Chairman Rockefeller Remarks on Cybersecurity: Next Steps to Protect Our Critical Infrastructure

February 23, 2010

JDR Head ShotWASHINGTON, D.C.— This nation and its citizens depend enormously on communications technology in countless ways everyday.

Vast network expansions have transformed virtually every aspect of our lives: education, health care, how our businesses grow and function, and the development of an interconnected, more democratic conversation.

Our government, our economy, our very lives rely on technology that connects millions of people around the world in real time, all the time. 

And yet, these powerful networks also carry great risks that few people fully understand. 

In recent years, hackers have attacked numerous federal agencies, key media outlets, and large companies across the private sector, targeting intellectual property and stealing valuable information vital to our national and economic security.

And these attacks are coming with increasing regularity and sophistication.

A major “cyberattack” could shut down our nation’s most critical infrastructure—our power grid, telecommunications, financial services—the basic foundations on which our communities and our families have built their lives and saved for their future.

This hearing is a next step in examining the important action we should be taking, right now—as a government and as a national economy—to harden our defenses and safeguard critical infrastructure against a major cyberattack.

Now, I understand it is no secret that cybersecurity is one of my top priorities. As the former chair of the Intelligence Committee, and now Commerce, I know that it’s both our national security and our economic security at stake. 

But, I am not alone: many experts, business leaders, and public officials—including two of our former Directors of National Intelligence—have pointed time and time again to cybersecurity as one of this country’s chief security concerns.

President Obama called cyberspace a “strategic national asset.”

However—and this is a very important point, critical to the challenge we are discussing here today—unlike other strategic national assets, cyberspace is 85 percent owned and controlled by private companies and individuals. 

That means no one—neither the government nor the private sector—can keep cyberspace secure on their own. Both must work together.

And that is why, along with Senator Snowe, I have introduced comprehensive legislation—the Cybersecurity Act of 2009—to modernize the relationship between the government and the private sector on cybersecurity.

Our legislation calls for developing a cybersecurity strategy and identifying the key roles and responsibilities of all the players, private and public, who will respond in a time of crisis.

I’m sure you have all heard about last week’s “Cyber Shockwave” exercise. That process made it enormously clear: if we are serious about responding effectively to a real cyber emergency, we need very strong top level coordination.

Too much is at stake for us to pretend that today’s outdated cybersecurity policies are up to the task of protecting our nation and economic infrastructure.

We have heard the reassurances and seen the best efforts of many in the private sector working to secure their networks. But it is clear that even the largest, most sophisticated companies are not immune from attack.

We have to do better and that means it will take a level of coordination and sophistication to outmatch our adversaries and minimize this enormous threat.

It is that simple. We cannot wait for a crisis to occur, the consequences would be far too grave.

This is the time to come together, public and private, working in unison to build a new, strong cybersecurity partnership for the 21st century.

I want to welcome our panel of witnesses and thank them for taking the time to participate. I look forward to their testimony.