Chairman Rockefeller Remarks on Rockefeller-Snowe Cybersecurity Act

March 24, 2010

JDR Head ShotWASHINGTON, D.C.—We need a new concept of security in the 21st century. We are in uncharted territory in the Information Age.

Our country is well-suited to meet this challenge – America is a country of pioneers and innovators.

Securing cyberspace is a new challenge. It is different from virtually every other security threat that we have faced in our history, and therefore we need a very different solution.

We have to pull together, like the pioneers did, and navigate this uncharted territory – and we have to do it together. We will have to do this with unprecedented proactive teamwork and collaboration between the government and the private sector.

The approach we are proposing is not a 20th century framework of "government regulation" – it is a new paradigm for the future.

For centuries, security has meant governments protecting their citizens within national borders.

This basic concept of government-provided security has remained in effect throughout American history, through all of our wars, hot and cold. Even now, 10 years into a new century with new and very different threats, we are still relying on the old approach to security: that the government alone is responsible to protect us from all threats.

The problem is that this model simply doesn't work in cyberspace. Nearly 90 percent of critical infrastructure is owned and operated by the private sector. 

The government can't protect our citizens, or our critical infrastructure, on its own.

And private companies cannot protect themselves on their own. 

Our future is literally being stolen from us with the theft of intellectual property and proprietary information from U.S. companies and innovators.

The status quo is not sustainable. We need a new model for the 21st century.

The Rockefeller-Snowe bill provides that new model – giving the government, private companies and private citizens the collaborative responsibility and authority to defend our country in a world where borders do not exist.

This collaboration and engagement between government and private sector on cybersecurity needs to be proactive and constant. It cannot be reactive and disjointed.

That goes for promoting innovation and best practices, professional development and education, emergency preparedness and response, public awareness, and virtually every other aspect of cybersecurity.

It is no longer government alone protecting the country; it's all of us together. 

Our approach is very different from traditional regulation because it gives the private sector unprecedented influence – and responsibility – in determining how our country defends itself.

It is better to act now than to wait to act after a cyber-emergency. We need the private sector to meet this challenge with bold and visionary leadership.

We know that concerns remain about some specific aspects of this bill, and Senator Snowe and I will continue to work with stakeholders and experts as we move forward.

We must emphasize that our core principle is not going to change: we need a new framework where private sector and government are on the same team, tactically and strategically.

They cannot just act in response to a government grant or contract, subpoena or regulation – but instead, they must act as an integral day-to-day and year-to-year part of 21st century business and national security plans and operations.

This bill will help to make that happen.