[Congressional Record Volume 158, Number 103 (Wednesday, July 11, 2012)]
[Senate]
[Pages S4846-S4848]


                             Cybersecurity

  Mr. WHITEHOUSE. Madam President, I rise to speak about cybersecurity, 
but specifically about the cyber threat to our Nation's critical 
infrastructure. By critical infrastructure I mean the power grid that 
supplies electricity to our homes that keeps us warm in the winter and 
cool in the summer. I mean the financial services' processing systems 
that connect our ATMs to our accounts and move money around in our 
complex financial system. I mean the communications networks by which 
we talk and e-mail and text and message one another.
  The men and women we have charged with our Nation's defense and we 
have confirmed in these roles in the Senate have repeatedly and 
consistently warned us about the danger of cyber attacks on this 
critical infrastructure. It provides power and light and heat, tracks 
and records financial transactions, allows communication and data 
transfer, keeps airlines safe in the air, controls our dams, and 
enables our commerce. The consequences of failure in these areas could 
be catastrophic. We must pay heed to these warnings about America's 
critical infrastructure as we consider cybersecurity legislation.
  The administration has described this cyber threat in no uncertain 
terms. The Director of National Intelligence, James Clapper, has 
stated:

       [I]t's clear from all that we've said [that] we all 
     recognize we need to do something. . . . We all recognize 
     this as a profound threat to this country, to its future, to 
     its economy, to its very being.

  Secretary of Defense Leon Panetta has warned:

       The next Pearl Harbor we confront could very well be a 
     cyber attack.

  Secretary of Homeland Security Janet Napolitano has compared this 
threat to the September 11 attacks.

       Prior to 9/11, there were all kinds of information out 
     there that a catastrophic attack was looming. . . . The 
     information on a cyberattack is at that same frequency and 
     intensity and is bubbling at the same level, and we should 
     not wait for an attack in order to do something.

  Attorney General Holder stressed the urgency of responding to this 
threat in a recent Senate Judiciary Committee hearing. He said:

       This a problem that we must address, our nation is 
     otherwise at risk and to ignore this problem, to think it is 
     going to go away runs headlong into all of the intelligence 
     we have gathered, the facts we have been able to accrue which 
     show that the problem is getting worse instead of getting 
     better. There are more countries that are becoming more adept 
     at the use of these tools, there are groups that are becoming 
     more adept at the use of these tools, and the harm that they 
     want to do to the United States and to our infrastructure 
     through these means is extremely real.

  Chairman of the Joint Chiefs of Staff Martin Dempsey has warned that 
``a cyber attack could stop society in its tracks.''
  NSA Director and U.S. Cyber Commander GEN Keith Alexander, a four-
star general, has stated:

       We see this as something absolutely vital to the future of 
     our country. Cybersecurity for government and critical 
     infrastructure is key to the security of this Nation.

  A recent report from the Department of Homeland Security found that 
companies which operate critical infrastructure have reported a sharp 
rise in cybersecurity incidents over the past 3 years. Companies 
reported 198 cyber incidents in 2011, up from 41 incidents in 2010, and 
just 9 in 2009. This may reflect that the private sector is just now 
beginning to catch on. It is unfortunate but true that the private 
sector cannot be counted on to respond to this growing challenge on its 
own.
  As Deputy Secretary of Defense Ashton Carter has explained, and I 
quote again:

       There is a market failure at work here. . . . Companies 
     just aren't willing to admit vulnerability to themselves, or 
     publicly to shareholders, in such a way as to support the 
     necessary investments or lead their peers down a certain path 
     of investment and all that would follow.

  These were administration warnings, but the concerns are bipartisan. 
A wide range of national security experts from previous Republican 
administrations have echoed this alarm. Former Director of National 
Intelligence and NSA Director ADM Mike McConnell has said, and I quote:

       The United States is fighting a cyber-war today, and we are 
     losing. It's that simple.

  He explained:

       As the most wired nation on Earth, we offer the most 
     targets of significance, yet our cyber defenses are woefully 
     lacking. . . . The stakes are enormous. To the extent that 
     the sprawling U.S. economy inhabits a common physical space, 
     it is in our communications networks. If an enemy disrupted 
     our financial and accounting transactions, our equities and 
     bond markets or our retail commerce--or created confusion 
     about the legitimacy of those transactions--chaos would 
     result. Our power grids, air and ground transportation, 
     telecommunications and water filtration systems are in 
     jeopardy as well.

