Remarks at Cybersecurity Policy Review Meeting

Commerce Secretary Gary Locke
July 14, 2010

I want to begin by thanking Howard Schmidt for pulling this event together. 

Almost a year ago, President Obama challenged the U.S. government to collaborate even more closely with the private sector to meet the evolving challenges of cybersecurity.

Today’s forum is emblematic of this improved public-private sector cooperation.

It can't be any other way.

The private sector owns and operates the vast majority of the Internet’s infrastructure, and it develops the applications and services that move commerce along atop of that infrastructure. 

The government is not in a position to engineer precise technology solutions. 

What government can and must do is to: provide a policy framework for innovation; and to help set the standards and rules of the road that will enable us to strengthen the connective tissue of the Internet.

In the next few minutes, I’d like to talk about how the Commerce Department, and in particular our National Telecommunications and Information Administration (or NTIA) and our National Institute of Standards and Technology (or NIST) have been working – and continue to work -- towards these goals as part of the administration-wide Cyberspace Policy Review.

But first, I’d like to frame the reason why we are all here today.   

Everyone in this room understands the economic and national security implications of cyber security.

You know that the Internet -- which is responsible for $10 trillion in annual online transactions – is a cornerstone of the global economy.

But ultimately, the importance of cyber security can be summed up in one word: Confidence.

That's what underpins everything we do on the Internet. Consumers need confidence that their identity and their personal information will be secure online; businesses need confidence that their intellectual property won’t be stolen; and government agencies and our military need confidence that our trade, technology and military secrets are safe from our adversaries.

And let’s be blunt -- because the Internet was initially designed for convenience and reliability, instead of with security as a top priority, we are fighting an uphill battle.

But I am proud to say that the Commerce Department -- working closely with our colleagues throughout the administration and in the private sector -- is making significant progress in helping the Internet become more robust and secure.

One of the Commerce Department’s most important accomplishments will go into effect tomorrow when DNSSEC is deployed at the root of the Domain Name System.

This action will essentially give a “tamper proof seal” to the address book of the Internet – a seal that gives Internet users confidence in their online experience.

And I’d like to thank the Department’s partners in this effort -- the Internet Corporation for Assigned Names and Numbers, and VeriSign.  This effort is an excellent example of public – private cooperation, which included extensive domestic and international community consultation. 

The Commerce Department is also continuing to play a central role in a variety of other cyber security initiatives.

Working with the National Security Agency, we are helping to standardize cyber security controls across national security systems and the rest of the executive branch.  

We are also helping the Department of Defense better manage cybersecurity risks stemming from an insecure global supply chain.  We’ve been working with experts in industry and across government to standardize both government and commercial supply chain best practices.

And then there is the work we are doing with the private sector to identify and reduce vulnerabilities for new devices like smart phones.

Working in conjunction with Commerce and NSA, the Internet Security Alliance has created the first-ever checklist of vulnerabilities for smart phones, which can have a large impact at the outset of the product design process. 

As the Commerce Department takes all these concrete steps to improve our cyber security, NIST is also coordinating a nationwide informational campaign called the National Initiative for Cybersecurity Education.

Ultimately, effective cyber security is dependent on the vigilance of civil servants, of our military personnel, of citizens and of businesses.  Everyone needs to understand how central cyber security is to the safety, security and prosperity of America.

This education initiative will consist of four tracks of work:

  • A national public awareness campaign that is being led by the Department of Homeland Security;
  • Formal cybersecurity education being led by the Department of Education;
  • National workforce training being led by the Department of Defense; and
  • Federal workforce development being led by the Office of Personnel and Management.

All of these initiatives I discussed today have been launched or completed in the time since the president first asked for a comprehensive Cyberspace Policy Review.

And this work will continue to be a priority. 

On a parallel track, the Department of Commerce has launched an Internet Policy Task Force made up of senior staff from across different parts of the Department that includes experts in intellectual property, in trade, in Internet communications and in standards. 

They are working on developing cyber security policy, as well as policy recommendations on other critical Internet issues like privacy, copyright, and international e-commerce.

As with almost everything the Commerce Department does, this Task Force will continue to solicit guidance and feedback from stakeholders like all of you.  

The Task Force is hosting a symposium on the 27th and will soon be publishing a request for written comments on how to improve cybersecurity public policy.  We hope to see the participation of many of the people in this audience.

Although the Commerce Department can help set the stage for innovation with sensible rules, guidelines and incentives, we know the actual innovating and creating is going to happen in the private sector.

That's a message President Obama delivered when he released the Cyberspace Policy Review last year.  It’s a message I've been trying to send everywhere I go in this country.

Too often, when this topic is raised by government officials, it is perceived as adversarial; the government versus business – the government looking to force the private sector to do something. 

That's not what we are trying to do here.  Today, we want to discuss the best ideas from the public and private sector on how we can help make the Internet more robust, and more secure while preserving its role as one of the greatest engines for economic growth in America.

I know that the Commerce Department team is looking forward to the rest of today, and with that, why don't I hand it off to. . . .