Thanks very much for including me in this event.
Good morning
everyone. Thank
you to
Secretary Napolitano, Michael Kaiser and the National Cyber Security
Alliance for you leadership in this effort.
I really appreciate the opportunity to be here on the same stage as
Secretary Napolitano. The last time we spoke in the same place
together was on the day of our Senate confirmation hearings.
This is a more positive experience.
But, I want to compliment Secretary Napolitano.
Her leadership
style—her no nonsense attitude—is well-known. Maybe a little
less well-known, but our exploits as a former mountain climber who
braved the Himalayas and climbed Mount Kilimanjaro. I think that
was good training for your government career.
There’s a lot
of similarities— the forbidding environment, the tough climbs, the
lack of oxygen. So
I think it’s not surprising that you’re doing so well at Homeland
Security.
I’ve also had the privilege of working with your deputy, Jane Lute
for many months on the deputy’s committee meetings and I’ve enjoyed
it. I think we’ve made progress. I think our homeland security is
more secure. The American people are safer. All of this is due to
the service of the men and women of the Department of Homeland
Security and the leadership of Secretaries Napolitano and Lute and I
want to thank you both.
The men and women of our two departments work together—24 hours a
day, 365 days a year—to keep America safe. This includes the
critical work of protecting the United States from the cyber threats
that endanger our security and our prosperity.
Now, I want to be very clear at the outset. It always risks
stating the obvious, but I am the Deputy Secretary of Defense.
As such, my focus is on how the Department of Defense
protects the Department of Defense and its military networks— the
“.mil” world.
Lead responsibility for protecting federal civilian networks—
the“.gov” world—belongs to the Department of Homeland Security.
And that is how it should be.
Likewise,
responsibility for protecting our private sector networks— the
“.com” world—belongs to the private sector, with the help of the
Department of Homeland Security as the lead government agency and as
your lead partner.
That said, I’m here today, because I think our experience is
instructive. The cybersecurity challenges we face every day at
the defense department—albeit on a very much larger scale than
some—are not unlike those faced by your agencies, your industries,
your institutions.
There’s no exaggerating our dependence on our information
networks—in our case, a 21st century military that simply
cannot function without them.
And there’s no
exaggerating the threat.
It’s
unprecedented in its source, its speed and its scope.
Like you, we’re facing cyber attacks from many sources— from teenage
hackers to hacker activists, to organized crime to industrial spies,
to foreign intelligence services.
Like you, we’re seeing these assaults come at astonishing
speed—not in hours or minutes, or even seconds, but in
milliseconds—at network speed.
And like you, we’re dealing with the breathtaking scope of these
assaults—constant attacks on our networks, most recently, the July 4
attacks that targeted government and industry, in the U.S. and in
South Korea.
But our scale at the department is unique— we have hundreds of
different organizations.
We have 15,000
networks that are administered by 90,000 personnel.
We have about
3 million
employees who use 7 million computers and IT devices.
But the lesson
is the same: our vulnerability is shared—and so is our
responsibility to address it.
We have a responsibility to collaborate within organizations.
And that’s why
the Department of Defense is building a culture of cybersecurity,
including certifying all those administrators and training our three
million employees to understand that when you log on, you’re the
frontline of our cyber defenses.
We’re
improving our capabilities, building a national cyber range where we
can develop new leap-ahead cybersecurity technologies.
And we’re
improving our command structure, creating a new military command— a
Cyber Command—to better coordinate the day-to-day defense of our
military networks.
We also have a responsibility to collaborate across
organizations—across the federal government. Again, DHS has
the lead responsibility for protecting federal civilian networks.
But whenever DHS asks, we stand ready to help—as a partner. To
rapidly share the latest threat information, DOD employees are part
of the DHS-led government-wide Computer Emergency Response Team (the
CERT).
DHS employees help us respond to intrusions of defense networks.
To strengthen our cyber defenses for the future, we participate in
each other’s exercises.
And to ensure DHS has the latest technologies to protect federal
networks, we share our own.
Indeed, as I’ve said elsewhere, it would be unwise—indeed,
irresponsible if the rest of government didn’t somehow leverage the
technical
expertise of the defense department, including the Defense
Information Systems Agency and the National Security Agency.
Our challenge—and one we will meet—is to apply that expertise in a
way that always upholds and respects civil liberties.
We have a responsibility too, to collaborate beyond government.
At DOD, we’ve found innovative ways to partner with industry to
protect sensitive defense information on their systems. We’re
sharing more threat information. Industry is reporting more of their
intrusions and we’re working together to help strengthen both of our
networks. It’s a model of cooperation that we’re sharing with
DHS as it partners with other parts of industry to better protect
the nation’s critical infrastructure.
And I would add that we have a responsibility to collaborate with
other countries. Many of the cyber attacks on U.S. networks
originate overseas.
Botnet attacks
involve computers all over the world.
Protecting
ourselves will require that we address complex issues of national
sovereignty and international law. But no single country can
do that alone.
This, I think, is the most important message of this month—no one us
can do this alone. Government agencies need other government
agencies. Government needs industry— we need your ideas, yours
innovations. And
industry needs government—for coherent and common sense policies.
And countries need other countries.
And most of all, everyone—every leader, every employee, and every
government, in industry, in academia—we need to understand the
vulnerabilities and the responsibilities that we share.
And while working together across so many sectors can often be a
frustrating and complicated endeavor, I would leave you with this
simple observation.
It is only
1928. By
this I mean we just marked the 100th anniversary of
military aviation began in 1908.
By comparison,
this year marks only the 20th anniversary of the World
Wide Web. In
other words, in terms of cyber security, we’re still in the era of
biplanes and dirigibles.
We’re still at the dawn of this information age. We still have
decades of change and challenge ahead us—decades of innovations and
technologies we haven’t even begun to imagine.
To be sure,
there will be setbacks and failures along the way. But if
history is any guide, this too is a challenge we can meet together
and solve together. This
too is an opportunity to meet our shared responsibility to protect
the American people—their security, their prosperity and their civil
liberties.
That is the spirit in which I join you today. That is the
spirit that the Department of Defense will bring to this challenge,
now and in the years to come. And that is the spirit in which
I am proud to introduce our primary partner in this and government,
the Department of Homeland Security and its secretary, Secretary
Napolitano.