Tip:
Highlight text to annotate it
X
>> William S. Cohen: General Raduege, I could have listened to you all evening.
[laughter] If fact, I thought I was going to listen to you all evening.
[laughter] Thank you for your very kind words.
Let me say this.
I had the privilege of serving some 31 years in public office.
The most exhilarating, the most exhausting, the most rewarding were the years -
4 years - I spent at the Pentagon.
And that was because I came into contact with and admired the patriotism, sacrifice,
dedication and just humanity of the people who walk those halls.
General Raduege was one of them.
I admired him them.
I admire him now today in his current capacities and so to be able to walk those corridors
with someone like General Raduege and --
who's being followed in his footsteps by Chad, welcome this evening.
Admiral McConnell, General Minihan, General Scott,
I can say what an honor it is for me to be here tonight.
When people talked to me this evening they said, "We're honored by your presence."
No, it's the other way around.
I am honored to be here because of what you're doing, what you have done in the past as far
as your service to our country and also what you're doing today to help defend our country.
And so it's my privilege to be here
and I consider it a real personal honor to be with you this evening.
I was looking at the video.
I'm not sure what I can say beyond what is being said about these wonderful students
that we're helping to finance to continue their education in such an important field.
It's -- to me it's just gratifying to see the respect that they have for the institution,
for our country, what this means to them.
That they can carry on a full time job and yet have the opportunity to get an education,
even at the graduate level and still continue working.
And this integration with the faculty, the students and the faculty,
but alter the business community which makes it so important that they have real life experience
and not simply in an academic manner.
One of my favorite authors was Somerset Maugham and he said that, "During dinner,
one should eat wisely but not too well.
After dinner, one should speak well, but not too wisely."
I will try to speak well but very briefly if that's all possible.
And one of the most important books that I read as a young man was Alvin
and Heidi Toffler's book "Future Shock."
I think it came out in 1970.
It was prescient.
It peered into the future and said that the future time was going
to be actually speeded up or accelerated by events.
That technology was going to miniaturize the globe so that it was not much bigger
than a small ball spinning on the finger of science and that we were going
to find our culture, our traditions and our religion all shaken
in this hurricane wind of change.
And I think about that book today in terms of how prescient it really was.
And I think about what life was like when I first went to the Senate back in 1978.
We used typewriters instead of laptops.
We had payphones instead of smartphones.
And by the way, I saw the article in USA Today just 2 days ago which pointed
out that the first mobile phone was produced by Motorola called DynaTAC.
It was 10 inches long and 2 and a half pounds.
Today, the smartphones are roughly 4 to 6 ounces.
But we used carbon paper instead of scanners and laser printers.
We had human bank tellers instead of automated tellers.
We read newspapers and books instead of iPads and Kindles.
We kept our files in cabinets instead of the Cloud.
And millions across the world had a crush on an actress named Farah Fawcett instead
of the digital assistant named Siri.
So you know, much has changed in the past 40 years and so much change is going
to take place in such a short period of time.
I mean we are on the edge of a technological revolution the likes
of which we haven't even begun to imagine.
And with this change comes not only change in our citizens here,
but the structure of global life, global economy and the threats
that we're going to face as this century unfolds.
I harken back to Tom Freedman's book this afternoon.
I was trying to think of something I might say to you and I read --
reread some of Tom Friedman's book.
And he pointed out that back in 1492, Columbus who then had the view
that the world really was round and not flat which was the conventional wisdom,
he set out to find a shorter route to India.
He miscalculated the size of the globe even though he suspected it was round,
he ended up in America.
But interesting, he called the natives Indians.
He went back to Portugal and gave his findings as such
and proving his concept that the world really was round.
Friedman back in 2004 - as I recall - in 2004 Friedman set out to go to
and [inaudible] set sail for India on his Boeing -- on a Boeing jet.
And when he arrived in India, he was in Bangalore
and he found out that the world was flat.
It's both round and flat.
That technology had flattened the globe to the point that now information
or knowledge had been democratized.
It had been spread throughout the globe.
And so with that comes great promise and we've seen the kind of promise that comes
with information and information leading to power and the exercise of power.
What the flattening of the world has meant in a very positive sense
and that we've seen this kind of exponential growth
that has taken place in the use of the internet.
We talked about the cofounder or the inventor who was here tonight with us.
A decade ago, the internet users used a desktop or a laptop
and there were roughly I think only a few million people at that point.
Today there are 114 million people who use the internet in the United States and 94 of them --
94 percent are using access to the internet through smartphones.
And this growth in the internet use, it's not confined to the United States.
It's spreading everywhere.
Especially in the Africa countries: the emerging countries in Africa
and the emerging economies in Latin America.
They are growing at a rate in Africa of 15 percent and -- I'm sorry --
15 percent in Latin America and growing 40 percent in Africa.
