“I applaud the President for taking decisive action to improve our nation’s defenses against cyber attacks. The President’s new Executive Order will significantly advance cybersecurity in the networks of our nation’s critical infrastructure, and will facilitate more rapid, more effective sharing of time-sensitive threat information between the government and private sector. I hope this measure will also help us develop the broader awareness and capability needed to enable companies throughout the private sector to protect consumers and stem the loss of jobs and economic growth caused by intellectual property theft.

“As the President has rightly noted, the new Executive Order is no substitute for legislation, which is essential to address current gaps in authority. Until Congress acts, President Obama will be fighting to defend this country with one hand tied behind his back. I am eager to work with my colleagues on a bipartisan basis to develop and advance legislation as soon as possible.”

“Our country is vulnerable to a cyber attack. Terrorists bent on harming the United States could devastate our power grid, our banking system, or our nuclear plants. Cyber security is one of the top concerns for the Pentagon.

“Sadly, Republicans chose to appease special interests instead of protecting our national security. My Republican colleagues recently wrote that ‘only the legislative process can create the durable and collaborative public-private partnership we need to enhance cyber security,’ but those proved to be just words on a piece of paper. Today, these same Republicans sank the best legislative solution to this urgent problem.

“Given Republican intransigence, I hope President Obama uses all the authority of the executive branch at his disposal to fully protect our nation from the cyber security threat. Republicans today showed we cannot count on them to take this threat seriously.”

I have said the work before us in the waning days of this Congress represents a test of our character – a test of our willingness to rise above partisanship for the good of this great nation.

And although I was disappointed the Senate was unable to move quickly to vote on final passage of Senator Tester’s sportsman’s legislation, I hold fast to my optimism that we will pass this test.

We have a great deal to accomplish during the next six weeks in order to safeguard our country’s financial health and protect middle-class families.

But we won’t complete anything without bipartisan cooperation.

As Senate Majority Leader George Mitchell once said, “Bipartisanship means you work together to work it out.”

So I hope to see that type of cooperation on display when the Senate votes today to reconsider stalled cyber security legislation.

If we can work together to address these two measures – the sportsman’s package and the cyber security bill – it will set a tone of cooperation that could characterize the remainder of this Congress, and the next Congress as well.

National security experts say there is no issue facing this nation more pressing than the threat of a cyber attack on our critical infrastructure.

Terrorists bent on harming the United States could all too easily devastate our power grid, our banking system or our nuclear plants.

A bipartisan group of Senators has worked for three years to craft this legislation. Yet Republicans filibustered this worthy measure in July.

It’s imperative that Democrats and Republicans work together to address what national security experts have called “the most serious challenge to our national security since the onset of the nuclear age sixty years ago.”

I found it encouraging when a number of my Republican colleagues – Senators McCain of Arizona, Chambliss of Georgia, Hutchison of Texas, Kyl of Arizona, Coats of Indiana and Blunt of Missouri – recently wrote President Obama advocating legislative action on cyber security.

They wrote: “An issue as far-reaching and complicated as cyber security requires… formal consideration and approval by Congress… Only the legislative process can create the durable and collaborative public-private partnership we need to enhance cyber security.”

This group of Senators says they remain committed to the legislative process. Today, they have an opportunity to demonstrate that commitment.

On several occasions since Republicans filibustered the cyber security bill this summer, I have asked my colleagues to bring to me a list of amendments they would like to debate as we consider this legislation.

Today, they have yet another opportunity to do so.

They can show their commitment to a legislative solution to the cyber security threat by advancing this worthy measure and moving forward with a productive debate on the issue.

This is yet another opportunity for this Congress to prove it can cooperate and compromise when it matters most. But it won’t be our last opportunity.

Before the end of the year, we must craft a balanced agreement to reduce the deficit and protect middle-class families from a tax hike.

As cyber terrorism represents a serious threat to our national security, so the looming fiscal cliff represents a serious threat to our economic security.

