As we saw so clearly this past summer with the Northeast-Midwest blackout, so much of our day-to-day lives - in the running of our homes and our businesses -depend on reliable critical infrastructure. From the moment we get out of bed to the time we turn in for the night, our days are filled with the invisible presence of cyberspace - invisible, that is, until it isn't there. As one looks at the dozen or more critical infrastructures about which the Department of Homeland Security is particularly concerned, one common thread runs through all of them - their dependence on a robust, functioning, and secure cyber infrastructure
America's economic engine is fueled by efficiency, and to a large extent this efficiency is achieved through the use of technology. Increasingly that technology and those computer systems expose us to vulnerabilities and risk. When we look at the vulnerability of cyberspace, there's no doubt in my mind that what we've seen so far in attacks is just the early stage of what could become a critical national weakness--if we don't aggressively address it.
The attacks that have been launched to date have been relatively unsophisticated and have not inflicted major damage on our economy or our way of life. But we cannot count on that forever - or even for long. There's no doubt that we must work together to secure cyberspace from terrorists or others who wish to disrupt and damage our country.
In some ways, the situation we face now is analogous to the early days of the use of air power in warfare. There were those who thought air power would hold little military value. But there were others, forward-thinking people, who understood the capabilities and what would occur down the road - who were able to envision how battles and wars could turn on air superiority.
The war on terror is no different. We need to be thinking about how today's technological advances in cyberspace could be turned against us, so that we can stay at least one step ahead of those who seek to do us harm.
Since we are at war, and at risk, what are we doing about it?
Well, there has been an historic realignment of the Federal government in a very short period of time. In March, the Department of Homeland Security was created. In June, the National Cyber Security Division was launched. In September, the United States Computer Emergency Readiness Team - the US-CERT - was established. What does this really mean?
We are safer today than we were a year ago
For the first time, we have a single focal point of coordination, a national response system, for cyber threats.
The US-CERT began as a partnership with Carnegie-Mellon University's Software Engineering Institute. Using this framework, Homeland Security is delivering a scalable capability to meet this national need on an accelerated timeframe. By combining all of these resources into a National Response System we will continue to enhance our 24/7 functions, build on the cyber analysis capability, improve information sharing, disseminate timely alerts and warnings, and coordinate incident response and recovery efforts.
As Secretary Ridge mentioned, in the coming weeks we will be delivering a series of information products ranging from real-time critical alerts to cyber security tips for a wide range of audiences from cyber security experts to home users. We are increasing our speed and capability simultaneously. Already today, anyone interested in subscribing to this information can simply visit the us-cert.gov website.
The Department of Homeland Security is cataloging existing dependencies of our critical infrastructures on cyberspace. To highlight the impact of these dependencies, we recently conducted an assessment of our response capabilities with regard to cybersecurity events and their impact on our infrastructure. This real-time wargame, called "Livewire" [conducted in October of 2003] tested our decisionmaking during times of crisis, and we will be better prepared because of it. This exercise was the first of its kind, with participation from federal, state, and local governments, the private sector from multiple industries, as well as academia. Now, we are still compiling results from this exercise, but we are already improving our practices. We are preparing ourselves for potentially damaging events before they occur. Through this type of self-testing, we are improving America's preparedness before we experience an electronic September 11th.
We were encouraged by a great number of strengths that we identified during Livewire, but the reason [one] scrimmage[s] is to find out what needs to be fixed. [A] key observation was the need for better collaboration of response between public and private sectors. So I have directed the national response system to develop partnership programs with ISPs and backbone providers, the cyber incident response community, software vendors, security providers, law enforcement, media, and home users to address this shortcoming.
We also recognize the need to lead by example. To date, the government's track record in securing its own systems is unacceptable. But this administration has made improving this record a priority, and the Office of Management and Budget has put its money where this priority is.
Let me be clear, we have moved from strategy to implementation.
The President's National Strategy provides a high-level guidance for how the government and the private sector can work together to ensure that the cyber infrastructure that undergirds so much of our modern society cannot be used against us or compromised. That's where you come in. An effort such as this requires absolute teamwork because the solution is found when varying facets of our society are brought together.
We need to create a culture of security where security weaknesses will not be tolerated and where security becomes simple enough so that organizations of every size, and so every individual, is able to secure their cyberspace and takes on the responsibility to do so. As I look out over the audience of software developers, security solution providers, and infrastructure owner operators I ask you, "Are you satisfied with your progress in our endeavor? There are questions we face in software dependability, system security and corporate accountability. Are you satisfied?" [Indeed,] I hope that you are not.
As Secretary Ridge said this morning, we are a nation at war. Our front in that war is cyberspace. Let no one doubt this nation's resolve.
We have work to do together. So, let's get to work.
Thank you.
# # #
