Mr. KERREY. In the last 15 years America has been invaded by information
technology. Like the body snatchers of "Alien" that penetrated deep into
the human body, computers & communication technologies have penetrated deep
into our lives. Actually the "Alien" metaphor may not be apt since for the
most part we have invited this force into our homes.
We invited this technology into our homes and our businesses because they
allowed us to do things faster, better and cheaper. Among other things
these technologies have reduced the cost of running a home, made our
businesses more competitive, opened new markets by bringing buyers and
sellers closer together, and expanded the horizons of our students not to
mention adding entertainment value to our lives. The good news of computer
and associated communication technology have been offset by our growing
dependence. To see how much we are dependent one need only look at the high
level of concern surrounding the Y2K problem. Computer software is written
so that at a second after midnight on January 1, 2000, while hundreds of
millions of humans will be celebrating the end of an old millennium and the
beginning of a new,our computers will act as if it is January 1, 1900. To
the machines this will be the equivalent of day light saving century.
To some this is the beginning of a humorous and good news story. No income
tax. A chance to correct the terrible mistakes of the past 100 years. And
so forth. However, for those who operate our banking, emergency response,
air traffic control, and power systems this will be nothing to laugh at. So
dire are the predictions of some who understand how dependent on computers
and software we have become that they talk as though they are storing up
food and medical supplies just in case.
None of this would have happened if the century had ended twenty years
earlier because computers, chips, and microprocessors were not yet running
things. Twenty years ago I was hearing people tell me about how computers
were going to change things. It would be five more years before I had my
first personal computer: an Apple IIE. In 1983 portable computers were
available to those with strong backs or a fork lift. E-mail was in its
infancy. The internet was ten years away from its grand opening to the
public. Software was built into mainframes and was available to those who
knew how to navigate the procession of prompts and confusing signs. Speed
was a snail's pace. Capacity was like a rain drop in the desert.
What happened in the past twenty years is that we were thirsty for the
things a computer could do for us. Rapid and accurate calculations enabled
even small businesses to get costs under control. Personal computers
empowered us. Desk tops enabled us. Lap tops liberated. Decision making -
once driven from the top down by men and women with MBA degrees - has been
distributed outward and downward.
Now, any PC or Macintosh with average speed and power with state of the art
connectivity makes its user a publisher, broadcaster, editor, opinion
maker, and analyst of large amounts of previously confusing data.
Advances in computer and telecommunications technology have spurred change
and growth in our economy. These changes have generated wealth and jobs by
creating new businesses and destroying old ones. Market oriented businesses
have had to adjust or perish. Public institutions, because of the nature of
democracy - in other words, Majority rules but narrow interests win
elections - have been changing much more slowly. Slowly but surely the work
of transferring knowledge from a teacher to a student is being done with
the assistance of computers, software, and new systems where new skills are
The 1998 IRS Restructuring and Reform Act has a vision which depends on
this agency moving from a paper to an electronic world. The National
Imaging and Mapping Agency - a consolidated combat support agency - will in
a few years talk about maps as those things we used in the good old days
back when dinosaurs roamed the earth.
In fact, nowhere are the changes of the computer age more pronounced than
in our military and intelligence gathering forces, which is why I have come
to the floor today. Computers and communication technologies have made
America's fighting forces stronger and more effective. We should be proud
of the men and women who have trained and prepared themselves to take
advantage of these new tools. However, we also need to be alert to a hard
truth: With strength comes vulnerabilities. Just as Achilles was held by
his heel as he was dipped in the potion that made him unbeatable, we need
to be alert to those small spaces where a determined enemy could do us
If we are to maintain our economic success and provide the security our
citizens expect and deserve, we must as a nation turn to address our
The ability of people to use information technology to reach into our homes
and to amass vast amounts of personal data threatens our sense of privacy.
The omnipresence of this technology has caused our society to develop a
dependency on silicon chips and the wires that connect them. And, the
connectivity that now brings us so many benefits may also be a
vulnerability that nations and terrorists could use to threaten our
security. We have been blessed by our dominance in high-technology
industries and in our society's acceptance of new information technology.
Information systems are the backbone of America's telecommunications and
electrical power grids, banking and finance systems, our transportation
systems, broadcast and cable industries, and our businesses. They have
helped American workers become more productive, have brought new
efficiencies in the use and distribution of resources, and have helped our
nation grow to be the most advanced and competitive economy in the world.
We owe a large part of that success to the ingenuity, perseverance, and
vision of America's information technology companies and their employees.
The story of how computer companies started in garages can grow into
multibillion dollar corporations is almost legendary. An industry virtually
non-existent twenty five years ago has brought enormous wealth and
opportunity to thousands of Americans. Information technology has
transformed our nation's economy, and, as we enter into the 21st century,
our nation's livelihood will depend on continued development of this
industry. But the wonder of this technology is how its success has brought
extraordinary changes to other aspects of our lives.
