Majority Statement

• Senator John D. (Jay) Rockefeller IV

  Chairman

  U.S. Senate Committee on Commerce, Science, and Transportation
  Read statement

  Majority Statement

  Senator John D. (Jay) Rockefeller IV

  Prepared
  Opening Statement – Senator John D. (Jay) Rockefeller IV, Chairman

   

  Long ago we made the decision that in this country, private companies would build and own our key transportation, communications, and energy networks.  That was and
  still is a good decision.  Given the opportunity to earn a reasonable profit on their investment, private companies built our railroads, our wireline telephone network, our aviation system, our pipelines, and many other physical assets that have fueled our country’s phenomenal economic success.  This isn’t just our past.  It’s our future too.  With the encouragement and support of federal, state, and local governments, private companies are hard at work today building the broadband network that will be key to our country’s success in the 21^st century.  

  What we have always asked these companies for in return is that they serve not just the narrow interests of their shareholders, but also the broader, general interests
  of this country.  As those of us who serve on the Commerce Committee know very well, getting big things done in this country always requires a partnership between the public and private sectors.  That’s the kind of partnership we will need to address the grave new threat our country faces today – the threat of cyber attacks. 

  Back in 2009, when I started working on this issue with Senator Snowe, cybersecurity
  was an exotic idea.  Today, four years later, it is a household word.  Almost every day, we read about another company, or another government agency, that has been electronically attacked by adversaries trying to cause economic damage or searching for sensitive information. 

  It’s not a threat we can address through a traditional military response, and it’s not a
  threat that individual companies can handle through their normal risk mitigation practices.  It’s a threat that challenges our traditional notion of the public and private spheres.  A cyber attack against a government agency or a defense contractor is an attack against our nation.  But so is an attack on a private company that provides power or clean water to millions of Americans.  An attack against a privately owned
  and operated piece of our nation’s critical infrastructure is an attack on all of us.

  Since I have been working on this issue, I’ve had a lot of good, productive discussions with leaders in our business community, our military, and in other government
  agencies who understand this threat and have good ideas about how we can tackle
  it.  But we’ve also wasted a lot of time, by turning an urgent national security issue into a partisan political fight.  Back in 2010, we passed a cyber bill out of the Commerce Committee unanimously, without a vote.  By the fall of 2012, we couldn’t even get enough votes to close debate on the Senate floor, even though our country’s top national security leaders were urging us to act.

  The Obama Administration got tired of waiting for us.  I can’t blame them. This is a problem that is growing worse every day.  On February 12, 2013, President Obama released an Executive Order that takes some very important steps to start dealing with our cybersecurity problems.  The order marshals the resources and the expertise we have in many different federal agencies to start strengthening our country’s ability to defend ourselves from cyber attacks. 

  The Obama Administration worked very hard to make this Executive Order a welcoming
  invitation to the private sector to work together on this problem.  It seeks to formalize and strengthen the working relationships many companies already have with our cybersecurity experts in the federal government. One of the most important initiatives in the Executive Order is to start a process at the National Institute of Standards and Technology (NIST) that will develop cybersecurity standards and best practices with U.S. companies. 

  We are going to hear more about the Executive Order from our witnesses today, and we are going hear a lot more about cybersecurity in the 113^th Congress.  The Senators sitting at this dais today – and many more who are not sitting up here – understand what an urgent issue this is.  We understand that some of steps we need to take to defend our people and our critical infrastructure cannot be accomplished by a presidential order. We have to work with each other.  We have to trust each other.  We
  have to move forward.

   

  ###

Minority Statement

• Senator John R Thune

  Ranking Member

  U.S. Senate Committee on Commerce, Science, and Transportation
  Read statement

  Minority Statement

  Senator John R Thune

  Thank you, Chairman Rockefeller and Chairman Carper, for holding this joint hearing to examine the need for a greater cybersecurity partnership between the private sector and the federal government.

  No one can deny the serious threat we are confronting in cyber space.

  Almost daily, we learn of new cyber threats and attacks targeting our government agencies and the companies that drive our economy.

  In these perilous economic times, it is especially troubling that the intellectual capital that fuels our prosperity is being siphoned off by cyber-criminals and even nation-states. The National Counterintelligence Executive – the country’s chief counterintelligence official – summed it up this way in 2011: “Trade secrets developed over thousands of working hours by our brightest minds are stolen in a split second and transferred to our competitors.”

  This large-scale theft cannot be allowed to continue unchecked.

  We must find solutions that leverage the innovation and know-how of the private sector, as well as the expertise and information held by the federal government. And, given the escalating nature of the threat, we should look for solutions that will have an immediate impact.

  As today’s hearing title suggests, one thing we must do is strengthen the partnership between the government and the private sector. As one of our witnesses, David Kepler of the Dow Chemical Company, observed in his testimony, timely information sharing between government and industry, and among industry peers, is key to this collaboration.

  The Chair of the House Intelligence Committee has said that, according to intelligence officials, allowing the government to share classified information with private companies could stop up to 90 percent of cyber attacks on U.S. networks. Even if the figure was only 60 or 70 percent, the return would be well worth the effort.

  Improving research and development is another area where our focus could yield new tools to secure the cyber domain. We should not underestimate the value of R&D.  I’m proud to note that South Dakota’s own Dakota State University is one of only four schools in the nation designated by the National Security Agency as a Center of Academic Excellence in Cyber Operations.

  It is no secret that, during the last Congress, the Senate reached an impasse on cyber security legislation. It is my hope – I suspect our shared hope – that we can avoid another stalemate in this Congress. Today’s hearing is a good start.

  As we all recognize, this issue crosses the jurisdictional boundaries of many committees.  So it is appropriate – if somewhat challenging – that we have joined with our colleagues on the Homeland Security and Governmental Affairs Committee today. Of course, given the importance of this topic and the value of hearing from multiple stakeholders, I look forward to additional sessions in the Commerce Committee as we seek consensus on this vital matter.

  Our hearing today takes place against the backdrop of the President’s recently released Executive Order on cybersecurity and related Presidential Policy Directive. Even though I, like many of my colleagues, was skeptical about executive action, the Order’s release may provide an opportunity for Congress to find common ground on other steps that will improve our cybersecurity. 

  Of course, we must also conduct meaningful oversight of the Executive Order’s implementation. I look forward to hearing from Secretary Napolitano and Under Secretary Gallagher today regarding the steps the Department of Homeland Security and the National Institute of Standards and Technology are taking to ensure that the Executive Order’s promise of improved partnership and collaboration with the private sector is realized in practice. I am particularly interested in hearing about how the Executive Order builds upon or enhances existing mechanisms for public-private collaboration. And, I will be interested in the views of our GAO witness, Greg Wilshusen, as to whether the federal government is up to the task envisioned by the Executive Order, given persistent shortcomings in its own cybersecurity efforts identified by the watchdog agency.

  Again, I thank all of the witnesses for being here, and I look forward to hearing your testimony.

   

Testimony

• The Honorable Janet Napolitano

  Secretary

  U.S. Department of Homeland Security
  Download Testimony (93.11 KB)

• The Honorable Patrick D. Gallagher

  Undersecretary of Commerce for Standards and Technology

  Director, National Institute of Standards and Technology, U.S. Department of Commerce
  Download Testimony (83.65 KB)

Witness Panel 2

• Mr. Greg Wilshusen

  Director, Information Security Issues

  U.S. Government Accountability Office
  Download Testimony (689.99 KB)

• Mr. David E. Kepler

  Chief Sustainability Officer, Chief Information Officer, Business Services and Executive Vice President

  The Dow Chemical Company
  Download Testimony (260.25 KB)