Sen. Carper on Cyber: “We Have An Opportunity to Get Something Done”

WASHINGTON – Earlier today,  Sen. Tom Carper (D-Del.), ranking member of the Homeland Security and Governmental Affairs Committee, voted to move forward on the Cybersecurity Information Sharing Act (CISA) of 2015. The Senate overwhelmingly approved the measure to move forward on the bill, 83 to 14.

In case you missed it, Sen. Carper spoke in support of the Cybersecurity Information Sharing Act (CISA) of 2015 before the vote. His speech is below:

“Why is this bill important? We know the situation. It’s grim. When we have 22 million records and background checks hacked by an unknown nation-state, that’s not good. When companies in my own state of Delaware, like DuPont, and universities all over the country are having information from their research and development projects — the intellectual seed corn on which our economy’s going to grow – stolen so bad actors can beat us to the punch in terms of economic opportunity and innovation, that’s not good. What are we going to do about it?

“Well it turns out we did quite a bit about it in the last Congress. In the 112th Congress, Senator Feinstein proposed comprehensive cybersecurity legislation. The whole kit ‘n caboodle. We tried very hard for a year or two to get that enacted. We couldn’t get it done. And finally, at the end of 2012, we gave up.

“We started again in 2013. Dr. Tom Coburn was the ranking member of the Committee on Homeland Security and Governmental Affairs, where I was privileged to be the Chairman. He and I partnered with the members on our committee and with a lot folks outside of our committee to do three things to strengthen the ability of the Department of Homeland Security (DHS) to do its job of protecting not just the federal government, but the country as a whole against cyber attacks. We passed three pieces of legislation. They are helpful. Not the whole package, but they are three very helpful bills to make DHS a more effective partner in protecting our nation against cyber attacks.

“Earlier this year, the Intelligence Committee, under the leadership of Senators Burr and Feinstein, came forward with their proposal on cybersecurity information sharing. At the same time, the Administration came forward with its own information sharing proposal. We held a hearing in the Committee on Homeland Security and Governmental Affairs that looked at the President’s proposal. At the hearing, we heard from experts and stakeholders and tried to figure out what should we retain from the Administration’s proposal and what should we change. And we did. We changed it, we made it better. I introduced that proposal as a stand-alone bill. Soon after, the Intelligence Committee reported out their legislation 14 to 1.  Since then, we’ve been working with Senator Burr, Senator Feinstein, and their staff to try to infuse the elements of the President’s proposal, modified by us on the Committee of Homeland Security and Governmental Affairs, to make a more perfect – not a more perfect union—but a more perfect bill.

“Is it perfect? No. Is it better? Sure it’s better. And I think it’s going to enable us to do a much better job protecting that which needs to be protected.

“At the end of the day, if a business wants to share information with the federal government, then we’re in a better position to defend against those attacks in the future.

“The last thing I’ll say is this. I love to ask people who have been married a long time, ‘what is the secret to a long marriage?’ The best answer I’ve ever gotten is the two ‘c’s,’ communicate and compromise. That’s also important for a vibrant democracy. Communicate and compromise. And I would add a third ‘c’ – collaborate. This legislation is a great example of communicating, talking with one another, with stakeholders in Capitol Hill, off Capitol Hill, across the country, and around the world. But at the end of the day, we were able to figure out how to compromise and to do so by collaborating. And I believe we came up with a very good piece of legislation.

“When the American people send us to Congress to work on big problems – and this is a big problem for our country – they want us to work together. They want us to work together and they want us to get stuff done. We have been talking about passing an information sharing bill for three or four years. Now we have an opportunity to get something done. Let’s accept this manager’s amendment, then let’s take up some other amendments and send this bill to the House. Once they’ve done their work, let’s go to conference and get this bill across this finish line.”

Sen. Carper also responded to criticism that the bill does not provide adequate privacy protections:

“Mr. President, I would just make two points.

“One, if a private company elects to share information – and I note that they don’t have to – but they elect to share information with the federal government, there is a requirement under the law that it is scrubbed for privacy. The reporting entity that’s submitting the threat indicator to DHS, has the responsibility to scrub and remove that personally identifiable information.

“If for some reason the entity doesn’t do that but still chooses to submit threat indicators to the federal government, the legislation before us today requires the entity to submit it through the portal of the Department of Homeland Security in order for that entity to get the liability protection that they’re looking for. The portal at the Department is literally set up to do privacy scrubs before information is shared with other relevant federal agencies.

“Very infrequently will there be some reason to – maybe less than 1 percent of the time – there might be a need to take a closer look at that information and make sure there’s nothing that’s personally identifiable or problematic. But I think with the compromise that’s been worked out, the issue that our colleagues have raised has been addressed.”