I am heartened to see that a number of Republicans – including a number of prominent conservatives – have opened the door to a balanced agreement.

Bill Kristol, a leading conservative commentator, said, “It won’t kill the country if we raise taxes a little bit on millionaires. It really won’t.”

And Glenn Hubbard, an advisor to the Romney campaign, conceded that any agreement must include revenue increases.

It’s simple math. To protect the middle class, it will be necessary to ask millionaires and billionaires to contribute a little more as we work to reduce the deficit.

Democrats understand we won’t get everything we want from a bipartisan accord.

But Republicans should realize they won’t get everything they want, either.

And that shouldn’t prevent us, as my esteemed predecessor said, from working together to work it out.

“Secretary Panetta explained in stark terms the urgent and deadly threat that a cyber attack poses to the United States. A cyber attack could cripple our economy and infrastructure, sow chaos and cost lives. Secretary Panetta’s warnings are consistent with the message that the national security community has been delivering to the Senate for months. We know what tools our national security community needs – but in sadly predictable fashion, Senate Republicans are blocking a comprehensive cybersecurity bill that would make those tools available.

“Some of my colleagues have suggested that the President should delay further action to protect America from this threat until Congress can pass legislation. Secretary Panetta has made clear that inaction is not an option. I will bring cybersecurity legislation back to the Senate floor when Congress returns in November. My colleagues who profess to understand the urgency of the threat will have one more chance to back their words with action, and work with us to pass this bill.

“Cybersecurity is an issue that should be handled by Congress, but with Republicans engaging in Tea Paty-motivated obstruction, I believe that President Obama is right to examine all means at his disposal for confronting this urgent national security threat.”

“National security experts from the military, intelligence, and law enforcement communities – on a bipartisan basis – have recognized the imminent threat of cyber-attack by our adversaries against our nation’s critical infrastructure. A cyber-attack coming from anywhere in the world could cause widespread blackouts throughout our nation or target the safeguards at our nuclear power plants, and right now there is little we can do to prevent it. The only people who have not yet awakened to the seriousness of the threat appear to be Senate Republicans. Despite a unanimous chorus of national security leaders demanding urgent action, Republicans recklessly obstructed cyber security legislation today, filibustering it with irrelevant, political amendments that serve no purpose other than catering to the Tea Party.

“I am extremely disappointed Republicans derailed a critical national security bill we have been working on for the past three years. More disturbing is that Republicans have shown they are willing to put partisan politics and narrow corporate interests above this nation’s security. Democrats will not give up trying to protect our national security, and we will continue working to solve this vital issue for our nation.”

Last week General Keith Alexander, director of the National Security Agency and commander of U.S. Cyber Command, was asked to rate how prepared America is to face a cyber terrorist attack on a scale of 1 to 10.

This is what he said: “From my perspective I’d say around a three.”

Keep in mind, one is totally unprepared and 10 is totally prepared.

One of the country’s top national security experts gave us a three out of 10 – a failing grade by any standard.

He went on to say the type of cyber attacks that could black out the United States for weeks or months are up seventeen-fold in the last three years.

The nation’s top security experts have said a “cyber 9-11” is imminent.

And they say frailties in our defenses again these attacks are the most urgent threat to national security.

So it was with disappointment that I filed cloture last night on legislation to reinforce our defenses against malicious hackers.

National security experts have been plain about the urgent need to act. They say the question is not whether to act, but whether we will act in time.

A bipartisan group of Senators has worked for three years to craft the legislation before this body.

Still, I was pleased to hear last week that many of my colleagues were working on thoughtful amendments to improve and strengthen this measure.

Senators on both sides have worked hard to address every concern raised by the private sector about this legislation.

I expected a healthy debate on this issue. I also expected to processes many relevant amendments.

Unfortunately, that wasn’t good enough for a few of my Republican colleagues.

Instead of substantive amendments that deal with our nation’s cyber security, they are insisting on political show votes.

I had thought my Republican colleagues were taking this process seriously.

