United States Department of Defense United States Department of Defense

Deputy Secretary of Defense Speech

Press Operations Bookmark and Share


Keynote Address by Deputy Secretary of Defense Ashton Carter to the RSA Conference

As Delivered by Deputy Secretary of Defense Ashton B. Carter, San Francisco, California, Tuesday, February 28, 2012

Good morning.  Good morning to you all.  Let me begin my expressing my thanks to RSA and Art Coviello -- a good friend and adviser -- and to all of you, and especially those of you who do work for our department -- for the Department of Defense -- thank you for what you do for us.  And for those of you who more broadly support the mission of securing the Internet, thank you for that also.

This was great, to watch these guys who came in front of me, because I wrote a technical book about 20 years ago on communications systems.  And of course, it has a chapter on cryptography in it and footnotes to some of the gentlemen who just left the -- left the stage.  So that was wonderful to see all of them.

To bring things more up to date, I just got back from Afghanistan on Saturday, where despite some setbacks recently with the Quran burning incident, we are doing such a miraculous job and our people and our allies and our Afghan partners are doing such a miraculous job bringing security to that country. 

And you can go into any tactical operations center at any level -- company level and above -- in Afghanistan today, and maybe some of you have been there, and everybody is working collaboratively using the Internet.  Whether they're American forces, doesn't matter which branch of the armed forces, us and our NATO and other ISAF allies there in Afghanistan, or even with the Afghan security forces -- the whole thing is enabled by the technology that you all represent and secure. 

And the key there is trust, because these people aren't just trusting their livelihoods, they're trusting their lives themselves to the information that they see on the screen.  So it makes a very big deal to us in the Department of Defense to be able to rely upon the industry that you represent.  And I thank you for that.

We as a country are beginning -- just beginning now -- a long march to true security on the Internet.  We don't have it now.  I'm obviously here with the perspective of the Department of Defense, but the president, President Obama, and my boss, who's Secretary of Defense Panetta, Chairman of the Joint Chiefs of Staff Marty Dempsey, Secretary of Homeland Security Janet Napolitano, Director Mueller -- FBI Director Mueller -- who I think is going to be here tomorrow -- and others all have a national perspective.

It really is a presidential priority to address this issue.  And so I'm pleased to work with people like John Brennan and so forth in the White House, trying to get our act together as a country and as a government in this area -- not an easy thing to do. 

From our point of view in defense, we basically see and perceive and feel and are acting on three dangers.  The first is assault on our own networks -- we feel it every day -- our own networks, classified and unclassified, and also the networks of the defense industry that supports us.  That's our problem.  We recognize it, and we know how to deal with it.

But the second thing is the critical civil infrastructure upon which we depend.  That we don't control directly, but we are directly dependent upon it.  And we want to play a role in securing it as well.  And the third threat we face is the theft of intellectual property, not only defense-related intellectual property but a wide variety of intellectual property of importance to this country, and it's part of the legacy of innovation that we have here. 

In these latter two respects, as I said earlier, we're just beginning a march -- a long march to security.  And you, in this room, play a central role in that march.  You're trying to make a business out of what will inevitably be required, which is greater security than we now have.  And recognizing that as I do and as you do, in that respect, we are partners in this march. 

It's difficult to embark on this march, because the market, both economic and political, undervalues security at the moment -- doesn't see it, doesn't fully get it.  But this is wrong; this is a mistake.  I think what Director Mueller might say to you tomorrow -- at least, I've heard him say before -- is that cyber will overtake terrorism as the persistent, gnawing, constantly-at-us kind of threat and danger.  So that attitude that undervalues security is wrong, and I'm afraid events will soon prove it wrong.  But it is wrong. 

At the national level, we need to take some steps.  And we're trying to, but we need your help, we need your support.  First of all, I'd ask you to look favorably upon and support legislation in Congress this year addressing this critical mission.  It's substantively meaningful legislation; there are areas of variance -- one in particular that we're supporting substantively meaningful, but it's also going to bring a lot of people into the picture who now aren't in the picture.  So it's a debate worth having and a war worth winning -- legislative war worth winning. 

What does it do?  It does some things that seem obvious to us, but that are tricky in practice.  It enables the government to share threat information with the private sector without any charges of favoritism or excessive control.  It enables private sector parties to report intrusions to the government without exposing themselves to liability or giving government unwarranted access to our private communication -- I used the word "enables" there -- doesn't compel, enables -- enables private sector-to-private sector sharing about cyber threats without liability or any trust concerns. 

It requires -- and this is a requirement, but it's a requirement that many states make now, and that this would make more uniform than the many different requirements at the state levels that now exist -- require critical infrastructure owners -- not IT infrastructure per se, not IT infrastructure per se -- but critical infrastructure owners to report intrusions to the government, specifically to the Department of Homeland Security -- something that comes with their being critical.  With being critical comes that responsibility; that's reflected in the legislation.  But I think it was drafted in such a way that it recognizes that this can't be done by diktat, but is something that's going to be developed -- the actual regulations to do this -- developed cooperatively with the critical infrastructure owners.  But we must go down this path, because they are critical.

