Thank you for helping to contribute to the bipartisan, positive and responsible tone of our deliberation. I want to thank my friend, the senator from Rhode Island, both for today’s colloquy and in pulling together the language and the partners, and Senator Mikulski who started off our conversation today by reminding us as you just commented, Senator Blunt, that it was a terrible storm in this area that knocked out power for a couple of days that gave a bracing reminder to the community around Washington, D.C. just how much we rely in this modern economy of ours on continuous, uninterrupted power. That storm was an act of God. That storm was just a random meteorological event.
But as all of us have spoken — Senator Blumenthal also commented on this — we know as members of the United States Senate that there are daily efforts at attacks on the United States far more devastating, far more far-reaching than that transitory storm. And for us not to act, for us to fail to act in a bipartisan, thoughtful and responsible way would be the worst sort of dereliction of duty.
All of us have been in secure briefings with folks from four-star and three-letter agencies with the most central roles in our intelligence community, in our national security agencies. But this isn’t something that only those of us in the Congress know or only those at the higher reaches of the Executive Branch leadership know. This is now publicly, broadly well known. The water is rising, the storms are coming and we need to incentivize the private sector that is responsible for running most of our essential infrastructure to man the barricades, to fill the sandbags, and to take on the responsibility in a thoughtful, balanced and responsible way of preparing for the wave of highly effective cyber attacks that are currently underway and that will crest soon.
We’ve heard public comments that are remarkable. The chairman of the Joint Chiefs, General Dempsey, said an effective cyber attack could literally stop society in its tracks. As Senator Blunt just mentioned, as a county executive, I was responsible for emergency response and all over this country, cities, counties and states are trying to understand how to prepare for the consequences of a cyber attack.
We’re not talking about trying to craft legislation that would deal with every possible cyber harm, every possible cyber crime. We’re talking about those few incidents that would likely be driven by a nation-state or by an incredibly advanced and sophisticated terrorist group that would strike at the very heart of what makes our modern society vibrant and that would have mass casualty consequences, dramatic impact on our economy or wipe out whole sectors for days or weeks, such as a failure of the power grid.
This isn’t exotic. We just had another public hearing on the Energy and Natural Resources Committee and were warned yet again of what the Department of Homeland Security documented back in 2007 in their Aurora exercise that our power grid nationally interconnected, vital to the modern economy, is fragile, is vulnerable to cyber attacks.
We’ve seen this unfold overseas. The small Baltic nation of Estonia was the victim of a comprehensive cyber attack. And they saw also in 2007 banks, media outlets, government entities that collapsed. Bank cards, mobile phones, government services over a three-week period completely shut down.
Is there a real threat? Absolutely.
Are we doing enough to face it? I don’t think so. I don’t think we’ve yet done enough.
There’s legislation that’s been brought forward by a whole group of senators, led by Senators Lieberman and Collins, that I hope this body will turn to in the days ahead and find ways to balance. As Senator Blumenthal said previously, we live in a country where we must continue to respect the powerful, passionate commitment to individual privacy and civil liberties. But I think we can, with narrowly targeted, appropriately crafted legislation that incentivizes and encourages the private sector to take on the role, appropriately informed by those throughout federal government, to strengthen their defenses against these coming attacks.
I don’t think we have to make a choice between privacy and security, and I do think we can give the private sector the tools to make our country safe and strong. But those who view new cyber regulations as onerous, as burdensome, as overly expensive for the private sector or as threatening needlessly our privacy have an obligation to come forward with a credible alternative before it is too late.
Today we are, frankly, leaving our country wide open to attack. As we recently heard in a floor speech by both Senator Blumenthal and Senator Whitehouse, when private-sector companies, even the most technically sophisticated, are contacted by our government and told they have been the victim of a successful intrusion and attack, in nearly 90% of the cases they were utterly unaware. We need to strengthen information sharing. We need to develop robust standards of defense. We need to help invest in building up the infrastructure protection of this country. And it is the most vital thing I can think of, Senator Whitehouse, that this county could turn to.
Let me close with this for a moment, if I could. I had a chance to have lunch last week with Senator Daniel Inouye. That was for me a great honor, a chance to sit with him and visit and ask his advice. He made one comment to me in closing. He is the only member of this body who was at Pearl Harbor. He shared with me that in his view, the next Pearl Harbor, the next unexpected massive attack that could really hurt the United States will come from cyber. It is our obligation to take that lesson seriously and to legislate in a bipartisan, thoughtful but swift and effective way
###