A New Challenge for Our Age: Securing America Against the Threat of Cyber Attack (Transcript)

Secretary’s Web Address on Cybersecurity
October 20, 2009, 11:00 am, NAC

Good morning, I’m Homeland Security Secretary Janet Napolitano. And I’d like to thank you for tuning in to this special web address today. 

Since we’ve been communicating about the importance of protecting the networks we rely on throughout Cybersecurity Awareness Month, I thought it would be fitting to use those networks to reach out to as many people as possible … to speak directly to you.

And you can speak with me as well. If you’re watching live this morning, you can submit a question through the link on this page, and I will address as many as I can at the conclusion.

Let me set the scene. A few months back, President Obama addressed in historic terms the issue of safeguarding our nation’s digital networks. He described these networks, and the hardware that supports them, as “strategic national assets” and “keys to our prosperity in the 21st century.”

The growing number of attacks on these networks has become, in the President’s words, “one of the most serious economic and national security threats our nation faces.”

Until now, we’ve not often talked about “cybersecurity” in such serious terms. 

But we must. President Obama understands well the challenge and the urgency.

In his video remarks on cybersecurity last week, the President challenged the nation to “seize the promise” and also “confront the perils” that technology brings.

As the agency charged with the broad mission of protecting the nation’s cyber infrastructure, systems and networks, the Department of Homeland Security is playing a key role in meeting the President’s challenge.

And so this morning I want to speak clearly and candidly about what cybersecurity really means for our nation. And I want to reach out to all of you: from experts, to businesspeople, to ordinary Americans, and especially those of you who may be daunted by all things “cyber.”

Cybersecurity is not some abstract concept. This isn’t a discussion about computers, or about data bits and bytes. It’s about the networks we use to communicate, to shop, to do our banking, and run our businesses.

So I’ll speak in plain terms about what these technologies mean for Americans. Like it or not, we’re all in this together. And wherever you are on that spectrum – from skilled professional to computer novice – we all depend on secure cyber networks. So:

I’m going to be honest with you about the risks and threats that are out there; I’m going to tell you what our Department is doing to reduce those risks; and I’m going to ask for your help. 

Our nation, like the rest of the globalized world, has become “digitally dependent.” And this “networked world” we now live in has evolved at a lightening pace.

Consider that from the time the telephone was invented in 1876 it took another 50 years for the first transatlantic phone call to be placed, and almost 80 years before all Americans could even dial long distance.

By comparison, the first commercial web browser came out just over 15 years ago, and today the vast majority of Americans are online, as are more than a billion-and-a-half people around the world.

Today’s high school freshmen have never lived in a world without the Internet. Google was established when they were two years old, so they have always been able to access information on demand.

Today:

• We rely on the Internet for banking, buying things, and staying in touch.
• Businesses rely on their cyber networks in myriad ways: interacting with clients, processing transactions, reaching new markets.
• Our transportation, financial, energy, and communications systems – as well as our government and military – rely heavily on computer networks to function.
• It’s how your airplane stays on course, how you get your electricity, your Social Security check, and your veterans benefits.

But the very openness of the Internet, one of its great strengths, is also its greatest vulnerability. The 9/11 hijackers used travel sites to plan their attacks.

Computers you can buy for under $1,000 can produce the next Great American Novel in the hands of a talented writer, or build the next great business.

But they can also allow bad people to steal that novel, or the trade secrets your company has worked so hard to develop, or, in the case of the government, to steal classified information – crimes that can put futures and lives at risk.

So, as President Obama said in May, “cyberspace is real. And so are the risks that come with it.”

We see thousands of attempts a day to hack into our nation’s government, military, and private sector networks. We’ve had computer viruses and worms infect millions of computers around the world, destroying important information, and disrupting commerce.

And American businesses have lost billions of dollars – and millions of Americans have had their personal information stolen or compromised – by cyber criminals, organized crime, and foreign intelligence agencies.

We tend to call these “cyber-crimes” or “cyber-attacks.” But, in fact, they are attacks on people like you and me, and on the institutions we build.

Think of it this way: If a predator is seeking to contact your children through an online social network, that’s not a cyber crime to you. It’s a threat to the safety and security of your loved ones and your family.

If your account numbers are stolen by an online spoof site pretending to be your real bank, that’s no longer a computer issue. It’s your ability to pay your mortgage next week and buy groceries.