After all, the threat is clear.

And protecting the computer networks that control our electric grid, water supply and financial system should be above political wrangling.

So I was doubly disappointed to watch a bipartisan process derailed by ideological attacks on women’s right to health care.

As 47 million American women were set to gain access to preventive services with no out-of-pocket cost, Republicans insisted once again on a vote to repeal those benefits.

They want to roll back the clock to the days when insurance companies could discriminate against women – charging them more just because they’re women.

And to take matters worse, they are willing to kill a bill that would protect our nation from cyber terrorism in the process.

This isn’t a new tactic. You may remember how Republicans stalled the transportation bill – and put 3 million jobs at risk – as part of their attack on women’s access to contraception.

Still, I admit I was surprised that Senator McConnell would so brazenly drag partisan politics into the debate over a measure crucial to national security.

Just yesterday Senator McConnell and I received a letter from General Alexander of the NSA urging us to move quickly. This is what he wrote:

“The cyber threat facing the nation is real and demands immediate action. The time to act is now; we simply cannot afford further delay… We need to move forward on comprehensive legislation now. I urge you to work together to get it passed.”

I share General Alexander’s concern.

I agree the Senate should work together to pass this bipartisan legislation without further delay.

Republicans claim to share Democrats’ commitment to keeping taxes low for the middle class.

So it’s strange that they have repeatedly blocked votes on our proposal to cut taxes for 98 percent of American families.

Two week ago, Republicans seemed eager to have these votes.

They wanted to vote on our proposal to cut taxes for families making less than $250,000 a year – or 98 percent of Americans.

And they wanted to vote on their competing proposal, which would actually raise taxes for 25 million families while handing out more tax breaks to millionaires.

Democrats have tried to give Republicans what they wanted.

We have offered to skip their usual procedural delays and hold up-or-down, majority votes on both proposals.

So far they have refused. But the offer stands.

I hope Senate Republicans don’t insist on doing this the hard way.

And why are Republicans delaying votes they asked for in the first place?

They know a majority of Senators – and a majority of Americans – supports our plan to help middle-class families.

Our plan gives 114 million taxpayers – 98 percent of American families – certainty their taxes won’t go up.

And it reduces the deficit by almost $1 trillion by ending wasteful tax breaks for the rich.

Senate Republicans’ proposal takes a very different approach.

It extends tax breaks for the top 2 percent of Americans. But it fails to extend tax cuts that help middle-class families.

Their plan would hike taxes by another $1,000 for middle-class families while handing out an extra $160,000 tax break to every millionaire.

Democrats will simply never agree we should hand out more tax breaks to the richest 2 percent of Americans.

But that shouldn’t stop us from protecting the other 98 percent of Americans – and doing it today.

Cyber Security

Over the last few days, some of my Republican colleagues have suggested the Senate should delay action on what national security experts have called the most pressing threat facing our nation.

Instead of considering bipartisan cyber security legislation, they say we should first consider the annual Defense Authorization bill.

I argue we need to move rapidly to address the gaping hole in our defenses against cyber attack.

FBI Director Robert Mueller said that cyber threats will soon overtake terrorism as the most significant threat to our national security.

A bipartisan group of national security experts – led by former Secretary of Homeland Security Michael Chertoff and former Director of National Intelligence Mike McConnell – said cyber threats represent “one of the most serious challenges to our national security since the onset of the nuclear age.”

And the ranking member of the Armed Services Committee, Senator McCain, said:

“We must act now and quickly develop and pass comprehensive legislation to protect our electric grid, air traffic control system, water supply, financial networks and defense systems and much more from a cyber attack.”

That was a year ago. The threat has only grown more urgent.

And failing to act on cyber security legislation not only puts our national security at risk, it recklessly endangers members of our Armed Forces and their missions around the world.

Service members themselves have been repeatedly targeted by cyber actors.

In one hack last year, more than 90,000 military email addresses and passwords were stolen, and in another hack of the TRICARE system 4.9 million medical records were stolen.

