Tip:
Highlight text to annotate it
X
[ Music ]
>> Good morning, everyone.
Thank you, Madam Secretary, for that nice introduction.
I'm pleased to be here with so many of you, and it's great
to see the...the auditorium full again.
The last time I was here, we were actually rolling
out the Executive Order, so it's really exciting
to be at this point.
As the Secretary said, when we were doing the prep work
for the Executive Order and we were trying to get it together,
we did a lot of outreach
and listening sessions with industry.
And when I was at RSA a couple of...at the end of February,
several of the people that we had talked with during
that process came up to me and said, not only did you listen
to us, but you managed to figure out how
to make a lot of this work ON us.
And what the Secretary said is really quite true.
This is...this effort is only going to succeed not just
with the participation of industry,
but with the enthusiastic leadership of industry.
It's going to require everybody's effort in order
to get where we want to go.
Now at RSA, I spoke about the new normal environment
that we're living in where cybersecurity threats are
increasingly broad, they're more sophisticated,
and they're dangerous.
As I said then, this cyber environment is not really
about the Hollywood vision of "cybergeddon."
It's not about massive power outages or trains grinding
to a halt everywhere, but it is about things
that are really quite troubling.
Persistent intrusions, violations of privacy,
theft of business information, and degradation and denial
of service to legitimate entities trying to do business,
are getting their message out on the Internet.
That's the new normal environment
that we're living in.
And a lot of what this Executive Order is designed to do is
to try to address that new normal--
to raise the baseline level of our cybersecurity
across the country so that we can...so
that we can address the threats
that are there in the new normal.
And the administration, as you can see in the Executive Order,
we see a clear government role in assisting owners
and operators of critical infrastructure in their efforts
to prevent and manage cyber threats.
That means we're going
to be sharing a lot more actionable information with you.
For example, we've shared hundreds of thousands
of signatures and indicators with the private sector
and over 100 nations just in the past six months.
In the Executive Order, we committed
to redoubling on that effort.
As we're talking about here today,
the core...another core piece of that effort is
to create the framework of baseline,
well-understood cybersecurity capabilities.
A recent report assessed that over 90 percent
of reported data breaches were avoidable through simple-
or intermediate-level security measures.
We really need to make the bad guys work a lot harder
to try...to get...to do what they are trying to do.
[chuckle] We need to partner with you
and leverage our collective experience and knowledge
to get the framework done not just on time,
but done in a manner that is usable and effective.
I think the frame...I see the framework
of practices developed here will become the core comp practices
that many companies already have in place,
but we'd like to see these core practices spread and...more
consistently and wider across the critical infrastructure.
Now, the development of the framework is just a start.
As Deputy Secretary Lute will talk about, there will have
to be a...they will...they are charged
with creating a voluntary program to promote the adoption
of the practices identified in the framework and looking
at leveraging incentives where possible
to further incentivize adoption.
Finally, I would just...in closing,
I would say that we also know that the development
of this framework and the processes going
on in the Executive Order are just a down payment,
and they're just one tool that we need
to improve the cybersecurity of our critical infrastructure.
We are seeking congressional action in this space
to make sure that we firmly embed and incorporate privacy
and civil liberty safeguards into all aspects
of cybersecurity, that we strengthen our nation's critical
infrastructure cybersecurity
by further increasing information sharing--
particularly from the private sector back to the government--
and by promoting the adoption of the framework
and the standards even more broadly,
updating the federal laws
that govern how we do our own security inside the federal
government, giving law enforcement the tools
to fight crime in the digital age,
and harmonizing data breach notification requirements.
So I just wanted to close by saying thank you.
Thank you for all of your time and effort
that you're putting into this.
It's absolutely critical in order to make it a success,
and I look forward to continuing to engage with you
over the next eight months as we come
to agreement on the framework.
Thank you very much.
[applause]