Mar 09 2015
Sen. Tom Carper
Years ago, the only way to steal millions of dollars was to rob a bank. Today, criminals only need a few strokes on a keyboard to steal fortunes from consumers and businesses large and small.
And despite how strong we may make the vault, the bad guys are still figuring out how to get in. In fact, as former FBI Director Robert Mueller put it, "There are only two types of companies: those that have been hacked, and those that will be."So what's at stake if we do nothing? Only the "greatest transfer of wealth in human history," according to former National Security Agency (NSA) Director Gen. Keith Alexander. But that’s not all.
The NSA's current director, Adm. Mike Rogers, recently testified before Congress that we will likely see a dramatic cyberattack on America in the next decade. Some cyberattacks could even disrupt or destroy our critical infrastructure, including our electrical grid, financial systems, water supply, and air traffic control systems. Cyberattacks now pose one of the biggest threats to our national and economic security.
Though the threat is very real, Washington has been unable for a number of years to come up with a solution. In 2012, I joined a bipartisan group of colleagues to pass a comprehensive cybersecurity measure, but we ultimately failed to move that bill out of the Senate.
Last year, the Senate Select Committee on Intelligence, under the leadership of Sens. Dianne Feinstein (D-Calif.) and Saxby Chambliss (R-Ga.), produced a bill to facilitate information sharing, or better communication between the federal government and the private sector about cyber threats. This bill also failed to make it out of the Senate, largely because many stakeholders wanted to see stronger efforts in the bill to protect privacy.
Despite these failures, we have had some notable successes. In 2013, President Obama provided a road map to steer the nation on this complex issue, issuing a comprehensive framework that companies can implement to better defend themselves.
Following the president’s lead, last year, Sen. Tom Coburn (R-Okla.) and I championed four important, common-sense, bipartisan measures through the Homeland Security and Governmental Affairs Committee, where I continue to serve as the lead Democrat.
Those four bills, which were signed into law in December 2014, have strengthened our national security by modernizing our federal government’s cybersecurity efforts and improving our cyber workforce.
But while we have made significant progress, more must be done to stay ahead of this growing threat. One of our top priorities this Congress must be to help private companies and the federal government more easily share cyber threat data so that they can better understand the threats we face and more effectively defend their networks. The Cyber Threat Sharing Act of 2015, which I introduced in February, would do just that.
First, the bill provides liability protections so private companies can more easily share threat data with each other and federal agencies.
Second, it requires the federal government to share more classified and unclassified data with private industry, ensuring companies receive timely and useful information from the federal government.
Finally, the bill builds in strong privacy protections so that our cherished civil liberties are not compromised as we bolster our cyber defenses.
The Cyber Threat Sharing Act reflects guidance from the Obama administration, as well as insights from industry experts and privacy advocates.
I know that others in Congress are also working on information-sharing legislation. I commend them for those efforts. In the Senate, Feinstein and Sen. Richard Burr (R-N.C.) have shown great leadership on this issue and are working hard to move a bill that shares some of the same goals as the Cyber Threat Sharing Act but differs in its approach.
Finding a legislative solution has been difficult. That is why a collaborative and transparent process is the best path forward for a strong and balanced bill. I look forward to working closely with my colleagues and all stakeholders in an open process, and strongly believe we must have a public debate on any bill that ultimately moves to the floor.
I should hasten to add that an information-sharing bill is not a silver bullet. We need to pursue additional ways to help businesses better protect their networks and strengthen their response if a breach happens.
To that end, I also intend to pursue bipartisan legislation that would establish national data protection and notification standards and replace the current patchwork of state and federal regulations — protecting consumers and businesses alike.
On Election Day, American voters sent Congress a clear message: They want us to work together and get things done that contribute to our economic recovery now underway.
Passing bipartisan measures that address information sharing and data breach protection and notification are just two of many ways we could meet that call.
It won't be easy, but given the grave nature of the threat, it's imperative that Congress, the administration and stakeholders find common ground — and do so with a sense of urgency. Americans are counting on us.
This op-ed ran in The Hill (link)