  That ends the quote from Admiral McConnell.
  Admiral McConnell also made a comparison to threats from the past.

       The cyber-war mirrors the nuclear challenge in terms of the 
     potential economic and psychological effects. . . . We 
     prevailed in the Cold War through strong leadership, clear 
     policies, solid alliances and close integration of our 
     diplomatic, economic, and military efforts. We backed all of 
     this up with robust investments--security never comes cheap. 
     It worked, because we had to make it work. Let's do the same 
     with cybersecurity. The time to start was yesterday.

  Former Deputy Secretary of Defense Paul Wolfowitz has also echoed the 
administration's warning that a cyber attack has the potential of 
causing devastation on the scale of another September 11. He stated:

       I hope we do not have to wait for the cyber-equivalent of 
     9/11 before people realize that we are vulnerable.

  Former Assistant Secretary for Policy at the Department of Homeland 
Security Stewart Baker has compared the threat to the catastrophic 
effects of Hurricane Katrina.

       We must begin now to protect our critical infrastructure 
     from attack. And so far, we have done little. We are all 
     living in a digital New Orleans. No one really wants to spend 
     the money reinforcing the levees. But the alternative is 
     worse. . . . And it is bearing down on us at speed.

  Former NSA Director and CIA Director Michael Hayden has said:

       We have entered into a new phase of conflict in which we 
     use a cyberweapon to create physical destruction, and in this 
     case, physical destruction in someone else's critical 
     infrastructure.

  Former Republican officials have also noted the cybersecurity gap in 
the private sector due to this market failure. Former Secretary of 
Homeland Security Chertoff said:

       The marketplace is likely to fail in allocating the correct 
     amount of investment to manage risk across the breadth of the 
     network on which our society relies.

  The following examples are emblematic of the market failure that both 
Democratic and Republican national security officials have identified 
in this cybersecurity area for critical infrastructure.
  When the FBI-led National Cyber Investigative Joint Task Force 
informs an American corporation that it has been hacked, 9 times out of 
10 that American corporation had no idea.
  Kevin Mandia of the leading security firm Mandiant has said, and I 
quote:

       In over 90 [percent] of the cases we have responded to, 
     Government notification was required to alert the company 
     that a security breach was underway. In our last 50 
     incidents, 48 of the victim companies learned they were 
     breached from the Federal Bureau of Investigation, the 
     Department of Defense, or some other third party.

  In operation Aurora, the cyber attack which targeted numerous 
companies, most prominently Google, only 3 out of the approximately 300 
companies

[[Page S4847]]

attacked were aware that they had been attacked before they were 
contacted by the government.
  We cannot count on the private sector to defend itself against a 
threat about which it is so unaware. An advanced persistent intrusion 
of the U.S. Chamber of Commerce's systems also went undetected until 
the chamber received help from the government. The Wall Street Journal 
reported that a group of hackers in China breached the computer 
defenses of the U.S. Chamber, gained access to everything stored in its 
systems, including information about its 3 million members, and 
remained on the network for at least 6 months and possibly more than a 
year. The chamber only learned of the break-in, according to the 
article, when the FBI told the group that servers in China were 
stealing its information. The special expertise of our national 
security agencies is a consistent theme through these examples. As 
former Assistant Attorney General, OLC Director, and Harvard Law School 
Professor Jack Goldsmith has explained:

       The government is the only institution with the resources 
     and the incentives to ensure that the [critical 
     infrastructure] on which we all depend is secure, and we must 
     find a way for it to meet its responsibilities.

  By the way, that was Goldsmith at the Department of Justice in the 
Bush administration. This is a Republican appointee speaking. These 
warnings have been repeatedly communicated to us in the Senate. We 
cannot plead ignorance of them.
  I ask unanimous consent to have printed in the Record a letter to 
Senate Majority Leader Reid and Minority Leader McConnell dated January 
19, 2012.
  There being no objection, the material was ordered to be printed in 
the Record, as follows:

                                                 January 19, 2012.
     Hon. Harry Reid,
     Majority Leader, U.S. Senate,
     Washington, DC.
     Hon. Mitch McConnell,
     Minority Leader, U.S. Senate,
     Washington, DC.
       Dear Majority Leader Reid and Minority Leader McConnell, We 
     write to urge the Senate to take up, debate, and pass 
     legislation to strengthen our nation's cybersecurity.
       As former executive branch officials who shared the 
     responsibility for our nation's security, we are deeply 
     concerned by the severity and sophistication of the cyber 
     threats facing our nation. These threats demand a response. 
     Congress must act to ensure that appropriate tools, 
     authorities, and resources are available to the executive 
     branch agencies, as well as private sector entities, that are 
     responsible for our nation's cybersecurity. The Senate is 
     well-prepared to take up legislation in this important 
     national security field, and to do so in a bipartisan manner 
     in the best traditions of the Senate.
       Every week brings new reports of cyber intrusions into 
     American companies or government agencies, new disclosures of 
     the breach of Americans' private information, or new 
     revelations of incidents of cyber disruption or sabotage. The 
     present cyber risk is shocking and unacceptable. Control 
     system vulnerabilities threaten power plants and the critical 
     infrastructure they support, from dams to hospitals. Reported 
     intrusions into defense contractors and military systems 
     reveal the direct national security cost of cyber attacks. 
     Evaluations of the Night Dragon and Aurora attacks reveal the 
     vulnerability of our most advanced and essential industries 
     to sophisticated hackers. The recent report by the Office of 
     the National Counterintelligence Executive makes clear that 
     foreign states are waging sustained campaigns to gather 
     American intellectual property--the core assets of our 
     innovation economy--through cyber-enabled espionage. The 
     growing threat of terrorist organizations acquiring cyber 
     capabilities and using them against American interests opens 
     another battlefront in cyberspace. And every day, Americans' 
     identities are compromised by international criminals who 
     have built online marketplaces for buying and selling 
     Americans' bank account numbers and passwords.
       This constant barrage of cyber assaults has inflicted 
     severe damage to our national and economic security, as well 
     as to the privacy of individual citizens. The threat is only 
     going to get worse. Inaction is not an acceptable option.
       Senate committees of jurisdiction have done important, 
     bipartisan work developing legislation to strengthen our 
     nation's cybersecurity. The Administration likewise has 
     weighed in with a set of legislative proposals. The stage 
     thus is set for the Senate to take up cybersecurity 
     legislation. We believe that it can and should undertake this 
     work in keeping with its best, bipartisan traditions, 
     addressing this pressing national security need with the 
     seriousness that it deserves.
       We urge the Senate to do so in short order: the rewards of 
     increased security for our country, particularly our private 
     sector critical infrastructure, will be rapid and profound.
           Sincerely,
     Michael Chertoff.
     William J. Lynn III.
     J. Michael McConnell.
     Richard Clarke.
     Dr. William J. Perry.
     Paul Wolfowitz.
     Jamie Gorelick.
     Gen. (ret.) James Cartwright, USMC.

  Mr. WHITEHOUSE. This explains that the threat is only going to get 
worse; inaction is not an acceptable option. This letter was signed by 
former Secretary of Homeland Security Michael Chertoff, former Deputy 
Secretary of Defense Paul Wolfowitz, former Director of National 
Intelligence and NSA Director ADM Mike McConnell, former Vice Chairman 
of the Joint Chiefs of Staff General James Cartwright, former Defense 
Secretary Dr. Willian Perry, former Deputy Attorney General Jamie 
Gorelick, former Deputy Secretary of Defense William J. Lynn, III, and 
former Special Advisor to the President for Cyber Security, Richard 
Clarke.
  I also have a letter written to Majority Leader Reid and Minority 
Leader McConnell, dated June 6, 2012, which I ask unanimous consent to 
have printed in the Record.
  There being no objection, the material was ordered to be printed in 
the Record, as follows:

