authorities and missions are different and there are significant differences. for example, in the privacy p - protections that we employ within the exercise of civil jurisdiction and then, finally i would note the use of the nsa. we are not proposing and have never proposed that two nsas be created, rather two different lines of authority that emanate using the nsa, one of course for civilian and one for military. >> that's a very important factor. i want to come back to that in a minu minute. one of the opinions expressed to the committee as we face the challenge and decided which part of our government should be responsible for responding was

that there would probably be very deep and widespread concern among the public if we, for instance, asked the national security agency or the department of defense to be directly in charge of working with the privately owned and operated cyber infrastructure. it particularly with nsa that there would be a concern about privacy and civil liberty concerns. does that make sense to you? >> i've heard the same they do make acceptsense. indeed when we kind of figured out the division of responsibiese nsa, one of the things we were careful to elevate was the discussion of the protection of pry ivacy, cil

liberties and we have people at the nsa accompanied by our office of privacy, office of general counsel to make sure those protections are abided by. >> right. i'm glad you mentioned that department ofland security and the nsa because i want to make this report. senator mccain and i cod fid that in law that memorandum of understanding in the act that was passed at the end of last year but that memorandum doesn't -- if i can put it this way -- doesn't preempt the need for this legislation. that doesn't allocate sector,bility with regard to having the authority to take steps to efountry from cyber at is that right? >> that's right, mr. chairman. it's a memorandum that describes

the division of how we would each use the resources of the nsa but it doesn't deal with the core critical infrastructure the wa bill does. it doesn't deal with the private sector at all. it doesn't deal with information exchange the way the bill does. so it really was design ed to make sure that at least with respect to how we each use the nsa we had some meeting of the minds. >> so nothing in your opinion inconsistent between the memorandum of understanding between dhs and nsa and the cyber security act of 2012? >> oh, not at all. >> i'm pleased to note for the record that in testimony earlier this week secretary of defense panetta and chairman of the joint chiefs of staff general dempsey both endorsed this legislation. and then this morning about before the armed services committee that the director of national intelligence, gal of n

intelligence agency, also endorsed the legislation. both of those questions of support were unexpected by senator collins and me and, therefore, all the more appreciated. i want ed to ask you this question. dhs' industrial control system cyber emergency response team has played a critical role in providing support to the owners and operators of critical infrastructure. can you describe some of their capabilities on the work that they've done to assist private entities? >> well, what they have done is help isolate and identify when they have been notified of attacks on industrial control systems to help identify the source of the attack and methodology with which it was conducted to work with the

infiltratedent it d entity and of information to other control systems that could be subject to a similar attack either in that particular industry or in other industries. >> so on a voluntary basis, if i can put it this way, the dhs has developed the capability and relationships working with the private sector that will be strengthened by this legislation? >> yes. we have since the passage of the national institution and protection act, infrastructure pr protection in 2006 we have been working critical infrastructure. it's a lot of names. what it basically means is we have a process in place for dealing with the private sector and for exchanging some information on a voluntary basis. but that doesn't mean we get all of the information we get from core critical infrastructure.

that's one of the problems the bill addresses. >> thank you very much. my time is up. senator collins? >> thank you, mr. chairman. madam secretary, to follow up on a question that theked you. it's my understanding that dhs expertise in the area of industrial control systecate other government agency. is that correct? >> yes. >> and that's important because industrial control systems are a key part of critical infrastructure like the electric grid, water treatment plants. is that also correct? >> yes, and when you think about it, if you have the ability to interrupt the control system, you can take down an entire protective network. you can interfere with all of

the activities there and the attacks on control systems are growing more and more sophisticated all of the time. >> and could you tell us about work that is being done by dhs with your ics cert team and a national lab with respect to the u.s. electric grid? >> yes. we are working in both of those capacities with the national labs with the grid in terms of not only mitigating attacks that have occurred but also preventive measures they can employ. >> so you're doing training as well and helping the critical infrastructure owners and operators identify vulnerabilities? >> that's correct. >> it's my understanding that in january the administration transferred the defense department's defense industrial

base pilot program to dhs. this is that's known as dib. >> that's right, the dib pilot program. >> as i understand it, it shared classic threat indicators with defense contractors in a better contained information critical to the department's programs and operations. i understand that dhs is now the lead for coordinating this program with the private sector and that it's being expand ed t other critical sectors. could you tell us why the administration decided to transfer this pilot program from dod to the department of homeland security? >> well, the dib pilot really getsto we are

talking about here are basically private companies that do important defense contracting work, about but thessence privao the authorities and the laws that we use are better situated in als in this context as opposed to dod. so we've been working with dod from the outset on the design of the dib pilot, have been working with them on the initial -- the initial aspects of it. and now as the decision was made toex decision was also made that it's more appropriately located within the dhs. >> the bill are provides the authority to dhs to set risk based performance standards for critical infrastructure. do you believe that we can achieve great progress in