If we are serious about protecting our troops, we must protect them against cyber attacks.

But acting to secure our critical networks doesn’t mean we won’t also pass a defense bill.

I do, however, have some specific concerns about the Defense Authorization bill.

I will not allow the defense bill to become an end-run around the bipartisan Budget Control Act.

If we are to going to debate the Defense bill, House and Senate Republicans need to make it clear that they are willing to abide by the budget levels set by that law.

We must also ensure the defense bill is not used as a platform to advance irrelevant, partisan agendas.

Remembering Agent Gibson and Officer Chestnut

Last week, this nation was reminded how fragile life is, and how quickly it can be taken away by a random, senseless act of violence.

Fourteen years ago, the Capitol community was similarly reminded that we must never take life for granted.

On this day in 1998, two dedicated U.S. Capitol Police officers – Special Agent John Gibson and Officer Jacob Chestnut – gave their lives while protecting this building and the people in it.

But their lives were not spent in vain. The tragedy of that day made the Capitol a safer place.

It led to the construction of the Capitol Visitor Center, which prevents a madman like the one who shot Agent Gibson and Officer Chestnut from entering the Capitol.

And while nothing can erase the pain of losing a loved one, I hope their families take some measure of comfort in knowing Agent Gibson and Officer Chestnut are not forgotten.

Even 14 years later, those of us who work in the Capitol continue to honor their service and their sacrifice.

And we are grateful to the brave men and women who safeguard ‘the People’s House’ today.

Washington, D.C. – Nevada Senator Harry Reid spoke on the Senate floor today regarding cyber security and critical infrastructure. Below are his remarks as prepared for delivery:

Technology has changed our world.

It has changed the way we shop, the way we bank and the way we travel.

It has changed the way we get information, and the way we share it.

It has changed the way our country protects itself. And it has changed the types of attacks we must guard against.

Some of our top national security officials – including General Martin Dempsey, Chairman of the Joint Chiefs of Staff; General David Petraeus, Director of the CIA; and Leon Panetta, Secretary of Defense – have said malicious cyber attacks are among the most urgent threats to our country.

We’ve already seen cyber attacks on our nuclear infrastructure, our Defense Department’s most advanced weapons, the NASDAQ stock exchange and most major corporations.

Cyber attacks don’t threaten only our national security – they also threaten our economic security.

These attacks cost our economy billions of dollars a year, and thousands of jobs. So we need to act quickly to pass legislation to make our nation safer and protect American jobs.

The Defense Department, Department of Homeland Security and experts from across the intelligence community have issued chilling warnings about the seriousness of this threat.

Only days ago, Senator McConnell and I received a letter from a remarkable, bipartisan group of former national security officials.

The group includes six former Bush and Obama Administration officials: Michael Chertoff, Paul Wolfowitz, Mike McConnell, General Michael Hayden, Retired General James Cartwright and William Lynn III.

The letter presented the danger in stark terms:

“We carry the burden of knowing that 9/11 might have been averted with the intelligence that existed at the time. We do not want to be in the same position again when ‘cyber 9/11’ hits – it is not a question of whether this will happen; it is a question of ‘when.’”

The group called the threat of a cyber attack “imminent.” And they said it “represents the most serious challenge to our national security since the onset of the nuclear age sixty years ago.”

The letter noted that the top cyber security priority is safeguarding critical infrastructure – the computer networks that control our electrical grid, water supplies and sewers, nuclear plants, energy pipelines, communications systems and financial systems.

These vital networks must be required to meet minimum cyber security standards.

The letter was clear that securing this infrastructure must be part of any cyber security legislation Congress considers.

General Keith Alexander, director of the National Security Agency, has said the same thing.

This is what he wrote to Senator McCain recently:

“Critical infrastructure protection needs to be addressed in any cyber security legislation. The risk is simply too great considering the reality of our interconnected and interdependent world.”