Starting from a low baseline, but what you can see taking place is this growth
and this information spread.
And what is taking place, you'll have 500 million new users
who are accessing the internet and -- in the near future.
According to Ray Kurzweil - and I recommend his book called "The Singularity is Near" -
and what Kurzweil was saying is that in a not too distant future,
we're going to see the fusion of computer science, nanotechnology,
medical science to the point that we'll --
artificial intelligence will actually exceed human intelligence.
We're going to be wearing Google glasses.
We're going to be wearing Apple watches.
And I suspect that implanted technologies and microchips are destined
to get under our skin so to speak.
But the future of technology in our lives is going to alter some of our values.
And this to me is quite striking that we're no longer living in the information age
but what is now called the neuro-age.
And this phenomenon is altering basic values and I saw a statistic which quite striking.
They took a recent survey of the millennials: the so called Y-generation.
Fifty-eight percent of those surveyed would rather give up their sense of smell
than to be without their smartphones.
The fear of being away from one's phone is now known as nomophobia.
[laughter] Seriously.
And this is something that's changing values.
When you think that you'd give up your sense of smell rather than give up your smartphone,
something is taking place which is quite dramatic in our lives.
And this desire to be connected to everyone and to anyone, it has great promise for much
of the world in terms of bringing people together.
But as we know, you look at commerce today, transactions travel at the speed of light.
We deposit checks through our smartphones.
We recover sales receipts on emails.
We buy books on Amazon.
We know that revolutions have begun and organized on Facebook.
Tunisia, Egypt, Libya, Syria, atrocities can be captured
on Twitter and videos posted on YouTube.
Governments, corporations, NGOs, individuals, everybody can now be held accountable
for their actions or for their failure to act.
So there is much good that comes about.
Good governance, respect to human rights and these are just some
of the many positive benefits generated by technology.
But for every promise, there is of course a peril.
We're now seeing these electrons race across our information super highways at nanosecond speed.
Most of -- if you think about it, most of the military equipment that we have,
it consists of either flying or rolling or floating platforms that are wired
into a net sentry concept of warfare.
And today our military spends as much time defending nodes
and networks as we do sea lanes and airspace.
And there's no respite in sight.
And according to CIA Director John Brennan, the seriousness and the diversity of the threats
in this country that we face, he said, "In the cyber domain,
they're occurring on a daily basis."
Now most of us are aware of the report that was released about the activities
of China in terms of the cyber field.
I was recently in China.
I spent 10 or 11 days there and this issue of course to be expected,
the Chinese denied any association with cyber activities taking place in the United States.
But we have to engage the Chinese on this.
This is serious.
If you think back to the time we were talking about exchanges of missiles
and this debate went on when I was in the Senate.
Should we have a policy of launch on warning?
Remember that debate?
And we saw it one time.
There were a flight of birds - a flock of birds in flight -
and we thought these might be missiles and we were tempted at least to think about responding
in kind before those missiles landed.
So we had that as a concept: you know, launch on warning as is dangerous.
Should we have launch under attack?
And that was another concept that we wrestled with.
Or should we simply absorb a first strike and then respond?
Well those issues are back with us.
Those issues are fundamental to our survival today.
Because we now have to know or try to know whether or not someone is planning an attack:
a cyber-attack that would actually affect and destroy our critical infrastructure.
What do we do?
Is the information reliable?
How much warning will we have?
Should we act preemptively?
Should we wait until something takes place that we look like it's going
to shut down our critical industry?
These issues are important and we have to talk to the Chinese --
not only the Chinese but to the Russians and to others of what kind of rules we really have
to revise because the standard rules in dealing
with international law really don't apply as well here.
Which you have to wait for an attack upon your country in the sense of a physical attack
because we know that we can attack our infrastructure
and destroy our capacity for response rather quickly.
And I mentioned this while I as in China that we need to have an understanding
of what the thresholds are going to be.
How much activity can we accept from any country, friend or foe,
because there's a certain level of activity that we know there's going to be espionage conducted?
It's been you know as old as mankind itself: stealing of secrets.
Trade secrets, business plans.
That activity has gone on, will continue to go on but the concentration of that focus
by either a government, state sponsored or by individuals, criminal gangs or by solo hackers.
It can't rise to a level in which it threatens another country.
And those are the issues that we have to begin a very, very earnest discussion with
and see if we can't establish some method of discouraging it
and stopping it if we possibly can.
And I mentioned, it's not just China or Russia or any other country, look at Iran.
Earlier this year, Iran launched multiple cyber-attacks against dozens of online banks,
severely crippling them: incapacitating the access by consumers.
What was really unique about this is that they didn't go after individual computers.
Instead they engineered and went into the networks of computers in the data centers
in order to debilitate the banks.