These aren’t hypotheticals either. Two weeks ago, the FBI charged nearly 100 people here and abroad in one of the largest cyber fraud cases ever seen. 

In attacks like this, the victims are people like you and me who have been tricked into providing real information to fake sites – and who then see their savings drained, and their credit ruined, by thieves using nothing more than computers. The bad guys never even have to leave their chairs.

President Obama has said that the status quo is not sufficient. Mitigating these risks at all levels is an urgent national security priority and a significant technological challenge. 

Ok, so who’s in charge here? It’s a fair question because no one individual or organization runs the internet … or runs our cyber networks. So no one person or organization is in charge.

The networks we rely on everyday provide us a shared benefit. The enormous opportunity that this technology provides our society can be shared by all as well. 

But the risks and dangers of that technology are also shared, and so the security of our networks, our digital infrastructure, our cyberspace must also be a shared responsibility.

Let me say that again. Just as with our nation’s preparedness for natural disasters or terrorist attacks, our nation’s cybersecurity is a shared responsibility. 

And it’s an opportunity for you, as an individual, to personally contribute to our national security. Securing your home computer helps you and your family. And it also helps your nation in some very important ways. 

It helps by reducing the risk to our financial system from theft; and to our nation from having your computer infected and then used as a tool to attack other computers.

As individuals, the steps you need to take are clear, and they will make a big difference:

• Install and activate firewalls for your computer and internet connection
• Make sure your anti-virus and anti-spyware software is installed and up-to-date
• Check your computer settings to make sure your operating system and applications are automatically patched
• Practice good online habits by not visiting suspect sites, downloading suspicious documents or attachments, or opening email from people you don’t know
• Back up your files regularly and use strong and secure  passwords; and
• Begin educating your children early about staying safe online.

Of course, government has a responsibility to lead. And we’re doing just that. Since taking office, President Obama has made protection of our digital networks and infrastructure a top priority, and across the federal family of agencies, we are responding aggressively to the threat.

Under the President’s plan, the Department of Homeland Security is leading federal efforts to secure federal executive branch civilian government networks – the .Gov world.

But DHS also performs two other critical functions. We are partnering with the private sector to help secure the networks that power our economy – the .Com world. And we’re helping educate the American people about the practical measures that they can take to improve their own safety online, and our nation’s collective cyber defenses.

Let me share a few of the steps our Department is taking. We have consolidated our cyber efforts under the leadership of a highly regarded cybersecurity expert – Phil Reitinger – to improve coordination between government, industry, and international partners. 

This includes: the National Cyber Security Division, including the US Computer Emergency Readiness Team, also known as US-CERT; and the National Cyber Security Center.

We’re working closely across the federal family to protect the federal civilian networks and systems. First, we’re reducing and consolidating the number of external connections federal agencies have to the Internet through the Trusted Internet Connections initiative.

Then, we’re implementing DHS’s intrusion detection capability, known as EINSTEIN, to those Trusted Internet Connections.

And through US-CERT and other programs, we’re working more closely than ever with the private sector to detect and understand threats, share knowledge, and learn from the best that the private sector has to offer.

Just this year, DHS helped mitigate two potentially major cyber threats – the release of the Conficker computer worm, and the Denial of Service attacks we saw over the July 4th weekend.

In both cases DHS worked closely with the private sector to analyze the attacks, develop strategies to mitigate them, and collaborate on solutions that were fast, widely shared, and compatible at all levels.

I believe that this kind of partnership with the private sector can provide a model for deeper engagement … engagement to protect our nation’s critical infrastructure. 

That infrastructure is heavily reliant on networks, and the vast majority of it – some estimate around 85 percent – is in private hands.  

To be most effective, we in government must work closely with the private sector, and include it in our work as a full partner from the very start. 

And so DHS is working closely with businesses and trade groups across our economy to better understand risk and vulnerabilities, to collaborate on detecting and responding to intrusions, and to build the relationships that will let us work together to respond to attacks as one nation, and at “Internet speed.” 

Let me close by saying that even with the leadership of the U.S. government, and the engagement of the private sector, and help of ordinary Americans, we still need to do more.

As aggressive as we are being, as fast as we’re moving, our cyber adversaries will continue to succeed … unless our nation rises to this challenge in new ways.