General Alexander is one voice among many:

• The President of the United States, President Obama
• The non-partisan Center for Strategic and International Studies Commission on Cyber Security
• The co-chairmen of the 9-11 Commission, Governor Thomas Kean and Congressman Lee Hamilton
• The Director of National Intelligence, James Clapper
• The Director of the FBI, Robert Mueller

They have all echoed this call to action.

In fact, the entire national security establishment – including leading officials from the Bush and Obama Administrations, civilian and military leaders, Republicans and Democrats – agree on the urgent need to protect this vital infrastructure.

And yet some key Republicans continue to argue we should do nothing to secure critical infrastructure.

When virtually every intelligence expert says we need to secure the systems that make the lights come on, inaction is not an option.

A coalition of Democrats and Republicans – including Senators Lieberman, Collins, Rockefeller and Feinstein – has proposed one approach to address this problem.

Their bill is an excellent piece of legislation, and it’s been endorsed by many members of the national security community.

It’s a good approach, and it would make our nation safer. But there are many possible solutions to this urgent challenge.

Unfortunately, the critics of the bill have failed to offer any alternative to securing our nation’s critical infrastructure.

The longer we argue over how to tackle this problem, the longer our power plants, financial systems and water infrastructure go unprotected.

Everyone knows this Congress can’t pass laws that don’t have broad, bipartisan support. So we’ll need to work together on a bill that addresses the concerns of lawmakers on both sides of the aisle.

But for that to happen, more of my Republican colleagues need to start taking this threat seriously.

It is time for them to participate productively in the conversation, instead of just criticizing the current approach.

There is room for more good ideas on the table. And I welcome to the discussion any Republican genuinely interested in being part of the solution.

But national security experts agree: we can’t afford to waste any more time.

The question is not whether to act, but how quickly we can act.

Tens of thousands of bridges and millions of miles of roadways across the country are in a state of disrepair.

But, rather than putting Americans to work fixing those roads and bridges – and repairing crumbling train tracks, highways and sidewalks across the nation – House Republican leaders are pandering to the Tea Party.

As if putting the Tea Party ahead of efforts to repair our nation’s crumbling infrastructure wasn’t bad enough, House Republicans are risking 2.8 million jobs in the process.

I was disappointed to hear last week that House Republican leaders will pursue a three-month extension of the Highway Bill. They should be voting on the two-year transportation bill passed on an overwhelming, bipartisan vote by the Senate.

Their short-term Band-Aid bill is no solution. Communities and contractors need certainty – especially going into the summer construction season – that their projects won’t grind to a halt in three months because the House once again refuses to act.

The American people will know who to blame if chaos in the House Republican caucus costs us almost 3 million jobs. One week remains until thousands of projects around the country lock their gates and lay off their workers.

It is time for House Republican leaders to do the responsible thing: take up the Senate-passed transportation bill, which is strongly supported by Senate Republicans.

The American people are watching, and time is wasting.

While House Republicans are squandering precious time and risking American jobs, the Senate will move forward with a bill to repeal billions in subsidies to big oil companies.

Last year, Big Oil raked in $137 billion in profits – more than ever before – but still received billions in taxpayers-funded giveaways.

Even with domestic oil production at its highest level in almost a decade, prices at the pump are rising.

Oil companies are making money hand over fist. When the price of a gallon of gas goes up by a single penny, quarterly profits for the five major oil companies go up by $200 million.

Yet this country continues to give taxpayer dollars to some of the most profitable corporations in the world – corporations that don’t need our help. It’s time to end this careless corporate welfare.

The only real way to bring down prices at the pump is to reduce U.S. dependence on foreign oil. That will take additional responsible, domestic oil exploration anhgd smart investments in clean energy technology.

The Senate will vote this evening to advance the Repeal Big Oil Tax Subsidies Act.

This legislation ends more than $2 billion a year in tax breaks for Big Oil. And it invests the savings in the clean energy industry, where it will grow our economy and create jobs.

Repealing wasteful subsidies won’t cause oil and gas prices to rise. But reducing America’s dependence on foreign oil will cause prices to fall.