Modern information technologies provide us with unheard-of opportunities in
education, business, health care, and other life-enriching areas.
Information technology empowers people to continue their educations and
upgrade their skills throughout life. Education no longer ends at the
schoolhouse door. In addition, new technologies are extending lifesaving
medical care to remote rural areas and promoting healthy communities across
the country. These new avenues to information better inform our electorate,
and the improved means of communication make it far easier for individual
citizens to express their views to the general public and to their elected
representatives. In combination, these technological benefits allow people
- both young and old - to develop new skills, explore new interests, and
improve their lives.
America's technological strength is the envy of nations around the globe.
But that strength, if not understood and protected, may also be our
We have been blessed this year with a number of warnings about this grave
and far-reaching threat. We have been blessed with warnings about the
interdependence of our information infrastructures, the interlocking
network that can make local hospitals and airports victims just as easily
as multinational corporations and media conglomerates. We need to heed the
warning and respond to this danger.
Just a few weeks ago, the media reported that the electronic mail programs
the vast majority of Americans use had vital, hidden flaws. Simply opening
an e-mail message could unleash a malicious virus and allow that virus to
freeze your computer, steal data, or erase your hard drive. I realize there
are some people in the United States - many of them here in the Senate -
who still do not use e-mail. But our society today relies upon electronic
mail for use in government and commercial communications, for business
management and project coordination, and personal entertainment and
missives. A malicious person could potentially have used these flaws to
blackmail people or companies, to disrupt government and commercial
activity, or to sabotage civilian or military databases.
Just a few months ago, one satellite orbiting more than 22,000 miles above
the state of Kansas began tumbling out of control. It was the worst outage
in the history of satellites. By conservative estimates, more than 35
million people lost the use of their pagers, including everyone from school
children and repairmen to doctors, nurses, and other emergency personnel.
All of that was the result of one small computer on a satellite 22,000
miles into outer space.
Earlier this year, we were in the middle of a very tense standoff with
Saddam Hussein. And we were able to track an attack on the Pentagon's
computer system to a site in the Middle East, in the United Arab Emirates.
There was a legitimate question at the time: Was this an act of war? Was it
a terrorist? Or was it, as it turned out to be, teenage hackers
inappropriately and illegally using their home computers? The implications
of an effective attack against our military's information systems would be
devastating during a time of crisis. This attack failed, but will we be as
fortunate in the future?
I do not think these incidents are a statement about software companies,
the satellite industry, or teenage computer aficionados. These incidents
are a warning - loud, clear, and wide - about the dependence of the
American economy and the American people on information technology. Our use
of information technology has helped us achieve and maintain our status as
the world's strongest nation. But our dependence on information technology
also brings exploitable weaknesses that, like the Lilliputians to the giant
Gulliver, may enable our weaker adversaries to cause great damage to our
In Jonathan Swift's tale, the Lilliputians used their mastery of
mathematics and technology to defeat their much more powerful adversary
Gulliver. Today, weaker adversaries may use their mastery of information
technology to invade our privacy, steal from our companies, and threaten
The revolution in Information Technology has propelled the United States to
an unparalleled position in the global economy. The principles of freedom
and democracy that we champion are ascendant throughout the world. We have
the world's largest economy, and we trade more than any other nation. Our
military strength, in conventional and nuclear terms, is greater than that
of any other nation. In short, we are the sole remaining superpower in the
And yet, we still find ourselves vulnerable to individuals or groups --
terrorists, criminals, saboteurs -- who have a fraction of the manpower,
weaponry, or resources we possess. In many ways, we are a technological
Gulliver. America's massive shift toward an economy that is based on
information technology has been a mixed blessing. Because we have the most
complex, multifaceted economy, we are a multifaceted target.
And our strategic vulnerability has risen hand-in-hand with our economic
power. Like the Lilliputians, there are people who have used the principles
of mathematics and science to master technology. They are so small in scale
compared to the threats that we usually see that we have to strain our eyes
just to identify them and figure out what they are doing. Gulliver, if you
recall, did not win his freedom with a single act or weapon. He used a
combination of things: sometimes he used his power, sometimes he used wit,
and he learned from his experience how to deal with his adversaries.
Mr. President, Congress urgently needs to establish a bipartisan agenda
designed to create more economic opportunities in technology and to close
our vulnerabilities. The following is my attempt to suggest what is needed:
1. We need more competition, not less. Congress passed the
Telecommunications Act of 1996 with the hopes of increasing competition and
improving access to communications technologies. Unfortunately, competition
has not developed on the scale anticipated when the Act was passed. Nearly
3 years after the Act, most telecommunications customers lack the ability
to simply switch telephone companies. In 1999 I hope Congress will make
changes in the law needed to bring the benefits of competition - lower
prices and higher quality - to the American household.