improving our cyber security in this country absent that authority? >> i think it makes it tougher. we have, as i said in my testimony, the basic authority under the homeland security act. we have authorities by various presidential directives. but nowhere do we have explicit authority to establish on a risk base level, on a risk base basis the protection necessary for critical infrastructure. >> finally, i think that a lot of people are unfamiliar with a lot of the work that the department has already done in the area of cyber security including the fact that there is a 24-hour seven day a week

national communication integration center. i believe it's called the ncsc. could you explain how this center operates and what it does with respect tohe sector? >> the ncsc is an integrated wyber and it includes on its floor not only dhs representatives from other federal agencies from critical infrastructure sectors that coordinate with us through the nip. lots of acronyms in the cyber world and the government ld rep from state and local governments as well because a lot of the information sharing is applicable to ou. thank you, mr. chairman. >> thanks very much, senator

collins. senator mccain? m co-chairman, thank you for holding this hearing on long-awaited cyber security act of 2012. obviously i om witnesses including secretary napolitano and my old friend, governor ridge, who will have some different aspects and views on this bill in his testimony. i'd like to state from the outset my fondness and respect for the chairman and ranking member, especially when it comes to security. so the criticisms i may have with the legislation should not be interpreted as criticism of them but the process the bill is being debated and its policy implications, all of us recognize the importance of cyber security in the digital world. time and again we have heard from experts about the importance of possessing the ability to effectively prevent and respond to cyber threats. we've listened to accounts of

cyber espionage originating in rogue outfits with the domestic presence like anonymous who unleash cyber attacks on those who dare to politically disagree. our own government accountability office has reported that over the last five years cyber attacks against the united states are up 650%. so we all of us agree the threat is real. it's my opinion congress should be able to address this issue with legislation a clear majority of us can support. however, we should begin with a transparent process that allows lawmakers and the american public to let their views be known. unfortunately, the bill introduced by the chairman and ranking member have already been placed on the calendar by the majority leader without a single mark-up or think business executive meeting by any committee of relevant jurisdiction. my friends, that's wrong. to suggest this bill should move directly to the is that the floor because it, quote, has

been around since 2009 is outrageous. first the bill was introduced two days ago. secondly, where do senate rules state a bill's progress in a previous congress can supplant the necessary work in the present one? additionally in twip we 111th c different set of senators. for example, the minority of this committee has four senators on it presently who were not even in the senate much less this committee in 2009. how can we seriously call it a product of this committee without their participation in committee respectively to treat the mulligan by bypassing the committee progress and bringing it directly to the floor is not the appropriate way to begin consideration of an issue cybe. in addition to these valid process concerns i have policy issues with the bill. a few months ago as senator

lieberman mentioned he and i introduced an amendment to the defense bill codifying a memorandum of agreement between the department of defense and the department of homeland security. the purpose of that amendment was to ensure that this relationship endures and highlights that the best governmentwide cyber security approach is one where dhs leverages not and expertise. this bill, unfortunately, this principles of that moa by expanding the size, scope, and reach of dhs and neglects to afford those necessary to protect the homeland to the only institutions currently capable of doing so. u.s. cyber command and the national security agency. at a recent fbi sponsored symposium at fordham university,

the commander of the u.s. cyber command and the director of the nsa stated that if a significant cyber attack against this country were to take place there may not be of much he and his leaders could do to stop it in advance. in order to stop a cyber attack you have to see it in real time. you have to have those authorities. these are the conditions we put on the table. now how and what the congress chooses that will be a policy decision. this legislation does nothing to address this significant concern. and i question why we have yet to have a serious discussion about who is best suited, which agency, who is best suited t fr threat? we all agree is very real and growing. additionally if the legislation before us today were enacted into law, unelikted bureaucrats at dhs could promulgate on american businesses which own

roughly 90% of critical scyber infrastructure. the regulations that would be created under this new authority would sometitymie job creation, property rights and divert resources from actual cyber security to compliance with government mandates. a simple regulators like dhs under this bill would impact free market forces which currently allow our brightest minds to effective network security solutions. i'm also concerned about the cost of this bill to the american taxpayer. the bill before us fails to include any authorizations orhe costs associated with the creation of the new regulatory at dhs. this attempt to hide the cost is ssme of critical infrastructure, the promulgation of regulations and their enforcement will take a small army. finally i would like to find out what specific factors went into

providing carve outs for the i.t. hardware and software manufacturers? my suspicion is this had more to do with garnering political support and legislative bullying than sound policy considerations. however, i think the fact such are included only lends credence to the notion we shouldn't be taking the regulatory approach in the first place. because of threats of the hurried process myself, a total of seven of us, high north, ranking minority, and seven committees will be introducing and are left with no choice but to introduce an alternative cyber security bill in the coming days. the fundamental difference in our alternative approach is we aim to enter into a cooperative relationship with the entire private sector through information sharing rather than an adversarial one with prescriptive regulations. our bill which will be introduche presidents' day rece

provide a common sense path to improve our defenses. by improving, updating our criminal code, reforming the federal information management act and focusing federal investments and s cyber security 0 our nation will be better able to defend itself against cyber attacks. we are all partners in this fight as we search for solutions. our first goal should be to move forward together. i also would ask to into the record a letter from chambliss, myself, jeff sessions, ranking member on finance, rarnging member oth co hutchison, ranking member on the