                                                     June 6, 2012.
       Dear Senators Reid and McConnell, We write to urge you to 
     bring cyber security legislation to the floor as soon as 
     possible. Given the time left in this legislative session and 
     the upcoming election this fall, we are concerned that the 
     window of opportunity to pass legislation that is in our view 
     critically necessary to protect our national and economic 
     security is quickly disappearing.
       We have spoken a number of times in recent months on the 
     cyber threat--that it is imminent, and that it represents one 
     of the most serious challenges to our national security since 
     the onset of the nuclear age sixty years ago. It appears that 
     this message has been received by many in Congress--and yet 
     we still await conclusive legislative action.
       We support the areas that have been addressed so far, most 
     recently in the House: the importance of strengthening the 
     security of the federal government's computer networks, 
     investing in cyber research and development, and fostering 
     information sharing about cyber threats and vulnerabilities 
     across government agencies and with the private sector. We 
     urge the Senate to now keep the ball moving forward in these 
     areas by bringing legislation to the floor as soon as 
     possible.
       In addition, we also feel that protection of our critical 
     infrastructure is essential in order to effectively protect 
     our national and economic security from the growing cyber 
     threat. Infrastructure that controls our electricity, water 
     and sewer, nuclear plants, communications backbone, energy 
     pipelines and financial networks must be required to meet 
     appropriate cyber security standards. Where market forces and 
     existing regulations have failed to drive appropriate 
     security, we believe that our government must do what it can 
     to ensure the protection of our critical infrastructure. 
     Performance standards in some cases will be necessary--these 
     standards should be technology neutral, and risk and outcome 
     based. We do not believe that this requires the imposition of 
     detailed security regimes in every instance, but some 
     standards must be minimally required or promoted through the 
     offer of positive incentives such as liability protection and 
     availability of clearances.
       Various drafts of legislation have attempted to address 
     this important area--the Lieberman/Collins bill having 
     received the most traction until recently. We will not 
     advocate one approach over another--however, we do feel 
     strongly that critical infrastructure protection needs to be 
     addressed in any cyber security legislation. The risk is 
     simply too great considering the reality of our 
     interconnected and interdependent world, and the impact that 
     can result from the failure of even one part of the network 
     across a wide range of physical, economic and social systems.
       Finally, we have commented previously about the important 
     role that the National Security Agency (NSA) can and does 
     play in the protection of our country against cyber threats. 
     A piece of malware sent from Asia to the United States could 
     take as little as 30 milliseconds to traverse such distance. 
     Preventing and defending against such attacks requires the 
     ability to respond to them in real-time. NSA is the only 
     agency dedicated to breaking the codes and understanding the 
     capabilities and intentions of potential enemies, even before 
     they hit ``send.'' Any legislation passed by Congress should 
     allow the public and private sectors to harness the 
     capabilities of the NSA to protect our critical 
     infrastructure from malicious actors.
       We carry the burden of knowing that 9/11 might have been 
     averted with the intelligence that existed at the time. We do 
     not want to be in the same position again when `cyber 9/11' 
     hits--it is not a question of `whether' this will happen; it 
     is a question of `when.'

[[Page S4848]]

       Therefore we urge you to bring cyber security legislation 
     to the floor as soon as possible.
           Sincerely,
     Hon. Michael Chertoff,
     Hon. J. Mike McConnell,
     Hon. Paul Wolfowitz,
     Gen. Michael Hayden,
     Gen. James Cartwright (RET),
     Hon. William Lynn III.

  Mr. WHITEHOUSE. Secretary Chertoff, Admiral McConnell, Deputy 
Secretary Wolfowitz, General Hayden, and General Cartwright urged us 
to:

       . . . bring cyber security legislation to the floor as soon 
     as possible. Given the time left in this legislative session 
     and upcoming election this fall, we are concerned that the 
     window of opportunity to pass legislation that is in our view 
     critically necessary to protect our national and economic 
     security is quickly disappearing.