And I'm thinking here with Bank of America, Citi Group, Wells Fargo, PNC and others.
And even though the bank accounts were breached, no money was stolen.
But this distributed denial of service, attacks they flooded those banks
and interrupting the servers for the consuming public.
And so the level of sophistication is only going to increase.
And the power of getting into those data centers and computing --
compounding that computing power was really quite extraordinary.
And they've made it clear, they're not going to stop.
Their website said, "Officials of American banks, expect our massive attacks.
From now on, none of the U.S. banks are going to be safe."
And so we think about this, what it means.
If you attack our financial institutions,
that's going to have serious domestic and global implications.
But the harm to our critical infrastructure -- we talk about our power grid, our water supply,
oil and gas pipelines, these are the things that have cyber leaders up at night.
When I as at the Pentagon, the reporters used to say, "What keeps you awake at night?"
And I usually responded, "A nuclear attack upon American soil."
That kept me awake at night thinking about it.
I decided to write about in fictional form last year.
But the same issues are involved.
What happens if you had a bomb that goes off on American soil?
What does a president do?
You have to identify who did this, how could they have done this,
why would they do it and what do we do about it?
Same issues now involved in the cyber field.
Trying to identify who could do this,
namely shutting down your cyber -- your critical systems.
Who could do this?
Why would they do it?
How do we identify who has done it?
And then what do we do in response?
So these are the issues that have surfaced more recently.
Digital bandits by the way, they don't need to carry a passport or a visa.
They can go anywhere -- they can travel, these bandits, anywhere in the world.
They can enter our homes.
They can rest there, take a nap, consume whatever food for thought they want,
heist the family jewels and disappear with their loot, not leaving any trace of fingerprints.
Think about -- that's what we're talking about in terms of cyber-activity today.
Cyber-bandits enter your home.
They rest on your computers.
They listen to everything that you are doing.
They watch everything that is being said, etcetera.
They're taking whatever information they can, taking it back.
They can nap there for months or years without us even knowing about it.
And then years later, or months later,
we can discover what they've been doing and it's virtually too late.
We saw recently in South Korea.
There were 3 television newscasters and 3 banks that were --
they suffered a massive cyber-attack and they lost something
like 30 thousand computers had all of their data wiped out.
They knocked off the bank websites offline, they closed the ATMs
and the South Korean authorities, they're still trying to figure out who did it.
At first and I was in China at the time this occurred,
the South Korean government blamed North Korea.
The next day, they set a trace the address to China.
Then they backtracked to, "No, it was something internally.
The infection had come from a system inside one of the companies."
And now they've said they've traced the IP addresses
on affected computers to the United States and Europe.
So spreading these viruses through botnets makes it all the more difficult for authorities
to pinpoint the country of origin.
And actually it increases the likelihood
that a victimized country might retaliate against a neutral 3rd party.
That was one of the scenarios I wrote about fictionalized.
That we might think that Iran would send a nuclear bomb and destroy a city
in the United States and so we're geared up to respond against Iran
when in fact it might very well be a different country because of the information
that has been altered to make it look like another country is involved.
SO these are serious issues affecting our national security cyber-warfare.
When you combine it with cyber-espionage, theft, terrorism, crime.
It constitutes one of the gravest threats that we will ever face.
And I think it's been identified as such by the FBI saying that with the not too distant future,
cyber threats, cyber space is going to --
activity in cyber space is going to pose the greatest threat to the United States.
Conventionally, there's no country that can match us.
There is no peer competitor of the United States anywhere in the world: unlikely to be any kind
of a military competitor 10-20 years from now.
But when you're dealing in the cyber world, you don't need to be a peer competitor.
You're engaged in asymmetric warfare and we've seen what happened during 9/11.
A couple of aircraft were turned into basically flying missiles that took
out the Trade Centers and attacked the Pentagon.
Very little amount of money invested: a great deal of damage that was done.
And so think of the same thing taking place in cyberspace.
Very little investment on the part of those who are interested in either stealing information,
shutting down systems or launching a critical attack against the United States.
So how are we prepared?
We've come a pretty long way.
I can tell you as Secretary of Defense, I stood up to Joint Task Force Computer Network Defense
under the leadership of General John Campbell
who I believe is sitting right out there as we speak.
And it was General Campbell who was the first commander.
He led the efforts to protect the Pentagon and DOD computer networks.
And then we had in 2004, there was a foundational piece for the U.S. Cyber Command
that was laid down with the establishment of the Joint Task Force Global Network Operation.
And who would that first commander be but General Raduege who was responsible
for identifying the end resolving, any security anomalies that affected the grid and our ability
to support the chain of command right down to the war fighter.
So at the Pentagon, when I was there we had a mantra and our mission.
We said, "Deter, defend, defeat."
And I'll tell you tonight, this is a special treat for me to be here
because the semifinals - the NCAA - are on.
