SENATOR LIEBERMAN URGES FLOOR VOTE ON CYBERSECURITY LEGISLATION

Before, Rather Than After a Cyber Attack

WASHINGTON – Homeland Security and Governmental Affairs Committee Chairman Joe Lieberman, ID-Conn., Wednesday urged a timely bipartisan vote on cybersecurity legislation to protect vulnerable critical networks, such as those that operate electric grids, gas pipelines, water supply systems, and transportation.

Following a demonstration by the Department of Homeland Security of just how simple it is to hack into the operating systems of a critical network, the Senator urged that the Department be given the authority it needs to require minimum security standards from those networks which if attacked could cause catastrophic harm to our economy or national security.

Following is a copy of Sen. Lieberman’s floor speech:

            Mr. President, a recent story in “The Washington Post” detailed how a young man living an ocean away from us was able to use his computer to hack into the control panel of a small-town water utility here in the United States.

            It took him just 10 minutes and required no special tools or training.

            While the hacker – who goes by the name of pr0f – could have taken over the plant’s operations and caused real damage, instead he posted screen shots of his hack on the Internet to show he had been there and prove his point that our nation’s Internet security is woefully lax and very little skill is needed to penetrate it.

            Mr. President, this kind of story is just another example showing the urgent need to passcomprehensive cybersecurity legislation that includes provisions safeguarding our critical infrastructure. The Majority Leader spoke eloquently about the urgency of this task earlier this week. I strongly believe we should take it up as soon as possible.

            Six of our nation’s most experienced national security leaders have also urged the Senate to act – I quote – “as soon as possible.”

            In a letter to the Majority and Minority Leaders, former DHS Secretary Michael Chertoff; former Director of National Intelligence Admiral Michael McConnell; former Deputy Defense Secretary Paul Wolfowitz; former NSA and CIA Director Michael Hayden, former vice chairman of the Joint Chiefs of Staff, Marine General James Cartwright, and former Deputy Defense Secretary William J. Lynn wrote:

            “Given the time left in this legislative session and the upcoming election this fall, we are concerned that the window of opportunity to pass legislation that is in our view critically necessary to protect our national and economic security is quickly disappearing.

            “We carry the burden of knowing that 9/11 might have been averted with the intelligence that existed at the time. We do not want to be in the same position again when ‘cyber 9/11’ hits – it is not a question of whether this will happen; it is a question of when.”  Mr. President, I ask for consent to include the entire text of this letter in the Congressional Record. 

            The Majority Leader echoed these sentiments in his floor speech on Tuesday [June 12], when he said: “When virtually every intelligence expert says we need to secure the systems that make the lights come on, inaction is not an option.”

            The House has passed a cybersecurity bill that takes some initial good steps and I congratulate them.

            But I believe the bipartisan Senate “Cybersecurity Act of 2012” – S.2105 – sponsored by Senators Collins, Feinstein, Rockefeller and myself – is the better bill, in large part because it addresses the need to secure our nation’s critical infrastructure – the computers that control heavy machinery that if commandeered could allow an intruder to open and close key valves and switches in pipelines, refineries, factories, water and sewer systems and electric plants without detection by their operators.

            But we need to pass our bill so we can go to conference and iron out our differences with the House – and the time remaining to do this is growing short. We know that the “lame duck” session will be almost exclusively taken up with the crucial national security debate about reversing the $500 billion in defense cuts mandated by the Budget Control Act, as well as dealing with the expiration of the Bush tax cuts and the payroll tax cuts.

            Mr. President, when we talk about cybersecurity we often see our enemies as rival nations, organized crime syndicates and terrorists who use cyber weapons and techniques with exotic sounding techno-names like Zero Day Exploit, Ram Scrappers, Key Logger, Buffer Overflow, SQL Injection and others.

            But pr0f showed us that an attack can come from almost anyone . . . and from almost anywhere. According to “The Post,” – and I quote – “pr0f is a bright, unemployed 22-year-old who favors hoodie sweatshirts and lives in his parents’ home somewhere overseas.”

            But this particular white hat hacker knows the risks that our nation is facing: He told the Post - “Eventually, somebody will get access to a major system and people will be hurt,”… “It’s just a matter of time.”

Six of our nation’s premier security experts are in agreement with a 22-year-old hacker – it’s just a matter of time.

            We have to act.

            To my colleagues who have concerns about our bill, I say please work with us. Maybe we can resolve our differences before the bill is even brought to the floor. And if we can’t resolve our differences, draft your amendments and let’s debate them on the floor and have up or down votes.

            As the Majority Leader said in his remarks I cited earlier: “Everyone knows this Congress can’t pass laws that don’t have broad, bipartisan support. So we’ll need to work together on a bill that addresses the concerns of lawmakers on both sides of the aisle.”

            But we must get started because, I guarantee you Mr. President, that one day in the near future we will pass comprehensive cybersecurity legislation – but I fear it will be after an attack – a ‘cyber 9/11’ – where infrastructure is destroyed and lives lost.

            Time grows short while the threat keeps swelling. What if the next 22-year-old who decides to take over a water plant, a pipeline, an electric generator decides to make a more convincing demonstration rather than just posting screen captures online?

            And if a 22-year-old can do this with little to no effort, think what an enemy nation state could do it us. 

           Colleagues, let’s get to work and pass this urgently needed cybersecurity legislation for the sake of our national and economic security.

           I yield the floor.