Opening Statement of Ranking Member Thune On Cybersecurity Partnership Between Private Sector and Government

March 7, 2013

WASHINGTON, D.C. — U.S. Senator John Thune (R-SD), Ranking Member of the Senate Committee on Commerce, Science, and Transportation delivered the following prepared remarks at today’s “The Cybersecurity Partnership Between the Private Sector and Our Government: Protecting our National and Economic Security” hearing:

Thank you, Chairman Rockefeller and Chairman Carper, for holding this joint hearing to examine the need for a greater cybersecurity partnership between the private sector and the federal government.

No one can deny the serious threat we are confronting in cyber space.

Almost daily, we learn of new cyber threats and attacks targeting our government agencies and the companies that drive our economy.

In these perilous economic times, it is especially troubling that the intellectual capital that fuels our prosperity is being siphoned off by cyber-criminals and even nation-states. The National Counterintelligence Executive – the country’s chief counterintelligence official – summed it up this way in 2011: “Trade secrets developed over thousands of working hours by our brightest minds are stolen in a split second and transferred to our competitors.”

This large-scale theft cannot be allowed to continue unchecked.

We must find solutions that leverage the innovation and know-how of the private sector, as well as the expertise and information held by the federal government. And, given the escalating nature of the threat, we should look for solutions that will have an immediate impact.

As today’s hearing title suggests, one thing we must do is strengthen the partnership between the government and the private sector. As one of our witnesses, David Kepler of the Dow Chemical Company, observed in his testimony, timely information sharing between government and industry, and among industry peers, is key to this collaboration.

The Chair of the House Intelligence Committee has said that, according to intelligence officials, allowing the government to share classified information with private companies could stop up to 90 percent of cyber attacks on U.S. networks. Even if the figure was only 60 or 70 percent, the return would be well worth the effort.

Improving research and development is another area where our focus could yield new tools to secure the cyber domain. We should not underestimate the value of R&D.  I’m proud to note that South Dakota’s own Dakota State University is one of only four schools in the nation designated by the National Security Agency as a Center of Academic Excellence in Cyber Operations.

It is no secret that, during the last Congress, the Senate reached an impasse on cyber security legislation. It is my hope – I suspect our shared hope – that we can avoid another stalemate in this Congress. Today’s hearing is a good start.  

As we all recognize, this issue crosses the jurisdictional boundaries of many committees.  So it is appropriate – if somewhat challenging – that we have joined with our colleagues on the Homeland Security and Governmental Affairs Committee today. Of course, given the importance of this topic and the value of hearing from multiple stakeholders, I look forward to additional sessions in the Commerce Committee as we seek consensus on this vital matter.

Our hearing today takes place against the backdrop of the President’s recently released Executive Order on cybersecurity and related Presidential Policy Directive. Even though I, like many of my colleagues, was skeptical about executive action, the Order’s release may provide an opportunity for Congress to find common ground on other steps that will improve our cybersecurity. 

Of course, we must also conduct meaningful oversight of the Executive Order’s implementation. I look forward to hearing from Secretary Napolitano and Under Secretary Gallagher today regarding the steps the Department of Homeland Security and the National Institute of Standards and Technology are taking to ensure that the
Executive Order’s promise of improved partnership and collaboration with the private sector is realized in practice. I am particularly interested in hearing about how the Executive Order builds upon or enhances existing mechanisms for public-private collaboration. And, I will be interested in the views of our GAO witness, Greg Wilshusen, as to whether the federal government is up to the task envisioned by the Executive Order, given persistent shortcomings in its own cybersecurity efforts identified by the watchdog agency.

Again, I thank all of the witnesses for being here, and I look forward to hearing your testimony.