2. We need a special effort to make technology a part of our educational
system. More money should be appropriate for research and training.
Regulations need to be written so the market can offer curricula-relevant
courses to students in the home and school. We need to settle the disputes
surrounding the E-Rate so our school boards can plan and budget
3. We need bipartisan agreement on how to protect privacy and security. The
encryption debate has hobbled our efforts to write laws that enable our law
enforcement and national security agencies to carry out their mission of
keeping Americans safe while harnessing the power of the market to increase
security and privacy. Any discussion of security on-line must inevitably
involve encryption issues. Over the past five years, the debate over
encryption policy has pitted law enforcement, national security, privacy,
and commercial interests against one another. Yet, all these interests
would agree that providing security in our public networks is essential to
fully exploit the potential of information technology.
Personal privacy in the digital world should not suffer at the hand of
unreasonable export laws. Therefore, Congress should take action in the
coming year to remove export restrictions on encryption products of any
strength. I am confident that through cooperation between government and
industry, encryption can be exported without compromising the legitimate
needs of law enforcement and national security. A compromise can be crafted
if all parties , both private and public, are willing to work together to
solve the common goal of maintaining America's national security in the new
4. We should create in law a panel consisting of members of
Congress, Administration officials, and leaders in high-technology
industries to address the implications of information technology on our
society and our security. We should also create a new national laboratory
for information technology that will both perform research in this field
and serve as a forum for further discussions of the issues arising from
Mr. President, it is this fourth idea -- a new panel and a new laboratory
-- that I would like to discuss today. Why do we need this?
We need this, for starters, because the new threat of information warfare
requires a new paradigm in which the military must rely like never before
on other organizations and institutions to achieve success. Even if all of
the information safeguards for the Defense Department's data, equipment,
and operations were airtight, that would not be adequate. Currently, more
than 95% of all wide-area defense telecommunications travel on commercial
circuits and networks. And it would be impossible to replicate that type of
capability on our own.
Should an electronic attack come, it will likely not be aimed just at
military targets, but at civilian sectors as well. It is not simply that
the private sector relies on the military. The military relies on the
That is one reason we as a government cannot afford to ignore the defense
of the public and private sector infrastructure: We cannot do our most
basic job - protecting national security - without them. In this new world
of technology, if one of us gets tripped, we all risk a fall.
Our government, as it is now organized, can scarcely cope with these new
challenges. We need to address the development and vulnerability of the
American information infrastructure now. The regulatory frameworks
established over the past 60 years for telecommunication, radio and
television may not, in fact, most likely will not, fit the Information
Economy. Existing laws and regulations should be reviewed and revised or
eliminated to reflect the needs of the new electronic age.
As a government, we need to reassess the areas of responsibility of our
different parts, and the lines of authority that connect them, to ensure we
are best organized to face this threat. More than two dozen federal
agencies have either jurisdiction or a direct interest in the regulation of
information technology as it applies to national security or electronic
commerce. The Congress is no better off. In Congress, some 19 committees
are responsible for legislation on the same issues.
The Government has much to offer, through our understanding of security
concepts and technology, along with the vulnerabilities of information
technology and systems. We are strongly committed to share this knowledge
with the private sector. Such partnerships are crucial, but there are some
pitfalls, and we will need to build a balanced approach. For example: We
have to be careful not to give the impression that government wants to
increase its involvement in the day-to-day operations of individual
businesses. This is not at all the case, and few things will drive the
private sector away like the potential for more government intrusion and
"Government Knows Best" is not the message we want to send.
As a general principle, government should step in only when problems exceed
the capabilities of the private sector and the remedies of the marketplace.
However, in cases where there are no reasonable business reasons for
companies to make preparations, such as to counter a coordinated,
simultaneous attack against multiple infrastructures, then government
should be prepared to provide economic incentives and support.
A natural market exists for security and, ultimately, that will be our best
course of action: a solution that combines the entrepreneurial strength and
energy of the private sector with the national mission of the government.
One cannot overstate how important it is to get the government- industry
relationships right, because without them as a foundation, the value of all
other efforts will be significantly diminished. A fundamental challenge in
many cases is getting information about vulnerabilities and threats itself,
and this simply cannot be done without the foundation of public-private
sector information sharing. We cannot solve this by unilateral government
efforts. We have to move together to solve it.
And it is no surprise that both the government and private sector are
finding this difficult and complicated and frustrating. To combat cyber
attacks -whether by terrorists, spies, disgruntled employees, pranksters -
one needs both technical sophistication and cooperation among numerous
companies, agencies and nations.
