*EPF207 10/29/2002
Text: Government, Business Must Share Responsibility on Cybersecurity
(Commerce's Bodman addresses U.S.-EU conference on information security) (1530)
Protecting the information infrastructure that supports a nation's critical economic, government and services systems is a responsibility that must be shared by governments and the private sector, according to U.S. Deputy Secretary of Commerce Samuel W. Bodman. He spoke October 28 at a U.S.-EU Information Security Forum held in Brussels, Belgium.
"We must strike the right balance between private sector leadership and government involvement," said Bodman as he explained the joint responsibilities to enhance security systems so that information infrastructure can withstand attack by international terrorists and criminals. He called information security a critical component of homeland security for the United States and other nations.
"Information security is -- and should be -- incorporated into the fabric of doing business . . . it must be an integral part of a company's strategic planning and operations, just like marketing or product development," said Bodman. "Companies must institutionalize the process of identifying critical assets, assessing their vulnerabilities and managing the risks associated with these vulnerabilities."
At the same time, Bodman said business and government must remain mindful of the need to protect civil liberties while at the same time empowering law enforcement to combat online terrorists.
The following terms are used in the text:
DSL: Digital Subscriber Line
OECD: Organization for Economic Cooperation and Development
Following are Bodman's remarks as prepared for delivery:
(begin text)
U.S. Deputy Secretary of Commerce Samuel W. Bodman
Opening Remarks for the U.S.-EU Information Security Forum
Monday, October 28, 2002
[AS PREPARED FOR DELIVERY]
Thank you Ambassador Schnabel for that introduction . . . and thank you all for participating in this timely and important Forum. I would also like to thank the European Commission, partnering industry associations, and the individual corporate sponsors for making this event possible.
It is my pleasure to welcome you on behalf of the United States Department of Commerce. Secretary of Commerce Don Evans and I see ourselves as stewards of the American free enterprise system. Our mission is quite simple: to advocate for and facilitate business in the United States . . . and between the United States and the world. We believe that in order to successfully carry out that mission we must collaborate and partner with industry and with other governments . . . and this is certainly true in the information security arena. All of us in the public and private sectors must work together to address these issues. It is not just a "good idea," it is absolutely essential . . . and you all know that, and that's why you are here today.
As demonstrated by the horrific events of the last year, the health of our economies is dependent on security - the security of our borders, our transportation systems, our mail systems, and our computer networks. At the same time, our collective security has never been more dependent on a vibrant private sector. It has become tragically clear that the ultimate goal of international terrorism is to compel us to withdraw from our global commitments and presence. By attacking our economies and our infrastructures, terrorists hope to drive us inward . . . they seek to undermine our will and compel us to abandon global engagement.
As a result, what we now call "homeland security" is fundamentally different from our traditional notions of national security. Traditional national security is largely a governmental responsibility - involving our national militaries, our intelligence communities, our strategic alliances, and our international institutions.
Homeland security, however, is a shared responsibility. It simply cannot be carried out by governments alone. Consider this compelling statistic: in the United States, the private sector owns or operates 85 percent of our critical infrastructures. Collaboration, not confrontation, is an essential ingredient to the success of securing our homeland.
Information security is a critical component of the homeland security equation. As the world is increasingly connected by the Internet, we are also more vulnerable from different directions . . . the cyber-world has no borders. Just last week, this vulnerability was evidenced by the "distributed denial of service" attack launched against the Internet root servers. While this attack did not significantly impact Internet users, it does remind us of the constant threat that cyber attacks pose.
Cybersecurity rightly has the attention of the highest levels of the U.S. government. The participation later today of Richard Clarke, Special Advisor to the President on Cybersecurity, demonstrates President Bush's commitment to our transatlantic dialogue on strengthening global infrastructure protection and increasing network security.
I know that you will also hear from U.S. Federal Trade Commissioner Orson Swindle about our efforts to increase consumer confidence in e-commerce . . . another area that demands cooperation between governments, private industry, and individual citizens. Although the U.S. government believes very strongly in the necessity of security measures to protect our citizens and our economic interests, an increased emphasis on security raises legitimate questions about civil rights protection and the role of law enforcement.
The perceived - and sometimes real - increased power of law enforcement to monitor online behavior causes some to warn that it will stifle e-commerce and infringe on our citizens' rights to privacy.
So is this a problem for the private sector or for government? Well, I think the answer is clear: both. In the U. S., protecting privacy and securing individuals' personal information is a high priority for consumers and for the federal government, and it is also a genuine concern for businesses. Consumers repeatedly cite fears that their personal information will be misused as a reason for not doing business online.
This is, of course, true in Europe as well. A Pricewaterhouse Coopers study released last year on online business-to-business procurement in Europe asked companies to identify the most important obstacle to conducting business online. The number one answer by far was concern about security, safety, and trust of online transactions.
In addressing these concerns, we must strike the right balance between private sector leadership and government involvement. President Bush has consistently advocated a policy agenda that promotes market-based solutions and encourages competition . . . and which regulates, when absolutely necessary, in a transparent and unobtrusive manner.
I would submit that security is viewed today by industry with the same concern and uncertainty that employee safety and environmental management were three decades ago. Companies - rightfully concerned with maximizing revenues in a highly competitive marketplace - worry that security measures will impose added costs, reduce the attractiveness of products, and annoy consumers. But, much like industrial manufacturers of several decades ago - be they automotive, chemical, or energy - I believe that industry is discovering that security represents a competitive advantage.
Information security is - and should be - incorporated into the fabric of doing business . . . it must be an integral part of a company's strategic planning and operations, just like marketing or product development. Companies must institutionalize the process of identifying critical assets, assessing their vulnerabilities, and managing the risks associated with these vulnerabilities. Security is essential to business assurance and continuity. It is a valuable asset, and security-minded businesses are being rewarded accordingly by purchasers and suppliers - and consumers. In short, security - like safety - is becoming a competitive metric.
We all know that in a market-based system, the private sector creates wealth. I believe - and Secretary Evans and President Bush share this view - that our job in government is to create the right environment for companies and entrepreneurs to innovate and flourish. The bottom line is that the market drives technological innovation, and the market is demanding information security. We in government can and do support that demand, but not without - or ahead of - direction from the corporate world.
Our National Strategy to Secure Cyberspace, which is currently available for public comment, was the result of collaboration with the private sector. We are looking forward to continuing a healthy, collaborative process. We want your input on that Strategy, which is open for comment until November 18th. I believe that the National Strategy is a firm step toward creating a "culture of security" - in the words of the OECD. The Strategy covers everything from securing major global IT networks to securing the DSL line that runs to your home computer. You will hear more about it later today from Mr. Clarke.
Today's session is another step in the right direction . . . you will be discussing how businesses and governments can work together to create this culture of security and e-confidence . . . you will hear from industry experts on best practices and technical solutions for securing information systems and networks . . . and you will discuss e-government initiatives underway in the U.S. and the EU.
I look forward to hearing about the results of your dialogue today. As the governments and industries of the United States and the European Union work together in this area, it is my sincere hope that our cooperation will illustrate to the world the importance of strong partnerships for promoting global security and stability.
I thank you for your time this morning . . . and for your dedication and hard work. Thank you.
(end text)
(Distributed by the Office of International Information Programs, U.S. Department of State. Web site: http://usinfo.state.gov)
Return to Public File Main Page
Return to Public Table of Contents