  They specifically focused on the threat to critical infrastructure, 
stating that ``protection of our critical infrastructure is essential 
in order to effectively protect our national and economic security from 
the growing cyber threat.''
  We must not ignore this chorus of warnings issued by those who are 
the most informed and most alert about the danger to our critical 
infrastructure. We must pass cybersecurity legislation, and we must 
ensure that the cybersecurity legislation we pass addresses our 
Nation's critical infrastructure. No bill that fails to address 
critical infrastructure can be said to have done the job of protecting 
our country.
  Our Nation will be vulnerable if critical infrastructure companies 
fail to meet basic security standards, as they do right now. 
Legislation must include a mechanism to end this continuing 
vulnerability. If operators object to a particular approach to 
cybersecurity for our critical infrastructure on the basis that it is 
too burdensome or too unwieldy, they will find many Members of the 
Senate on both sides--myself and Senator Blumenthal included--who are 
ready and eager to work with them. But if the purpose of the exercise 
is to come to an end point in which the operators of our critical 
infrastructure do not have to reach adequate levels of cybersecurity, 
then we need to move on and we need to vote and go beyond that.
  The question of how we get to cybersecurity is one we should engage 
in the Senate. The question of whether we protect our privately held 
critical infrastructure in a responsible way is one we should not allow 
to deter us from getting this job done to protect our national and 
economic security.
  Whatever the ultimate solution, we simply must find a way to improve 
the cybersecurity of our critical infrastructure.
  I yield the floor to Senator Blumenthal, who has been engaged in 
efforts with me to try to find a way through to a bipartisan bill that 
will protect our critical infrastructure. He has expertise in this area 
as a superbly trained lawyer, a multiply elected Attorney General of 
his home State, a former marine dedicated to our national security, and 
as a person who brings the highest level of legal talent to this 
discussion, having argued, I think, five separate cases before the U.S. 
Supreme Court. He has been an enormous asset, and I appreciate his 
participation.
  I yield the floor.
  The ACTING PRESIDENT pro tempore. The Senator from Connecticut.
  Mr. BLUMENTHAL. Madam President, I thank the Senator from Rhode 
Island, my distinguished colleague, for those very generous remarks. 
Actually, I had four arguments in the Supreme Court. The rest was 
similarly exaggerated as to my qualifications. But I thank the Senator 
from Rhode Island. Most importantly, I thank him for his extraordinary 
work on this issue and for his leadership and vision as well as his 
courage.
  I wish to emphasize a number of the points he made so powerfully in 
his remarks earlier. First and most significantly, the United States is 
under cyber attack. The question is, How do we respond? It is our 
national interests that are at stake.
  Every day this Nation suffers attempted intrusions, attempted 
interference, and attempted theft of our intellectual property as a 
result of the ongoing attacks we need to stop, deter, and answer.
  National security is indistinguishable from cybersecurity. In fact, 
cybersecurity is a matter of national security and not only so far as 
our defense capabilities; our actual weapons systems are potentially 
under attack and interference, but also, as my colleague from Rhode 
Island said so well, because our critical infrastructure is every day 
at risk--our facilities in transportation, our financial systems, our 
utilities that power our great cities and our rural areas and our 
intellectual property, which is so valuable and which every day is at 
risk and, in fact, is taken from us wrongfully, at great cost to our 
Nation.
  The number and sophistication of cyber attacks has increased 
dramatically over the past 5 years. All the warnings--bipartisan 
warnings--say those attacks will continue and will be mounted with 
increasing intensity. In fact, experts say that with enough time, 
motivation, and funding, a determined adversary can penetrate nearly 
any system that is accessible directly from the Internet.
  The United States today is vulnerable. To take the Pearl Harbor 
analysis that our Secretary of Defense has drawn so well, we have our 
``ships'' sitting unprotected today, as they were at the time of the 
Pearl Harbor attack. Our ships today are not just our vessels in the 
sea but our institutions sitting in this country and around the world, 
our critical infrastructure, which is equally vulnerable to 
sophisticated and unsophisticated hackers.
  In fact, the threat ranges from the hackers in developing countries--
unsophisticated hackers--to foreign agents who want to steal our 
Nation's secrets, to terrorists who seek ways to disrupt that critical 
infrastructure.
  It is not a matter simply of convenience. We are not talking about 
temporary dislocations, such as the loss of electricity that the 
Capital area suffered recently or that our States in New England 
suffered as a result of the recent storms last fall; we are talking 
about permanent, severe, lasting disruptions and dislocations of our 
financial and power systems that may be caused by this interference.
  One international group, for example, accessed a financial company's 
internal computer network and stole millions of dollars in just 24 
hours.
  Another such criminal group accessed online commercial bank accounts 
and spread malicious computer viruses that cost our financial 
institutions nearly $70 million.

  One company that was recently a victim of intrusion determined it 
lost 10 years' worth of research and development--valued at $1 
billion--virtually overnight. These losses are not just for the 
shareholders of these companies, they are to all of us who live in the 
United States because the losses, in many instances, are losses of 
information to defense companies that produce our weapons, losses of 
property that has been developed at great cost to them and to our 
taxpayers. We should all be concerned about such losses.
  As Shawn Henry, the Executive Assistant Director of the FBI, has 
said: ``The cyber threat is an existential one, meaning that a major 
cyber attack could potentially wipe out whole companies.''
  Those threats to our critical infrastructure, as we have heard so 
powerfully from my colleague from Rhode Island, are widespread and 
spreading.
  Industrial control systems, which help control our pipelines, 
railroads, water treatment facilities, and powerplants, are at an 
elevated risk of cyber exploitation today--not at some point in the 
future but today. The FBI warns that a successful cyber attack against 
an electrical grid ``could cause serious damage to parts of our cities, 
and ultimately even kill people.''
  The Department of Homeland Security said that last year they had 
received nearly 200 reports of suspected cyber incidents, more than 4 
times the number of incidents reported in 2010.
  In one such incident, more than 100 computers at a nuclear energy 
firm were infected with a virus that could have been used to take 
complete control of that company's system.
  These reports, these warnings, go on.
  In summary, the Director of the FBI said it best: ``We are losing 
data, we are losing money, we are losing ideas, and we are losing 
innovation. ``
  Those threats are existential to our Nation, and we must address them 
now--not simply as a luxury, not as a possibility but as a need now.