It is going to be imperative for the protection of our information
infrastructure that the private sector, national security officials, and
law enforcement work together -- not just on this issue, but on issues for
the future. Many fear these discussions would lead to government
intrusiveness and abuse of power. Americans have always had a healthy
skepticism towards government power and our Constitution sets strict limits
on what government can and cannot do. We are a strong and vibrant nation
directly because we enjoy rights of free speech, free assembly, and against
unreasonable searches and seizures. Information technology can allow us
greater exercise of those rights. When we examine the security of
information technology, these rights must remain our guiding principles,
and our government policies should reflect them.
We must get past the suspicion between the private sector and government
and move forward. The information infrastructure is vital to America's
defense and to America's economy and we cannot preserve one without
protecting the other.
Here we need two things: A mechanism that transcends narrow organizational
politics to bring consensus.
And: A facility for advanced research into information technology
protection that also provides a venue for constructive and ongoing dialog
with industry, the government, and academia.
I believe Congress should act as soon as possible to create a blue-ribbon
panel of top federal officials, key leaders from Capitol Hill, and experts
from the high-technology field to address the issues of information
assurance, infrastructure protection, and encryption that cut across
committee lines. We need to have a panel that can speak with authority on
both politics and policy.
From the White House, we need to see a commitment of time, attention, and
resources at the highest levels. Cabinet officers need to play an active
role in shaping the solutions that are going to emerge from such a panel.
These issues are complicated and they have far-reaching implications, so at
the end of the day we need to have leaders in their respective areas --
Cabinet and Cabinet-level officials -- who are prepared to forge the
necessary compromises and make the case to industry and to the public.
Congress needs to take a similarly pragmatic approach. Committee
chairpersons, with their expertise in different areas and institutional
memory, need to be on this panel and give it all the attention they would a
piece of legislation. But in addition we need to acknowledge the
politically charged nature of these issues and be prepared to deal with
them. So I propose that we not only have representatives by issue area, but
representatives who are designated to speak for each major faction in the
Congress: a representative of the majority in the Senate, and one for the
House, a representative of the minority in the Senate, and one for the
House, and representatives of the legislative caucuses that have an
interest. Clearly government cannot do this alone. We need the perspective,
the insight, and the vision of experts who are part of the developments in
the information technology field and who can predict on the basis of that
experience where technology is going. We need their expertise and a
willingness to work with their government, for otherwise this problem will only grow worse.The panel I envision must therefore have a strong component of private sector experts devoted both to the advancement of technology and to the security of our country.
The complement to this Congressional panel should be a forum where
government, industry, and academic officials can work on these problems in
a systematic, confidential, and dispassionate way. I propose that we learn
from our experience and look to those models of industry-and-government
cooperation that have worked in the past. We can learn from agencies like
the National Safety Transportation Board, DARPA, and other federally funded
research and development centers. Specifically, Congress should pass
legislation that would enable the President to create a new national
laboratory and research facility to address information infrastructure
protection. The role and mission of such an organization would be to target
those specific areas that are now suffering from sporadic, contradictory,
or insufficient attention.
We must have a structure that can address the entire range of national
security planning and execution -- in other words, threat assessment and
evaluation, development of requirements, R, acquisition and procurement,
development of strategy and the conduct of operations across the entire
spectrum, from large-scale conflict to peacekeeping and operations other
than war. But this center would also help develop techniques, policies, and
procedures to make civilian and commercial information technologies secure.
To accomplish that mission, the information technology laboratory would
Support research and development by industry or government-industry
consortiums that aims to protect our privacy, shield our commercial
interests, and defend our nation against information technology threats,
Ensure that there is a secure conduit for the exchange of information about
Provide a forum for developing and managing responses and contingency
plans, both directly and in cooperation with a national command authority.
The Information Technology Laboratory would be funded through annual
appropriations as a Federally Funded Research and Development Center. But
it should also be able to establish fee-based contracts with agencies of
federal, state, and local government as well as universities for specific
services so that budget costs could be kept to a minimum. The Information
Technology Laboratory could also contract with private industry to do
research and development, while taking special precautions to protect the
confidentiality of proprietary data or information. The laboratory would
also report annually to the appropriate oversight committees in Congress
and the President.
In just four years from now, knowledge and information workers will make up
one third of all the workers in our multi-trillion dollar economy. We can
create a safe corridor for their passage to the next century. Or we can
continue to talk past each other while the Information Superhighway
attracts more and more robbers and frauds and terrorists.
We need to come to this task with a clear sense of purpose and full
understanding of the urgency involved. America has gained much from
information technology, and stands to gain much more as these systems
mature. Our future depends on the success of this technology. But that
success and our security depend on finding the policies and practices that
will identify and correct vulnerabilities before they are exploited.
Together, I am certain we can address this problem. In a noble but
imperfect democracy such as ours, answers are not impossible, they are only
impending. I look forward to working with my colleagues to face this
challenge. I yield the floor.