I hope my Republican colleagues will join Senate Democrats and repeal subsidies for Big Oil. It is time we worked together to move this nation toward its clean energy future.

But if Republicans continue to stand up for oil companies making record profits, one thing will be obvious: Republicans care less about bringing down gas prices than about helping big oil companies that don’t need the help.

Congress should pass this legislation quickly, before another taxpayer dollar is spent on wasteful handouts to Big Oil.

The Senate must also move quickly to reform our postal system. And in the coming weeks the Senate must reauthorize of the Violence Against Women Act, pass additional job creation measures and take up a crucial cybersecurity bill.

The Pentagon says passing cybersecurity legislation is the single most important action Congress can take to improve national security. That’s why I will bring a bill to the floor very soon.

Bipartisan efforts to craft comprehensive cybersecurity legislation have been ongoing for several years, but the time to act is now.

It is time for Republican colleagues who have been involved in this effort from the start to sit down at the negotiating table and help us settle on a final approach. The next few weeks will set the path ahead.

Both parties agree this legislation is a priority. And Senators interested in getting involved should act now, before time runs out.

As always, I hope Democrats and Republicans will be able to work together to forge a path forward.

“This legislation demonstrates an encouraging willingness from Senators McCain, Hutchison, Chambliss and others on both sides of the aisle to engage in a constructive and open-minded debate about urgently needed cybersecurity legislation. Perhaps the most important contribution of this legislation is to highlight areas of broad agreement that should be included in a final comprehensive cybersecurity measure. It is an imperative for our national security that such a measure also address cybersecurity in the nation’s most critical infrastructure.  I look forward to a debate on the Senate floor that will ensure this bill and other proposals get a fair hearing, and which will allow thorough consideration of amendments to improve the legislation.

“The Department of Defense has warned us that the cyber threat to our nation’s security and economy is growing each day, and addressing it must be an urgent priority.”

Bipartisan, Three-Year, Cross-Committee, Process Has Included Extensive Input From Wide Range of Stakeholders, Including Industry

Reid to Donohue: “I Look Forward To Working In Close Cooperation With You To Pass The Senate’s Carefully Crafted And Narrowly Tailored Cyber Security Legislation When It Comes To The Senate Floor In The Next Few Weeks”

 Washington, D.C. – In a letter to U.S. Chamber of Commerce CEO Tom Donohue, Senate Majority Leader Harry Reid (D-NV) outlined a process for bringing urgently-needed legislation to the floor that will protect the United States’ national security interests against growing threat of cyber attack.

Citing testimony from a broad spectrum of prominent national security experts, Senator Reid writes, “Malicious cyber activity poses one of the most profound threats to our nation; yet, our government currently lacks a framework with which to confront this threat.  To put it candidly, we are playing catch-up in an increasingly costly – and potentially deadly – game.”

Outlining a plan to bring comprehensive cybersecurity legislation to the Senate floor in the coming weeks, Senator Reid explains that, “[g]iven the complexity and significance of the legislation, it is essential that we have a thorough and open debate on the Senate floor, including consideration of amendments to perfect the legislation, insert addition provisions where the majority of the Senate supports them, and remove provisions if such support does not exist.  For that reason, I have committed to my colleagues that we will have an amendment process that will be fair and reasonable.”

To address concerns raised by the Chamber of Commerce in a previous letter, Senator Reid writes, “I want to reassure you that far from being rushed, this legislation will have been subject to as fair, thorough, an open a process as is conceivable.  It has been developed through a process about which Leader McConnell and I have consulted and agreed at every step.  And I am convinced that the bill will be better for it.”