And I've shut off all communication.
I don't want to know.
And you may not know this, but in my college years, my ambition -- I had 2 ambitions.
One ambition was to become a Latin professor.
The second ambition was to become a professional basketball player.
You can see there's some limitations to my ambitions except when I got to the Senate,
my colleagues used to say, "You know Cohen, you achieved your -- both of your dreams.
You continue to speak a dead language while dribbling."
But we have another -- we do have a great athlete in the audience tonight: Ken Harvey,
one of the best defensive players in the history of Redskin football.
[ Applause ]
He's now engaged in protecting cyber security as well.
And he's one that you don't want to meet on a football field.
But I will say this to everyone in this room understands this,
just playing defense is not good enough.
If you're only playing defense, be it in sports, in business
or in security, you're going to lose.
If you're always on your heels backing up, you will eventually lose.
You've got to go on the offense.
And that's what has taken place now with our Cyber Command --
the establishment of the Cyber Command in 2010.
I think President Obama who has some noted skill I guess on the basketball court -
I haven't checked it out - but I see that he plays from time
to time, but he's recognized this.
The fundamental truth that yes you have to play -- you have to deter.
And having good defenses is a deterrent in itself and you have
to defend against anticipated attacks.
But at some point and time, you've got to be able to go on the attack.
You've got to go on the offense and that's what the announcement
of Cyber Command is really all about.
The president laid out 3 things.
You've got to defend DOD and our computer networks,
you have to help defend the critical infrastructure of this country.
What's the challenge there?
All of our critical infrastructure - most of it's - in the hands of the private sector.
So now we have to formulate rules and regulations and policies which help
to integrate the federal government's efforts with the private sector with all
of the issues that are raised by that.
Of apprehension, of how to protect the information, whether or not it's going to result
in liability with shareholders if certain things aren't done that should be done, etcetera.
But recognizing that we are so intertwined from government's service
and the private sector have to work together.
So protecting that critical infrastructure in Mission Number 2.
And the third mission of course was to be able to go on the attack to be able to retaliate.
And I have to use that word advisedly because under international law,
a question of whether you retaliate or whether you
in fact are defending your national security while you're under attack.
And so if you don't realize your systems are under attack but only discover it later
and then decide to quote retaliate, are you in violation of international law?
So there are -- there's a lot of issues that have to be addressed.
The president has issued an executive order outlining some of the issues,
but we have to have Congress take action.
We have to have a comprehensive effort to identify how we can work together
in our own society and then develop the relationships with our NATO allies
and with others who also will find themselves under a similar level of attack.
General Raduege is a recognized expert in the field.
He co-chaired a study by CSIS and issued this report a couple of years ago.
And basically said, "Cyber - it's life in the 5th domain."
And what he pointed out is we have to have 3 things.
In the military, everything is done by 3.
Resilience: we have to make sure that we have a resilient capability so that if they --
any enemy or adversary shuts down one aspect of our society, we don't simply go down.
That we have enough redundancy built in.
That we remain resilient.
That we have a policy of recognition.
We have to find out as best we can who is responsible.
And then once we do that, be capable of responding or retaliating as the word may be.
Let me close with a proverb that's remained with me.
It's been said that in Africa every morning a gazelle wakes up.
And it knows it's got to run faster than the fastest lion
or it's going to be food for that lion.
When the sun comes up, the lion understands it has to run faster
than the slowest gazelle or it will starve.
But whether you're a lion or a gazelle, when the sun comes up, you've got to start running.
Those are pretty good words for us as we think about this field of the cyber threat.
We have to be up and running.
We have to have the best minds available.
And that's one of the reasons why UMUC is so important to our security.
We are training some of our best and brightest to help protect us against threats
that are here today, that will intensify tomorrow, become more complicated tomorrow
and can threaten to alter our way of life
and actually pose an existential threat to this country.
I will always remember what Churchill once said in his "Iron Curtain" speech.
In beautiful language he said, "We may one day return to the Stone Age
on the gleaming rings of science."
And the beauty of the language kind of overwhelms what he was talking about.
He was talking about a possible exchange of nuclear weapons between us and the Soviet Union.
But we may find that we can return to the Stone Age and those gleaming rings of science
without a weapon having to be fired because it will fired by an electron.
By the push of a button that sends a one and a zero that can undermine our ability
to provide food for our people, water supplies, information,
communication, the ability to survive.
So this is the mission of UMUC to provide educational opportunities for people
who will dedicate and have dedicated their lives
to protecting the national security interests of this country.
So for me to come here tonight is to once again say I'm honored by your invitation.
I can't say enough about what you're doing.
The importance of this gala to raise the funds necessary to provide an educational opportunity
for the people who we count upon to defend us.
So thank you very much and congratulations.
[ Applause ]