Sen. Carper Calls for Action on Bill to Prevent Cyber Attacks and Online Threats to Homeland Security

WASHINGTON – Today, Sen. Tom Carper (D-Del.), Chairman of the Subcommittee on Federal Financial Management, Government Information, Federal Services, and International Security, joined Sens. Joe Lieberman (ID-Conn.), Susan Collins (R-Maine), and Jay Rockefeller (D-W.V.) to discuss the Cybersecurity Act of 2012. His statement, as prepared for delivery, follows:

“One of our colleagues, Senator Mike Enzi of Wyoming, introduced me to something he calls the 80-20 rule several years ago. He used it to explain how he – one of the most conservative Republicans in the Senate – and Ted Kennedy – one of the most liberal Democrats in the Senate – were able to accomplish so much in the years prior to Ted’s death when they were the two senior leaders on the Health, Education, Labor and Pensions Committee. Senator Enzi told me, ‘Ted and I agreed on about 80 percent of what needed to be done on most issues, and we disagreed on the other 20 percent. Somewhere along the way, we just decided to focus on the 80 percent that we agreed on and set the other 20 percent aside for another day.’

“The bipartisan cybersecurity legislation we’re unveiling here today is an 80-20 bill. Is it worthwhile to pass a bill that only achieves 80 percent of what we want to do? Well, compared to what? To doing nothing? Given all that’s at stake in today’s world, you bet it’s worthwhile. This much we should be able to agree on. So, let’s get it done.

“None of the bill’s five original cosponsors is saying that our bill is perfect. But we all agree that we shouldn’t let the perfect be the enemy of the good, especially when America’s economy and national security are already under attack in cyberspace. If some of our colleagues offer compelling ideas that would make it better, I hope we’ll embrace those ideas and include them in our legislation.

“Let’s be clear. This bill is not the finish line. To paraphrase Churchill, ‘It’s not the end. It’s not the beginning of the end.’ The introduction of this bill is the end of the beginning. And, as beginnings go, it ain’t bad. While working with our colleagues in the Senate and House, let’s find out if we can’t make it better. I’m betting that we can.

“This bill represents a good-faith effort to address the concerns of business and privacy groups and Members on both sides of the aisle. First, rather than direct the Department of Homeland Security to mandate new cybersecurity regulations for critical infrastructure like our electricity grid, our drinking water and communications systems, we’ve endorsed an approach that relies on a public-private partnership and a voluntary cybersecurity program to strengthen the electronic backbone of our most sensitive systems.

“Second, instead of government penalties, our bill calls for using incentives like liability protection to encourage critical infrastructure owners to adopt voluntary cyber practices developed by industry. Third, this revised bill also provides a framework for the sharing of cyber threat information between the federal government and the private sector as well as within the private sector itself, while offering liability and better privacy and civil liberties protections for all Americans.

“Finally, to ensure that federal agencies are better equipped to stop cyber attacks, the bill includes a number of security measures that I have worked on for years with Senator Collins and others to better protect our federal information systems. In particular, this bill will help replace our outdated, paper-based security practices with a real-time security system that can help our government fight the rapidly evolving and highly agile cyber threats we face today. For example, agencies will be required to continuously monitor their systems like a security guard would watch a building through a video camera rather than just taking a snapshot, developing the film and reporting on the results once a year.

“Equally important, our bill makes a number of important investments in developing the next generation of cyber security professionals by providing stronger cybersecurity training and establishing better cybersecurity programs in our schools and universities. This legislation also makes research and development for cybersecurity a priority, so we can develop cutting edge technologies here at home and bring jobs to our country. Doing so will not only make us safer as a nation, it will help ensure that America’s workforce is better prepared for tomorrow’s job market, and tomorrow is just around the corner.”