  Earlier this year, when the Office of Personnel Management discovered 
a data breach of personal data belonging to millions of Federal 
employees, they called the NCCIC and asked for its team of experts. US-
CERT was deployed to play a central role in, first of all, 
investigating the attack but also in responding to that attack. For the 
next 4 months, the team worked literally around the clock at OPM to 
assess and to monitor Federal networks and to develop new protections 
against this type of intrusion that OPM had experienced.
  Now, once US-CERT realized that other Federal agencies were also 
vulnerable to this kind of a breach, they immediately shared the 
indicators of the attack with network analysts across the Federal 
Government. This allowed other Federal agencies to scan their systems 
and to make sure they had not been compromised by the same hacker and 
to be on alert for that hacker's attack.
  Because of the scale and impact of the OPM breach, which I think 
actually ended up affecting more than 20 million people, the US-CERT 
team worked long hours to make sure they could provide guidance to 
Federal agencies as quickly as possible so they could protect their 
networks from similar attacks and prevent the attacker from using the 
information they obtained against us. Their work not only strengthened 
the Office of Personnel Management's cyber security posture, it also 
bolstered cyber security across the entire Federal Government.
  US-CERT and all the cyber warriors at the NCCIC work tirelessly every 
day to out-think and out-innovate our cyber enemies. The legislation we 
enacted last year and the bill we are working hard to send to the 
President this year with great bipartisan support here in the Senate 
and the House as well puts the Department of Homeland Security in the 
spotlight and entrusts them with ever-greater responsibility for years 
to come. We in Congress recognize the critical role US-CERT plays in 
strengthening our Nation's cyber security, and we must continue to 
support these hard-working men and women in their mission.
  Mr. President, I will close by telling a story. I have told this 
story before, but it is a good one, and it is certainly germane to what 
we talked about here today.
  A couple of years ago, I was listening to a radio station on my way 
to the train station in Delaware, and I caught NPR news right at 7 a.m. 
as I made my

[[Page 20009]]

way to the train station in Wilmington. On the news that morning, they 
gave a report about an international survey that was taken where they 
asked thousands of people in different countries and here: What is it 
about your work that you like? What is it about your work that makes 
you like your job or not like your job?
  Some of the people who were asked said: Well, the thing I like about 
my job is I like getting paid--not that they are in it for the money, 
but they like getting paid. Others said they like vacations. Some 
people said they had health care. Others said they like the folks they 
work with. Other people said they like the environment--a beautiful 
place like this in which they work. But what most people said they 
liked were really two things: No. 1, they knew the work they were doing 
was important, and No. 2, they felt as though they were making 
progress. Think about that. They knew the work they were doing was 
important and they felt as though they were making progress.
  Well, there is probably nobody in our country--at least working 
within the Federal Government--who does work more important than the 
folks at the Department of Homeland Security. The House and the Senate 
have worked in recent years to strengthen the ability of the Department 
of Homeland Security, including the US-CERT team, to be able to do 
their job even better.
  My hope is that in years to come, as we hear these annual reports on 
best places to work within the Federal Government, that we are going to 
find that the people at the Department of Homeland Security, including 
NCCIC and US-CERT, will be saying more and more: I like working here 
because I know the work I do is important, and I feel as though we are 
making progress.
  This Senator would just say to everyone at US-CERT, thank you for all 
the good you do for us. Thank you for your service to this country. And 
to each of you, we wish you happy holidays and Merry Christmas. We 
would also say, here is hoping that we will all have a more peaceful 
new year. I think the American people are ready for that. I know the 
Presiding Officer is, and so am I.
  With that, I yield the floor.
  I suggest the absence of a quorum.
  The PRESIDING OFFICER (Mrs. Fischer). The clerk will call the roll.
  The senior assistant legislative clerk proceeded to call the roll.
  Mr. SANDERS. Madam President, I ask unanimous consent that the order 
for the quorum call be rescinded.
  The PRESIDING OFFICER (Mrs. Ernst). Without objection, it is so 
ordered.
  (The remarks of Mr. Sanders pertaining to the introduction of S. 
2391, S. 2398, and S. 2399 are printed in today's Record under 
``Statements on Introduced Bills and Joint Resolutions.'')
  Mr. SANDERS. I yield the floor.
  The PRESIDING OFFICER. The Senator from Connecticut.

                          ____________________