Rockefeller Speaks on Need to Shore Up America's Cyber Defenses

Addresses Senate Colleagues, Prepares to Introduce Legislation

February 14, 2012

WASHINGTON, D.C.—Chairman John D. (Jay) Rockefeller IV today spoke on the need to shore up America's cyber defenses on the floor of the Senate. He addressed his colleagues about the issue as he prepares to introduce legislation with Homeland Security Chairman Joe Lieberman and Ranking Member Collins.

Chairman Rockefeller's prepared floor remarks follow:

Mr. President, when most Americans think of cyber security, they conjure up an image of someone having a credit card number stolen, a prankster using their Twitter account or someone downloading a movie without paying.  And that’s all true.  The Internet is central to our lives, our economy and our society.  Any insecurity is a worry.

But we’re here today because the experts are warning us that we are on the brink of something much worse, something that could bring down our economy, rip open our national security or even take lives.  The prospect of mass casualties is what has propelled us to make cybersecurity a top priority for this year—to make it an issue that transcends political party or ideology.

Consider the warning signs.  Hackers now seem to be able to routinely crack the codes of our government agencies, our Fortune 500 companies and everything in between.  Admiral Mike Mullen, former Joint Chiefs Chairman, said that the cyber threat is the only other threat that’s on the same level as Russia’s stockpile of nuclear weapons.  And FBI Director Robert Mueller testified to Congress recently that the cyber threat will soon overcome terrorism as the top national security focus of the FBI.

Think about that.  Cyber will be as dangerous as terrorism.  Cyber threats and the prospects of a widespread Internet attack could potentially be as devastating to this country as the terror strikes that tore apart this country just 10 short years ago.

How is that possible you ask?  Think about how many people could die if a cyber terrorist attacked our air traffic control system and planes slammed into one another; or rail switching networks were hacked causing trains carrying people—or hazardous materials—to derail or collide in the midst of some of our most populated urban areas, like Chicago, New York or Washington, D.C.  What about an attack on networks that run a pipeline, refinery or a chemical factory causing temperature and pressure imbalances leading to an explosion equivalent to a massive bomb?  Or an attack on a power grid shutting down generators that deliver electricity to cities or hospitals?

In short, we’re on the brink of what could be a calamity. The Directors of National Intelligence under both President George W. Bush and President Barack Obama have said that the cyber threat is the number threat to our country.  We can act now, and try and prepare ourselves. Or we can wait and face the consequences.  I’m here to argue that we should act now to prevent a cyber disaster.  That’s what this bill that we are introducing today would do.

Working with my friends Senator Lieberman and Senator Collins, we have written legislation that I believe strikes the right balance between addressing the danger without putting an undue new set of regulations on business. Our bill would determine the greatest cyber vulnerabilities throughout critical infrastructure. It would protect and promote private sector innovation, and encourage private sector leadership and accountability in securing private systems.  It would improve threat and vulnerability information sharing between the government and the private sector, while protecting privacy and civil liberties.  And it would improve the security of the Federal government’s networks as well as clarify the roles and responsibilities of Federal agencies.  Finally, it would strengthen the cyber workforce, coordinate cybersecurity research and development and promote public awareness of cyber vulnerabilities to ensure a better-informed citizenry. 

Let me say again: This bill is bipartisan and was written to address the many concerns that surfaced three years ago when we first raised this issue and when we started writing this bill.  We held meetings with all sides, incorporated hundreds of specific suggestions and, in short, tried to do what we do with any great bill: make a lot of people somewhat irritated and come up with a compromise that everyone can agree to.

Earlier this month an association of major high tech companies praised our approach.  We’ve talked with industry and with the White House.  In the end, we settled on a plan that creates no new bureaucracy or heavy handed regulation.  It’s premised on companies taking responsibility for securing their own networks, with government assistance where necessary.

The most important point I want to make here today though is to go back to the threat we’re facing.  Ten years ago, throughout 2001, our national security systems warned us about the possibility of a terrorist threat.  We know now that we failed to take sufficient action to address those threats.  And we paid for it.

Today, with a new set of warnings flashing before us, and a wide range of new challenges to our security and our safety, we again face a choice.  Act now, and put in place safeguards to protect this country and our people.  Or act later, when it’s too late.  I hope we act now.