We can’t treat this as a “government issue” or “corporate” issue. The protection of our digital networks is no longer a just a cyber or an IT issue. 

For people affected, it’s a human issue and an economic issue. And for the nation, it’s about the future of our prosperity.

I truly believe that when we read our history books in future years, we will see that what we faced was a technical and scientific challenge on par with some of the great challenges of the last century, like getting to the Moon, or sequencing the human genome.

I also believe there is no better catalyst for rising to this new challenge than our nation’s culture of innovation, and our world-leading higher education system.

As a good indication of how seriously I take this challenge, I’ve made a very significant down payment on our nation’s cybersecurity future.

Earlier this month, we announced that DHS has been given expedited hiring authority to bring on up to 1,000 additional skilled cyber professionals over the next three years.

And here is our message to those professionals and future-professionals: Not only does DHS want you, your nation needs you. We need our best and brightest, our finest computer scientists and engineers, mathematicians, and innovative thinkers.

I want you to look to DHS. We’re a new Department, but we’re an exciting and dynamic one, with a strong and clear mission. At DHS, you’ll work hard and you’ll be pushed because the stakes are high. And you will have an immediate opportunity to serve and to make a difference.

Some of you will work to protect the nation in our National Protection and Programs Directorate, or NPPD. Others will join the Secret Service or Immigrations and Customs Enforcement to help stop international financial criminals or sexual predators. 

All of you will have a chance to make a difference and to serve your nation. You’ll find a link on DHS.gov/Cyber where you can see the exciting positions that are already posted.

I want to thank you again for tuning in today. And I hope you’ll share this message with others by sending them to DHS.Gov to watch the video of these remarks. 

Together, we can build a more ready and resilient nation that is stronger and smarter than the determined adversaries we all face.

Thank you. And I look forward to answering some of the questions you’ve sent in.

Question 1: Jeff from Massachusetts - With continual computer hackers and predators are we doing enough to protect our government information infrastructure?

Answer: Jeff, we are moving very aggressively. I met just last week with leaders of the cyber world in Silicon Valley, both in the private world, both corporate and in government. We are also sending out information on a regular basis. We are also focusing, as I said in my prepared remarks, on the direct attacks, and what we do to protect our systems from intrusion and from hacking.

Question 2: Daniel from New York - We have cabinet level positions for labor, agriculture, energy, transportation, and yet none for technology/security which, as an industry, has a size commensurate with the others represented. Do you think a cabinet position to represent technology and its related effects - such as cybersecurity - is necessary?

Answer: Daniel, I’m not sure that I think that a cabinet level position is necessary. And the reason is that cyber runs through everything that we do as a government. So, it’s really hard to segregate it out. In fact, I think one of the things we’re learning as we enter this new cyber arena is that segregating it into an IT or IT function no longer is adequate. Again, as my remarks suggested, cyber is part of everything we do, from the most basic transaction to complicated security protections of our country. So what we need to do is make sure that cyber is part of our thinking in all departments. But added to that now, the president has included a chief technology officer, a chief information officer, in the White House, and he will be appointing a coordinator for cyber within the White House to help make sure that cyber is part of all that we do throughout the vast array of the federal government as we move forward.

Question 3: Elizabeth from Minnesota - Can you explain what DHS has done to reasonably use electronic means for official communications in high-risk situations?

Answer:  Elizabeth, a couple of things. One is, both FEMA and the Coast Guard have been using things like Twitter, Facebook and YouTube in hurricane situations and other natural disasters as a means to get information out. And we will be increasing the use of social media as we move forward. Another interesting application, which doesn’t pertain to emergencies per se, but is important to a lot of people, is that our Citizenship and Immigration Services now has online the ability for you to track your own immigration status, and you’re trying to become a citizen, as it moves through that process, step by step, as well as tell you how long you can anticipate waiting in each step. And it even has an option on it, where you can elect to be notified either by e-mail or text-messaging when your case has moved along. We’re looking for other ways to use the internet to make government more open, transparent, and proactive with individuals, again, as we move forward.

I think that's the time we have for questions today.  Let me thank you.  We're going to continue using this type of presentation to help give you information and to help answer your questions.  In the meantime I hope you will go to dhs.gov/cyber where you will find even more information.  Thank you.  And I look forward to working with each of you as we move forward.