[[Page S4849]]

  I thank the Senator from Rhode Island, as well as my distinguished 
fellow Senator from Connecticut, Joseph Lieberman, and others on the 
other side, such as Senators McCain, Collins, Graham, and Chambliss, as 
well as other colleagues on this side, for their leadership in this 
area. They have started this effort with great dedication.
  There has been substantial work done already. No one here has ignored 
this threat. We must move forward for the sake of our Nation's 
security. Our cybersecurity must be addressed as soon as possible. 
Cybersecurity is not an issue we can wait to address until we see the 
results of failure. The consequences of a debilitating attack would be 
catastrophic to our Nation. I hope we can continue to fill the 
consensus, which the Senator from Rhode Island has been working to do, 
with other colleagues, so we can come together, as he said--not whether 
but how--and do it in a bipartisan way. This issue has elicited, very 
commendably and impressively, colleagues from both sides who have been 
working on this issue with dedication and diligence. I hope the body as 
a whole will match the vigor that is appropriate.
  Again, I thank the Senator from Rhode Island. Part of our challenge 
will be to elicit better agency coordination. If the Senator from Rhode 
Island wishes to comment further, I hope perhaps he can respond to the 
question of how soon we should come together and work on this issue. Is 
it a problem we can delay until the next session or should we try to 
address it during the coming months of this session before we close?
  The ACTING PRESIDENT pro tempore. The Senator from Rhode Island.
  Mr. WHITEHOUSE. Madam President, I am delighted to respond to the 
Senator in two ways. First, as the Senator so well pointed out, this is 
not a future threat or a prospective threat that we need to prepare 
ourselves against; this is an ongoing, current threat. There is a 
campaign of attacks into our national security infrastructure, into our 
intellectual property, and into our critical infrastructure, such as 
the power grids and the communications networks we count on in our 
daily lives for what we consider the American standard of living here 
at home. So time is not our friend.
  As one of the individuals I quoted said--I think Admiral McConnell--
the day to get this done was yesterday. So the sooner the better. We do 
need to form a consensus in this body, enough to move through the 
parliamentary obstacles that exist in this body, which allows us to go 
forward and will allow us to go forward in a way that does something 
serious about forcing the operators of our critical infrastructure to 
put in adequate cybersecurity protections. If they have to do it 
because they have incentives to do it, that is one way of getting 
there. If they have to do it because there are regulations that demand 
it, that is another way of getting there. There are different ways of 
getting there. And as the Senator from Connecticut and I have 
discussed--and we are actually working together on this--we are open to 
different ways to get there, but it should be agreed amongst us in the 
Senate that getting there, getting to the point where America's 
critical infrastructure is protected from cyber attack as reasonably 
well as we can should be the nonnegotiable goal. Anything short of that 
should be seen as failure.

  There is another thing I wanted to add. The Senator was very generous 
in his remarks and credentialing of a great number of Senators who have 
been working very hard. I would also like to single out Senator Coons, 
who has been very helpful in our efforts.
  I will stay on our side of the aisle at this point and add in 
particular Senator Mikulski. Barbara Mikulski serves on the 
Intelligence Committee. She is keenly aware of the cyber threat. She 
has taken deep dives into this issue in her role as a cardinal on the 
Appropriations Committee. She does the appropriations for many of the 
national security agencies and law enforcement agencies that are deeply 
involved in this. So when she speaks, she speaks with real authority 
and she speaks with real impact. Her participation in this effort is 
extraordinarily helpful, in addition to the efforts of the many 
Senators whom my colleague singled out as well.
  With that, I yield the floor. I see the Senator from Louisiana is 
here, and I thank the Senator from Connecticut.
  Mr. BLUMENTHAL. I thank the Senator and the Chair.
  The PRESIDING OFFICER (Mr. Franken). The Senator from Louisiana.