So these are the things the legislation does.  As I said, they're not particularly surprising to anybody in this room, but they're essential.  And they're significant barriers -- they overcome significant barriers legislatively.  They therefore warrant your support.  And they're just the first, but the first in essential steps on, as I said, a long march that remains to be mapped out.  We're mindful of how long that is.  We're mindful of how small the steps are, really, that we're taking initially.  We're mindful of unintended consequences.  But march we must, and we ask you to come with us.

That brings me to the Defense Department role, which is the heart of my job -- the DOD role.  In DOD we have six missions that touch on cyber or that are essentially cyber in nature.  The first is to develop, deploy and prepare to employ cyber techniques as weapons of war.  Second is to prepare the battlefield for the employment of such weapons.  The third is to conduct defense intelligence over the Internet, which we do.  The fourth, as I said earlier, is to defend our own classified and unclassified networks upon which we increasingly depend at the tactical, operational and strategic levels.

Fifth is to use DOD's weight and resources, and especially the National Security Agency, to improve the nation's stock of technology and tools so the U.S. remains the pre-eminent power in cyberspace; and to make these tools available to homeland security, to law enforcement, to intelligence and to other users -- including our industrial partners -- through such mechanisms as the enduring security framework, which is a government-industry forum with some of the leading companies in this field for sharing that knowledge and sharing that tradecraft; and finally, when called upon, to provide military support to civil authorities for protecting the national infrastructure.  That's what we do.

And I'll just tell you that we've just gone through, over the last couple of months, the largest adjustment our department's had to make in more than a decade to the realities and the compulsion of the Budget Control Act.  This required us to remove from our plans for the next 10 years no less than half a trillion dollars from those plans -- as I said, the largest adjustment we've had to make in a -- in more than a decade in the defense budget.

And I can just tell you that at no time in the deliberations with the president, or the secretary of defense, or the joint chiefs, or our combatant commanders or any of us in the department -- no time, no moment in all those deliberations was it even considered to make cuts in our cyber expenditures -- not even considered.

And in fact, we are continuing to increase our investments in cyber.  And I would say that would -- we would -- if we could find more worthy investments to make, we would be willing to make more.  The investments are now at the level of several billion, a lot of money, but there -- we would make room for more if we could find worthy investments to make.  So we never even considered -- ships, planes, ground forces, lots of other things on the cutting room floor; not cyber.  So that's a priority for us.

And the second thing that's a priority is, as I said earlier, to continue to be the first-est with the most-est in this field technologically.  And that means to continue to support innovation in this field, in cryptography, in other techniques -- just like NSA, as I mentioned earlier, when I was in my 20s, was involved in the birthing of some of the cryptographic techniques that are in widespread use today.  And of course we were involved in birthing the Internet itself.

So supporting innovations; secondly, providing a platform -- or a range, as we call them -- for the experimentation and testing of cyber technology, offensive and defensive; and third, very importantly, being an early adopter of emerging technologies in cyber defense.  We do that

because we can take the long view.  We make investments that are risky or whose payoff is longer term.  We're able to do that; that's a traditional way in which the Department of Defense has fostered innovation.  And that's something that we're going to continue to do in this field.  We have a history here, and we're going to continue it. 

So as a department, we're deeply involved, deeply committed to this.  We feel very deeply about our responsibility to defend this country.  And that explains, for us -- and in this I speak for Secretary Panetta and chairmen -- the other leadership in the department -- our real sense of urgency about cyber and our willingness, indeed eagerness, to be part of -- be a leading part of, where appropriate, the march to cybersecurity that we're all just beginning.

So I ask you to join us in that.  I thank you for those of you who are already doing that.  And I appreciate that you expect us to be involved and to be leaders in this field.  We feel that responsibility; we share that responsibility.  And your being here today and your giving me the opportunity to be with you is a sign of that.  So thank you all very much. 

And by the way, if you want to read that book I mentioned at the beginning you can still do it.  You may be one of the possessors of the -- one of the rare unsigned copies of Ash Carter's book on communications technology, but it's still out there.  I can't get the royalties anymore, so have at it.  It's a Brookings Press book.  Thank you all very much.

Most Recent Speeches


As Delivered by Deputy Secretary of Defense Bob Work, Washington Convention Center, Washington, DC


As Delivered by Deputy Secretary of Defense Bob Work, RAND Corporation, Arlington, VA


As Delivered by Secretary of Defense Ash Carter, Berlin, Germany


As Delivered by Secretary of Defense Ash Carter, National Museum of the Marine Corps


As Prepared for Delivery by Deputy Secretary of Defense Bob Work, Naval Postgraduate School, Monterey, CA


As Delivered by Secretary of Defense Ash Carter, Washington, D.C.


As Delivered by Secretary of Defense Ash Carter, Pentagon Auditorium


As Delivered by Secretary of Defense Ash Carter, Washington, DC


As Delivered by Deputy Secretary of Defense Bob Work, Pentagon Hall of Heroes


As Delivered by Secretary of Defense Ash Carter, Singapore

Additional Links

Stay Connected