National Cyber Security Alliance Kick-Off for Cyber Security Awareness Month at the Ronald Reagan Building and International Trade Center
Thu, 01 Oct 2009 18:22:00 -0500

Presenter: Deputy Secretary of Defense William J. Lynn, III October 01, 2009

U.S. Department of Defense
Office of the Assistant Secretary of Defense (Public Affairs)

On the Web: http://www.defenselink.mil/Transcripts/

Media Contact: +1 (703) 697-5131/697-5132
Public Contact: http://www.defenselink.mil/faq/comment.html or +1 (703) 428-0711 +1

Update your subscriptions, modify your password or e-mail address, or stop subscriptions at any time on your User Profile Page. You will need to use your e-mail address to log in. If you have questions or problems with the subscription service, please e-mail support@govdelivery.com.

GovDelivery, Inc. sending on behalf of the U.S. Department of Defense · 408 St. Peter Street Suite 600 · St. Paul, MN 55102 · 1-800-439-1420

National Cyber Security Alliance Kick-Off for Cyber Security Awareness Month at the Ronald Reagan Building and International Trade Center

Remarks as prepared:

 

                Thank you, Chris, and good morning everyone.  And thank you to Secretary Napolitano and Michael Kaiser and the National Cyber Security Alliance for the invitation to be here.

 

                I appreciate the opportunity to appear with Secretary Napolitano.  The last time we spoke on the same day was in January, before the Senate, during our confirmation hearings.  As you can imagine, today is a much different experience.

 

                Secretary Napolitano's leadership style—her no nonsense attitude—is well-known.  As are her exploits as a former mountain climber who once braved the Himalayas and scaled Mount Kilimanjaro.  That's good training for navigating the summits of a federal agency. 

 

                I've had the privilege of working with the Secretary and Deputy Secretary Lute for many months now.  And everyone should know: our homeland is more secure, and the American people are safer, because of the service of the men and women of the Department of Homeland Security and the leadership of Secretary Napolitano.  So thank you, Janet.

 

                The men and women of our two departments work together—24 hours a day, 365 days a year—to keep America safe and secure. 

This includes the critical work of protecting the United States from the cyber threats that endanger our security and our prosperity.

 

                Now, I want to be very clear at the outset.  It always risks stating the obvious, but it is very important.  I am the Deputy Secretary of Defense.  As such, my focus is on how the Department of Defense protects Department of Defense and military computer networks—".mil".

 

                Lead responsibility for protecting federal civilian networks—".gov"—belongs to the Department of Homeland Security.  And that is how it should be.  Likewise, responsibility for protecting private sector networks—".com"—belongs to the private sector, although with DHS in the lead, government can and must be your partner. 

That said, I'm here today because I think our experience is instructive.  The cybersecurity challenges we face every day at the defense department—albeit on a much larger scale—are not unlike those faced by your agencies, your industries, your institutions. 

 

                There's no exaggerating our dependence on our information networks—in our case, a 21st century military that simply cannot function without them.  And there's no exaggerating the threat, which is unprecedented in its source, its speed and its scope.

 

                Like you, we're facing cyber attacks from many sources—teenage hackers to hacker activists, organized crime to industrial spies, terrorist groups to foreign intelligence services.

Like you, we're seeing these assaults come at astonishing speed—not in hours or minutes, or even seconds, but in milliseconds—at network speed.

 

                And like you, we're dealing with the breathtaking scope of these assaults—constant attacks on our networks, most recently, the July 4 attacks that targeted government and industry, in the U.S. and in South Korea.

 

                So our scale at the department is unique—hundreds of different organizations with 15,000 networks administered by 90,000 personnel with some 3 million employees using 7 million computers and IT devices.  But the lesson is the same: our vulnerability is shared—and so is our responsibility to address it.

 

                We have a responsibility to collaborate within organizations.  That's why the Department of Defense is building a culture of cybersecurity, including certifying all those administrators and training our three million employees to understand that when you log on, you're the frontline of our cyber defenses.  We're improving our capabilities, building a national cyber range where we can develop new leap-ahead cybersecurity technologies.  And we're improving our command structure, creating a new military command—Cyber Command—to better coordinate the day-to-day defense of our military networks. 

 

                We have a responsibility to collaborate across organizations—across the federal government.  Again, DHS has the lead responsibility for protecting federal civilian networks. 

And whenever DHS asks, we're ready to help—as a partner.  To rapidly share the latest threat information, DOD employees are part of the DHS-led government-wide Computer Emergency Response Team, and DHS employees help us respond to intrusions of defense networks.  To strengthen our cyber defenses for the future, we participate in each other's exercises. 

 

                And to ensure that DHS has the latest technologies to protect federal networks, we share our own.  Indeed, as I've said elsewhere, it would be unwise—indeed, irresponsible if the rest of government didn't somehow leverage the unrivaled technical expertise of the defense department, including the Defense Information Systems Agency and the National Security Agency. 

                Our challenge—and one we will meet—is to apply that expertise in a way that always upholds and respects civil liberties.  

 

                We have a responsibility to collaborate beyond government.  At DOD, we've found innovative ways to partner with our industry partners to protect sensitive defense information on their systems.  We're sharing more threat information, they're reporting more intrusions and we're working together to help strengthen their networks.  It's a model of cooperation that we're sharing with DHS as it partners with industry to better protect the nation's critical information infrastructure. 

 

                And I would add that we have a responsibility to collaborate with other countries.  Many of the cyber attacks on U.S. networks originate overseas.  Botnet attacks involve computers all over the world.  Protecting ourselves will require that we address complex issues of national sovereignty and international law.  And no single country can do that alone.  

 

                This, I think, is the most important message of this month—no one us can do this alone.  Government agencies need other government agencies.  Government needs industry—your ideas, yours innovations.  Industry needs government—for coherent and common sense policies.  Countries need other countries. 

 

                And most of all, everyone—every leader, every employee, in government, in industry, in academia—we need to understand the vulnerabilities and the responsibilities we share.

 

                And while working together across so many sectors can often be a frustrating and complicated endeavor, I would leave you with this simple observation.  It is only 1928.  By which I mean this.  We marked the 100th anniversary of military aviation—1908.  By comparison, this year marks only the 20th anniversary of the World Wide Web.  In other words, in terms of cyber security, we're still in the era of biplanes and dirigibles.

 

                We're still at the dawn of this information age.  We still have decades of changes and challenges ahead us—decades of innovations and technologies we haven't even begun to imagine.  To be sure, there will be setbacks and failures along the way.  But if history is any guide, this too is a challenge we can meet together and solve together.  This too is an opportunity to meet our shared responsibility to protect the American people—their security, their prosperity and their civil liberties.

 

                That is the spirit in which I join you today.  That is the spirit that the Department of Defense will bring to this challenge, now and in the years to come.  And that is the spirit with which I am proud to introduce our partner, Secretary Napolitanos.