To follow up on his State of the Union speech, I would like to highlight a few key points about the legislation the President mentioned that we sent to the Congress last May to secure our country from the growing danger of cyber-threats.
From day one, the President’s charge to all of us in the Administration has been to do everything possible to address our critical national and economic security needs. That is why we have tried to aggressively use our existing authorities to address the cybersecurity vulnerabilities of the critical infrastructure systems upon which we as a nation rely for our security and prosperity.
While there is much the Administration can and will continue to do under existing legal authorities to improve our nation’s cybersecurity, only Congress can modernize our underlying laws and give us the full range of tools our cybersecurity professionals need to more effectively deal with this growing and increasingly sophisticated threat. To address these growing risks and at the invitation of congressional leaders, the Administration sent the Congress a package of legislative proposals in May 2011 to give the federal government new authority to ensure the corporations that own the assets most critical to our nation’s security and economic prosperity are adequately addressing the risks we as a nation all share. Additionally, our proposals would provide new tools to help our citizens and law enforcement professionals defend against cyber crime and identity theft, while, at the same time, safeguarding individuals’ privacy and civil liberties. Further, our proposals would give the federal government new authority to share information about cyber threats with businesses, and when asked, provide them with federal assistance to prevent attacks and defend against the theft of intellectual property, which, when stolen, erodes their corporate competitive advantages among global peers and our competitiveness as a nation.
Our legislative proposals will move us toward accomplishing these goals, and while the task of securing our nation is never done, enacting them would be an incredibly important step. At the same time, addressing only a portion of these needs by our cybersecurity professionals will continue to expose our country to serious risk. For example, only providing incentives for the private sector to share more information will not, in and of itself, adequately address critical infrastructure vulnerabilities. The American people expect the federal government to work with the private sector to ensure our critical infrastructure is protected. Our professionals in the federal government, as well as those in state, local and private sector entities need new legislatively-enacted authorities to do so.
It is our sincere hope that Members of Congress will look at the significant amount of public debate that has been occurring on these issues – as well as the work and debate on this issue over the years in the Congress – and continue to work in a bipartisan manner to quickly enact legislation to address the full range of cyber threats facing our nation. Legislation that fails to provide the legislative authorities our professionals need to work with the private sector to ensure the safe and reliable operation of our critical infrastructure networks would not be commensurate with the very real and urgent risks to our nation.
Now is the time to pass legislation that ensures the companies we rely on to power our hospitals, supply our water, support our troops, and drive the economic engine of our country are adequately addressing cybersecurity risks. It is our hope that we can all work together to swiftly, effectively, and comprehensively address this critical national and economic security challenge while respecting the values of freedom, openness, and innovation so fundamental to our nation.