energy committee and chuck grassley on the ranking member is to senator reid which we have asked the legislation go through the regular process with the committees of jurisdiction having a say in this process. so, mr. chairman, i thank you and yield back the balance of my time. >> no balance. senator i return the -- no, it's not. look, with the same fondness and respect that you expressed for senator collins and me when you started, i cannot conceal the fact that i'm disappointed by your statement. we have conducted, this bill is essentially the one marked up by the committee, but that's not the point. the point is that we have reached out not only to

everybody who was possibly interested in this bill outside of the congress but opened the process to every member of the senate who want ed to be involved. we pleaded for involvement. and a lot of people including yourself have not come to the table. the most encouraging part of your statement is you and those working with you are going to introduce legislation and we'll be glad to consider it. the senate should consider it. i think senator reid intends to hold an open amendment process on this bill. but you know, as you stated, that this is a critical national security problem a respond to it with business about regulation of business, this is national security. as senator collins said, there is regulation of business that's bad for business and bad for the american economy. there is regulation such as we worked hard to include in this bi not bad for

american business and bad for erican business and american jobs and help to gar guarantee more american economic growth. on the question of dod and the intelligence community, i indicated for the record earlier that they have supported our bill this week. i hear what you've said about general alexander from nsa, but he has at no point nor has the department of defense or the dni come before us and offered anyo this bill that would give him more authority. i would welcome those suggestions if he wishes. i had to be honest with you as you've been honest with us, express my disappointment and express the only satisfaction i have from your statement way is that you are going to make a proposal, let our colleagues in the senate consider it. senator collins and i and others working on the bill will can consider it and let's get

something done on a clear and present danger to our country this year. >> mr. chairman, could i say briefly in response, i speak for seven -- seven -- ranking members of the major committees. i don't speak for myself. as a breakdown somewhere if seven ranking members of the relevant committees are all joining in this opposition to this process and this legislation. so if you choose to overlook the time and experience, tof us dee concerned about the process and the legislation and we don't think it should go directly to the floor. sen in various ways to try to rh engage their involvement in this bill. i would have much rather preferred to submit a bill that everybody had beenscusolng. we were very open to try to find

consensus as we did with other chairs who are is neglect iing expertise. i'm saying i'm sorry that they ve be engaged now. senator moran? >> mr. chairman, thank you. adam secretary, this is my you since the announcement of the want to talk about a topic unrelated at least to cyber rel to security and the chairman just spoke about clear and present ernd i have had a conversation about over a long period of time is related to our food and animal sa security in this country and as you can imagine, can expect the ap o congressional delegation have in regard to include dollars related to agro and bioscience security

facility to replace the aging plum island. you and you have had a number of conversations and i will live within my six minutes today to talk about this nongermane topic and we'll have a ll be togethere homeland supd i in just a few days. but i would n this opportunity to pass without, again, delivering the message to folks at homeland security who have throughout this process been our allies. and we consider that we have been your allies in an effort to animalt a facility designed to safety is protected. you and i had a conversation in march of last year, less than a yego -- homeland security subcommittee. you told me that it is something upportive of. plum island does not meeth this.

there was a highly contested peer reviewed competition and we look forward to continued construction. we believe that it needs to be built and we need to get on with it. future.n september of that year we and, again, we need to be confronting the things we face today and what we will face ten years from now. that series has continued with homeland security, the u.s. department of agriculture, and he would like for you to, i hope, we iterate the department, your position as secretary, continued support and belief in facility and to explain to me the idea of a re-assessment which is in only not in

concerns about safety or in concerns about location. >> that's right, senator, aight. the president does not request in the budget an appropriation for it because, in part, last year we requested $150 ultimate appropriated $75 million. the senate appropriated zero. we ended up with $50 million. and that and a lot of extra requirements put on p what we have done is allocated $10 million for animal research at university. i've talked with governor brownback among others. and in lig changed circumstances that we have to deal with and in light of the fact we have not been

able to persuade the congress to really move forward in a substantial way on funding, we that there be a re-assessment in light of the bca, budget control act, in terms not of firmly stand by the position i've stated but terms of scoping anha happen so that this proje can move forward with the right level of appropriation. >> msecretary, thank you. i would comment that the solution to lack of funding by congress is not for the administration to not request continued support and encouragement for congress to house appropriated $75 million last year. the senate in a conference committee it was agreed upon to you also are requesting additional planning of money within this

year's budget. again, the moneyha quickly as possible. letter shortly to continue the funding of the $40 th is available, is appropriated and now as a result of the report filed this week can be spent to complete the federal share of the utility portion of this based upon what i have heard you say and have read you said, it's not about location. it's not about the site, and it may be about the scope of what will occur but the utility pad is still important and will be necessary regardless of the scope of the projectso ask you e funding that you already have committed to and are authorized to now spend this $40 million on utilities and i would add to that point we have appropriated $200 millied