Washington, DC – U.S. Senator Dianne Feinstein (D-Calif.), chairman of the Senate Intelligence Committee, today introduced a resolution designating October as “National Cyber Security Awareness Month,” to raise public awareness of the cyber threat and of the steps that can be taken to improve cyber security.

The resolution is co-sponsored by Senators Jay Rockefeller (D-WV),  Kirsten Gillibrand (D-NY), Tom Carper (D-DE), Barbara Mikulski (D-MD), Joe Lieberman (I-CT), Susan Collins (R-ME), Harry Reid (D-NV), Carl Levin (D-MI), Robert Bennett (R-UT), Olympia Snowe (R-ME), Mary Landrieu (D-LA), Orrin Hatch (R-UT), George Voinovich (R-OH), and Evan Bayh (D-IN).

The following is Senator Feinstein’s statement for the Congressional Record:

“We in the Congress are trying to make cyber security a priority issue, but much work remains to be done.  A critical first step is to raise awareness and public understanding of the cyber threat and steps that can be taken to improve cyber security.  This is true across government and private industry, but the government should play a leadership role.

Each year for the last five years, the National Cyber Security Alliance, the Multi-State Information Sharing and Analysis Center, the Department of Homeland Security, and other organizations working to improve cyber security in the U.S. have designated October as ‘National Cyber Security Awareness Month.’

Today, I am introducing a resolution to officially designate National Cyber Security Awareness Month again this October.

The goal is to educate and empower Internet users to take simple steps to safeguard themselves from the latest online threats and respond to cyber crime and to bring Federal agencies, businesses, educational institutions, and other organizations together to encourage development and implementation of cyber security best practices.

Cyber security is a serious national security and economic security challenge of great complexity, deserving of increased attention from the Congress.  As the Senate prepares to consider important cyber security legislation to provide new authorities and clarify privacy and legal issues, a few cyber-related observations and concerns can be mentioned now.

First, I am troubled by the lack of situational awareness on the opportunities, activities, and identities of cyber thieves or potential attackers on U.S. information networks.  This is a serious weakness and a source of frustration for those responsible for oversight and strategic decision-making.  Unfortunately, it will not be easy to remedy this because there are disincentives to report cyber intrusions and vulnerabilities in the U.S. government and private sector.  This must change.  And it must change quickly so that cyber security leaders can make well-informed decisions and respond to problems in real time.

Next, it is clear that cyber security activities must be conducted with strong congressional oversight that will demand thorough Executive branch planning before billions of dollars are authorized and appropriated.  In addition, there must be a rigorous analysis of the government’s use of legal authorities for national cyber security missions that preserve the reasonable privacy expectations of Americans.  The government’s role must be well-defined as its activities involving the Internet evolve. I appreciate the White House’s effort to be transparent and open with Congress on this issue this year, and have high expectations for continued healthy cooperation.

We need to have those entities with cyber security responsibilities collaborating across the government.  That means homeland security, intelligence, military, foreign policy, law enforcement, and other components involved in cyber security must be working together.  The President has begun, through his cyber security review earlier this year, to provide a clear vision, strategic direction, and effective integration of the wide range of cyber security activities.  However, more progress in this area is needed. 

I was pleased when President Obama made a major address on cyber security at the end of May, but that strong first step has been followed by a four-month delay in appointing a White House cyber security coordinator.  Until this position is filled, it will be difficult to have effective leadership and coordination on governmental cyber security efforts.

The federal government’s communication strategy concerning cyber security must be improved as well.  There should be a new plan on the best way to communicate the national cyber security policy to the public.  Though some elements must be classified, it is important that the American people understand the government’s basic role in helping to secure information networks.  The general rules and expectations for government involvement, and how these may affect privacy, must be clearly explained.

In addition, the government must consider that effective cyber security inside the United States will require stronger diplomatic efforts and an international agreement on what will and will not be tolerated in cyberspace.  An international framework on cyber warfare, much like international conventions on traditional warfare, is needed to govern this rapidly growing field.

I also believe there should be a significant emphasis on long-term issues such as cyber research and development, recruiting cyber experts into government, and cyber education and training.  In particular, recent studies sponsored by the Senate Select Committee on Intelligence have concluded that the Intelligence Community must dramatically increase funding for research and development in order for our cyber defenses to be effective in the future. 

The online world is moving quickly, with cutting-edge technology expertise spread across the globe, and the United States cannot presume a clear-cut technology advantage as it has in other areas of national security.  I recommend a balanced portfolio approach that includes a nationally coordinated program of long-term, high-risk research aimed at revolutionary breakthroughs, sustained even when faced with near-term budget pressures.  I strongly support a rebalancing of the federal government’s Comprehensive National Cyber Security Initiative budget to address these concerns.

Finally, as a step beyond the Comprehensive National Cyber Security Initiative’s focus on securing federal government information networks, I am highly concerned about protecting the U.S. critical infrastructure.  For example, the country’s electric power grid, communications systems, and financial infrastructure are all critical to our way of life yet unacceptably vulnerable to cyber attack.  The government and the private sector must work together to share more effectively cyber threat and vulnerability information, and the Administration and the Congress must work together to determine the best mix of mandates, incentives, and other tools to improve critical infrastructure security. 

Fortunately, there is an increasing level of interest and debate on cyber security issues in Congress and around the country.  The Senate Intelligence Committee, which I have the privilege of chairing, has invested significant time assessing the cyber threat to our country and potential government responses through the following initiatives:

• Scores of personal meetings and staff briefings with government, private sector, academic, and nonprofit thought-leaders; 
  
• Six cyber hearings in the last two years; 
  
• Four six-month studies by the Committee’s Technical Advisory Group; 
  
• A new, balanced oversight system for federal government cyber security programs, as proposed in the Fiscal Year 2010 intelligence authorization bill; and 
  
• Regular outreach to other congressional committees.

I want to thank my distinguished colleagues, Senators Rockefeller, Gillibrand, Carper, Mikulski, Lieberman, Collins, Reid, Levin, Bennett, Snowe, Landrieu, Hatch, Voinovich, and Bayh, for cosponsoring this resolution and for their leadership on this issue.  I look forward to working with them and other members of Congress to improve our cyber security in the future.

###