The letter notes that since beginning work on cybersecurity legislation in 2009, the Senate has:

• Held more than 20 hearings across at least seven different committees specifically on cyber security and related legislation, and addressed critical questions relating to cyber security in dozens of additional hearings;
• Held numerous briefings for Senators and staff on cyber security, including a briefing for all Senators by senior Administration officials last week;
• Organized several other forums for Senators to examine cyber security issues, including the Intelligence Committee’s 2010 Cyber Security Task Force and an ongoing informal discussion group led by Senators Whitehouse, Blunt, Mikulski, and Kyl;
• Considered nearly twenty separate cybersecurity bills and numerous cybersecurity-related amendments; and
• Held mark-ups of cybersecurity legislation in five separate committees, each of which occurred under each committee’s rules for regular order.

The full text of the letter is below and available online here.

Thomas J. Donohue
President and CEO
United States Chamber of Commerce
1615 H Street NW
Washington, DC 20062

Dear Mr. Donohue:

Thank you for the Chamber’s letter regarding the Senate’s efforts to prepare cyber security legislation to protect our nation from the malicious cyber activity that poses such a significant threat to our national security and our economy.

Beginning in 2009, the Senate undertook a cross-committee, bipartisan effort to develop comprehensive cyber security legislation in response to a threat that we recognize as significant, growing, and urgent.   Malicious cyber activity poses one of the most profound threats to our nation; yet, our government currently lacks a framework with which to confront this threat.  To put it candidly, we are playing catch-up in an increasingly costly – and potentially deadly – game.

I was struck by the testimony of the leaders of our Intelligence Community at recent Intelligence Committee hearings.  Director of National Intelligence James Clapper called cyber security “a profound threat to this country, to its future, its economy, and its very being.”  And Robert Mueller, Director of the Federal Bureau of Investigation (FBI), stated that, “stopping terrorist attacks with the FBI is the present number one priority, but down the road, the cyberthreat, which cuts across all programs, will be the number one threat to the country.”  Think about that:  in the years to come, malicious cyber activity will pose a threat to our country greater than terrorism.  We simply cannot afford to repeat the mistakes of the past by failing to prepare for the leading threats of the future.

Yet, addressing cyber security is not simply a matter of staving off a future threat; it demands that we stop the hemorrhaging of national security secrets, intellectual property, and jobs already underway. In a recent letter to Senate Republican Leader McConnell and myself, eight former high-ranking national security officials led by Secretary of Homeland Security Michael Chertoff and Secretary of Defense William Perry pointed out that, not only are critical infrastructure such as power plants and hospitals at risk; moreover, “foreign states are waging sustained campaigns to gather American intellectual property – the core assets of our innovation economy – through cyber-enabled espionage.”  They counseled that the “constant barrage of cyber assaults has inflicted severe damage to our national and economic security, as well as to the privacy of individual citizens.  The threat is only going to get worse.  Inaction is not an acceptable option.”

With such high stakes, it is essential that we produce legislation that is carefully considered and adequate to meet this challenge.  To that end, I wanted to take some time to respond directly to your concern that the Senate may be “rushing forward with legislation that has not been fully vetted,” since it appears that you may not be aware of the extensive, cross-jurisdictional, and bipartisan process that has guided the development of cyber security legislation for nearly three years now.

Your letter noted that “cyber legislation needs to be examined by Congress through the regular hearing and mark-up process,” and I couldn’t agree more.  Since beginning our work on cyber security legislation in 2009, the Senate has:

• Held more than 20 hearings across at least seven different committees specifically on cyber security and related legislation, and addressed critical questions relating to cyber security in dozens of additional hearings;
• Held numerous briefings for Senators and staff on cyber security, including a briefing for all Senators by senior Administration officials last week;
• Organized several other forums for Senators to examine cyber security issues, including the Intelligence Committee’s 2010 Cyber Security Task Force and an ongoing informal discussion group led by Senators Whitehouse, Blunt, Mikulski, and Kyl;
• Considered nearly twenty separate cyber security bills and numerous cyber security-related amendments; and
• Held mark-ups of cyber security legislation in five separate committees, each of which occurred under each committee’s rules for regular order.

