National Cyber Security Alliance Kick-Off
For Cyber Security Awareness Month
At the Ronald Reagan Building and International Trade Center
As Delivered by Deputy Defense Secretary William J. Lynn III
Thanks very much for including me in this event. Good morning everyone. Thank you to Secretary Napolitano, Michael Kaiser and the National Cyber Security Alliance for you leadership in this effort.
I really appreciate the opportunity to be here on the same stage as Secretary Napolitano. The last time we spoke in the same place together was on the day of our Senate confirmation hearings. This is a more positive experience.
But, I want to compliment Secretary Napolitano. Her leadership style—her no nonsense attitude—is well-known. Maybe a little less well-known, but our exploits as a former mountain climber who braved the Himalayas and climbed Mount Kilimanjaro. I think that was good training for your government career. There’s a lot of similarities— the forbidding environment, the tough climbs, the lack of oxygen. So I think it’s not surprising that you’re doing so well at Homeland Security.
I’ve also had the privilege of working with your deputy, Jane Lute for many months on the deputy’s committee meetings and I’ve enjoyed it. I think we’ve made progress. I think our homeland security is more secure. The American people are safer. All of this is due to the service of the men and women of the Department of Homeland Security and the leadership of Secretaries Napolitano and Lute and I want to thank you both.
The men and women of our two departments work together—24 hours a day, 365 days a year—to keep America safe. This includes the critical work of protecting the United States from the cyber threats that endanger our security and our prosperity.
Now, I want to be very clear at the outset. It always risks stating the obvious, but I am the Deputy Secretary of Defense. As such, my focus is on how the Department of Defense protects the Department of Defense and its military networks— the “.mil” world.
Lead responsibility for protecting federal civilian networks— the“.gov” world—belongs to the Department of Homeland Security. And that is how it should be. Likewise, responsibility for protecting our private sector networks— the “.com” world—belongs to the private sector, with the help of the Department of Homeland Security as the lead government agency and as your lead partner.
That said, I’m here today, because I think our experience is instructive. The cybersecurity challenges we face every day at the defense department—albeit on a very much larger scale than some—are not unlike those faced by your agencies, your industries, your institutions.
There’s no exaggerating our dependence on our information networks—in our case, a 21st century military that simply cannot function without them. And there’s no exaggerating the threat. It’s unprecedented in its source, its speed and its scope.
Like you, we’re facing cyber attacks from many sources— from teenage hackers to hacker activists, to organized crime to industrial spies, to foreign intelligence services. Like you, we’re seeing these assaults come at astonishing speed—not in hours or minutes, or even seconds, but in milliseconds—at network speed.
And like you, we’re dealing with the breathtaking scope of these assaults—constant attacks on our networks, most recently, the July 4 attacks that targeted government and industry, in the U.S. and in South Korea.
But our scale at the department is unique— we have hundreds of different organizations. We have 15,000 networks that are administered by 90,000 personnel. We have about 3 million employees who use 7 million computers and IT devices. But the lesson is the same: our vulnerability is shared—and so is our responsibility to address it.
We have a responsibility to collaborate within organizations. And that’s why the Department of Defense is building a culture of cybersecurity, including certifying all those administrators and training our three million employees to understand that when you log on, you’re the frontline of our cyber defenses. We’re improving our capabilities, building a national cyber range where we can develop new leap-ahead cybersecurity technologies. And we’re improving our command structure, creating a new military command— a Cyber Command—to better coordinate the day-to-day defense of our military networks.
We also have a responsibility to collaborate across organizations—across the federal government. Again, DHS has the lead responsibility for protecting federal civilian networks. But whenever DHS asks, we stand ready to help—as a partner. To rapidly share the latest threat information, DOD employees are part of the DHS-led government-wide Computer Emergency Response Team (the CERT). DHS employees help us respond to intrusions of defense networks. To strengthen our cyber defenses for the future, we participate in each other’s exercises.
And to ensure DHS has the latest technologies to protect federal networks, we share our own. Indeed, as I’ve said elsewhere, it would be unwise—indeed, irresponsible if the rest of government didn’t somehow leverage the technical expertise of the defense department, including the Defense Information Systems Agency and the National Security Agency.
Our challenge—and one we will meet—is to apply that expertise in a way that always upholds and respects civil liberties.
We have a responsibility too, to collaborate beyond government. At DOD, we’ve found innovative ways to partner with industry to protect sensitive defense information on their systems. We’re sharing more threat information. Industry is reporting more of their intrusions and we’re working together to help strengthen both of our networks. It’s a model of cooperation that we’re sharing with DHS as it partners with other parts of industry to better protect the nation’s critical infrastructure.
And I would add that we have a responsibility to collaborate with other countries. Many of the cyber attacks on U.S. networks originate overseas. Botnet attacks involve computers all over the world. Protecting ourselves will require that we address complex issues of national sovereignty and international law. But no single country can do that alone.
This, I think, is the most important message of this month—no one us can do this alone. Government agencies need other government agencies. Government needs industry— we need your ideas, yours innovations. And industry needs government—for coherent and common sense policies. And countries need other countries.
And most of all, everyone—every leader, every employee, and every government, in industry, in academia—we need to understand the vulnerabilities and the responsibilities that we share.
And while working together across so many sectors can often be a frustrating and complicated endeavor, I would leave you with this simple observation. It is only 1928. By this I mean we just marked the 100th anniversary of military aviation began in 1908. By comparison, this year marks only the 20th anniversary of the World Wide Web. In other words, in terms of cyber security, we’re still in the era of biplanes and dirigibles.
We’re still at the dawn of this information age. We still have decades of change and challenge ahead us—decades of innovations and technologies we haven’t even begun to imagine. To be sure, there will be setbacks and failures along the way. But if history is any guide, this too is a challenge we can meet together and solve together. This too is an opportunity to meet our shared responsibility to protect the American people—their security, their prosperity and their civil liberties.
That is the spirit in which I join you today. That is the spirit that the Department of Defense will bring to this challenge, now and in the years to come. And that is the spirit in which I am proud to introduce our primary partner in this and government, the Department of Homeland Security and its secretary, Secretary Napolitano.