[Congressional Record: February 16, 2011 (Senate)]
[Page S796-S797]
STATEMENTS ON INTRODUCED BILLS AND JOINT RESOLUTIONS
By Mr. CARDIN (for himself and Mr. Whitehouse):
S. 372. A bill the ability of terrorists, spies, criminals, and other
malicious actors to compromise, disrupt, damage, and destroy computer
networks, critical infrastructure, and key resources, and for other
purposes; to the Committee on Commerce, Science, and Transportation.
Mr. CARDIN. Mr. President, the Internet has had a profound impact on
the daily lives of millions of Americans by enhancing communications,
commerce, education and socialization between and among persons
regardless of their location. Internationally, we have seen the
transformative power of the Internet in places like Egypt. A free and
open Internet gives strength and a voice to people worldwide and should
be protected from censorship and other forms of suppression. But the
Internet and those who engage in communications and commerce across
cyberspace must be safe--protected from predators like criminals,
terrorists and spies who wish to exploit or compromise information and
systems connected to the Internet. Our Nation is vulnerable to such
attacks, but working together, in partnership with the private sector,
we can find a balance that keeps information flowing freely while
keeping us all safe from harm.
I have been focusing on cybersecurity issues for quite some time.
More than a year ago, as the former chairman of the Terrorism and
Homeland Security Subcommittee of the Judiciary Committee, I chaired a
Subcommittee hearing titled ``Cybersecurity: Preventing Terrorist
Attacks and Protecting Privacy in Cyberspace.'' The hearing included
witnesses from key federal agencies responsible for cybersecurity, as
well as representatives of the private sector. We reviewed governmental
and private sector efforts to prevent a terrorist cyber attack that
could cripple large sectors of our government, economy, and essential
services.
The cybersecurity expertise that I have developed has convinced me
that the Government and the private sector can and should work together
to protect the American people in cyberspace. As a result, I am
reintroducing the Cybersecurity and Internet Safety Standards Act,
CISSA. This bill, which is cosponsored by Senator Whitehouse, will
require the Secretary of Homeland Security, in consultation with the
Attorney General, the Secretary of Commerce, and the Director of
National Intelligence, to conduct an analysis to determine the costs
and benefits of requiring internet service providers and others to
develop and enforce minimum voluntary or mandatory cybersecurity and
Internet safety standards. Under this bill, the Secretary of Homeland
Security will be required to report to Congress within one year with
specific recommendations. Cybersecurity must be a top priority. This
bill will help secure our nation's digital future by keeping the
American people and our cyber infrastructure safe without hampering the
freedoms inherently found in an open and accessible Internet.
Mr. President, I ask unanimous consent that the text of the bill be
printed in the Record.
There being no objection, the text of the bill was ordered to be
printed in the Record, as follows:
S. 372
Be it enacted by the Senate and House of Representatives of
the United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Cybersecurity and Internet
Safety Standards Act''.
SEC. 2. DEFINITIONS.
In this Act:
(1) Computers.--Except as otherwise specifically provided,
the term ``computers'' means computers and other devices that
connect to the Internet.
(2) Providers.--The term ``providers'' means Internet
service providers, communications service providers,
electronic messaging providers, electronic mail providers,
and other persons who provide a service or capability to
enable computers to connect to the Internet.
(3) Secretary.--Except as otherwise specifically provided,
the term ``Secretary'' means the Secretary of Homeland
Security.
SEC. 3. FINDINGS.
Congress finds the following:
(1) While the Internet has had a profound impact on the
daily lives of the people of the United States by enhancing
communications, commerce, education, and socialization
between and among persons regardless of their location,
computers may be used, exploited, and compromised by
terrorists, criminals, spies, and other malicious actors,
and, therefore, computers pose a risk to computer networks,
critical infrastructure, and
[[Page S797]]
key resources in the United States. Indeed, users of
computers are generally unaware that their computers may be
used, exploited, and compromised by others with spam,
viruses, and other malicious software and agents.
(2) Since computer networks, critical infrastructure, and
key resources of the United States are at risk of being
compromised, disrupted, damaged, or destroyed by terrorists,
criminals, spies, and other malicious actors who use
computers, cybersecurity and Internet safety is an urgent
homeland security issue that needs to be addressed by
providers, technology companies, and persons who use
computers.
(3) The Government and the private sector need to work
together to develop and enforce minimum voluntary or
mandatory cybersecurity and Internet safety standards for
users of computers to prevent terrorists, criminals, spies,
and other malicious actors from compromising, disrupting,
damaging, or destroying the computer networks, critical
infrastructure, and key resources of the United States.
SEC. 4. COST-BENEFIT ANALYSIS.
(a) Requirement for Analysis.--The Secretary, in
consultation with the Attorney General, the Secretary of
Commerce, and the Director of National Intelligence, shall
conduct an analysis to determine the costs and benefits of
requiring providers to develop and enforce voluntary or
mandatory minimum cybersecurity and Internet safety standards
for users of computers to prevent terrorists, criminals,
spies, and other malicious actors from compromising,
disrupting, damaging, or destroying computer networks,
critical infrastructure, and key resources.
(b) Factors.--In conducting the analysis required by
subsection (a), the Secretary shall consider--
(1) all relevant factors, including the effect that the
development and enforcement of minimum voluntary or mandatory
cybersecurity and Internet safety standards may have on
homeland security, the global economy, innovation, individual
liberty, and privacy; and
(2) any legal impediments that may exist to the
implementation of such standards.
SEC. 5. CONSULTATION.
In conducting the analysis required by section 4, the
Secretary shall consult with the Attorney General, the
Secretary of Commerce, the Director of National Intelligence,
the Federal Communications Commission, and relevant
stakeholders in the Government and the private sector,
including the academic community, groups, or other
institutions, that have scientific and technical expertise
related to standards for computer networks, critical
infrastructure, or key resources.
SEC. 6. REPORT.
(a) In General.--Not later than 1 year after the date of
the enactment of this Act, the Secretary shall submit to the
appropriate committees of Congress a final report on the
results of the analysis required by section 4. Such report
shall include the consensus recommendations, if any, for
minimum voluntary or mandatory cybersecurity and Internet
safety standards that should be developed and enforced for
users of computers to prevent terrorists, criminals, spies,
and other malicious actors from compromising, disrupting,
damaging, or destroying computer networks, critical
infrastructure, and key resources.
(b) Appropriate Committees of Congress.--In this section,
the term ``appropriate committees of Congress'' means--
(1) the Committee on Commerce, Science, and Transportation,
the Committee on Homeland Security and Governmental Affairs,
and the Committee on the Judiciary of the Senate; and
(2) the Committee on Energy and Commerce, the Committee on
Homeland Security, the Committee on the Judiciary, and the
Committee on Oversight and Government Reform of the House of
Representatives.
______