There is no question that the Senate has considered cyber security legislation as thoroughly and as conscientiously as any legislation in many years.  As the non-partisan Commission on Cyber Security for the 44^th Presidency concluded, jurisdictional responsibilities for cyber security in Congress are fragmentary and overlapping, and no single committee in Congress – nor any single agency or department in the executive branch – has an adequate view of the full sweep of cyber security policy.  For that reason, in addition to the extensive consideration of legislation by individual committees, Leader McConnell and I agreed to establish a process wherein committees would work across jurisdictional lines, in “working groups” that included half a dozen different committees, to overcome parochial biases and develop legislation that is truly in the best interests of our nation’s security.  These working groups began actively meeting last July, and have worked arduously to develop legislation.

As part of this process, I have been clear, as outlined above, that these working groups must solicit and incorporate input from a wide range of non-governmental stakeholders – including leading industry representatives, academics, and security practitioners – as they developed the bill.  There has been a vigorous dialogue with a broad community of stakeholders, and I am pleased to note that literally hundreds of changes to the legislation have been made so far as a direct result of private sector input.  And as you note in your letter, the Chamber itself has been “working closely with Congress for nearly three years to develop smart and effective cybersecurity legislation.”

While I am pleased that this three-year-long process has helped the Senate assemble legislation that represents substantial and productive input from such a wide range of stakeholders, our process is not yet complete.  Given the complexity and significance of the legislation, it is essential that we have a thorough and open debate on the Senate floor, including consideration of amendments to perfect the legislation, insert addition provisions where the majority of the Senate supports them, and remove provisions if such support does not exist.  For that reason, I have committed to my colleagues that we will have an amendment process that will be fair and reasonable.

As you can see, far from being rushed, this legislation will have been subject to as fair, thorough, an open a process as is conceivable.  It has been developed through a process about which Leader McConnell and I have consulted and agreed at every step.  And I am convinced that the bill will be better for it.

I also appreciated hearing the Chamber’s views on the substance of the legislation.  Many of the issues you raised are concerns we have heard from others in the private sector, and the drafters of the legislation have painstakingly worked over the past few years to address these concerns.  As you review updated drafts of the legislation, I expect that you will find most of the issues raised in your letter have been addressed.

Much attention has focused on provisions to ensure cyber security within a narrowly defined group of critical infrastructure assets: systems which, if disrupted or destroyed by cyber attack, would significantly damage United States national security and potentially cost thousands of innocent lives.  Without some ability to intervene – in a targeted and efficient way – to ensure a certain level of protection in this narrow set of key infrastructure, the government cannot adequately protect its citizens.  On the other hand, you are absolutely right that a regulatory framework creating bureaucratic redundancy, over-intrusive requirements, and unmanageable costs is counterproductive and contradictory to the spirit of public-private partnership that must drive our nations’ cyber security efforts.  It is precisely for that reason that the Senate has worked closely to develop a critical infrastructure framework that: (1) is outcome-based rather than prescriptive in order to preserve and foster private sector innovation; (2) is flexible enough to allow the government to work through existing mechanisms and relationships; (3) is narrowly tailored to focus on only the most sensitive and essential systems; (4) minimizes duplication of effort and bureaucratic redundancy; (5) directs the government to act only when market incentives have failed to create adequate security conditions; and (6) incorporates the private sector as a full partner in securing cyberspace.  And the Information Technology Industry Council agrees that the latest critical infrastructure draft is a “careful delineation of the appropriate scope of cybersecurity-related regulation that will preserve and promote our industry’s ability to innovate.”

The Chamber’s letter states that, “Since 2009, the Chamber has consistently said that it will support legislation that is carefully crafted and narrowly tailored toward effectively addressing the complex cyber challenges that businesses are experience.”  I have no doubt that you are sincere in that commitment and I look forward to working in close cooperation with you to pass the Senate’s carefully crafted and narrowly tailored cyber security legislation when it comes to the Senate floor in the next few weeks.  Again, I appreciate your input into this vitally important legislation.

Sincerely,

HARRY REID