In today’s world, U.S. industry and U.S. security are inextricably linked, and the public and private sectors must jointly address economic and security issues.
As amply demonstrated by the events of the last year, the health of U.S. industry is dependent on security – the security of our borders, our transportation systems, our mail systems, and our computer networks. At the same time, our security has never been more dependent on a vibrant private sector working in partnership with government at all levels. That is why I would like to speak briefly on the relevance – and the importance – of public-private partnerships to our national security and, in particular, to our efforts to secure cyberspace.
Although we must secure cyberspace from all attacks – ranging from the rogue nation to the recreational hacker – let’s focus for a moment on what we have learned in recent years about the new targets of terrorism.
It has become quite clear that the ultimate goal of international terrorism is to compel U.S. withdrawal from our global commitments and presence. One of the important lessons from September 11 is that for many terrorists – including Osama bin Laden and al Qaeda – the targets of attack against the United States have gone beyond the physical manifestations of our country overseas – such as our armed forces or our embassies – to our domestic economy and our way of life. By attacking our economy and our infrastructures, terrorists hope to drive us inward – to undermine our national will, to compel us to abandon our global engagement, and to cause us to retreat into isolationism.
Indeed, a principal aim of the terrorists is to attack targets within the United States whose destruction or impairment could disrupt the delivery of services or the performance of functions essential to our national economy or to our government, cause large scale injury or death, or damage our national morale, prestige, or confidence. In attacking these targets, terrorists will exploit vulnerabilities wherever they can find them – whether they be in physical space or in cyberspace.
This new terrorist strategy explains why what has become known as “homeland security” is fundamentally different from traditional notions of national security. Traditional national security is largely a governmental responsibility. It involves the joint efforts of the military, the foreign policy establishment, and the intelligence community. It is carried out almost exclusively by the federal government. And it relates to defense of our airspace and national borders, as well as our military, diplomatic, and intelligence operations overseas to maintain global and regional stability.
Homeland security, however, is a shared responsibility. It cannot be carried out by the federal government alone. It requires full partnership with the private sector because the private sector owns or operates 85 percent of the nation’s critical infrastructures. In light of these considerations, effective protection of homeland security requires a national strategy – not just a federal government strategy.
Such a national strategy includes coordinated action by federal, state, and local governments, along with private industry, as well as with every citizen and resident. The strategy must clarify and, in some instances, redefine the respective roles, responsibilities, and expectations of government and private-sector owners and operators of our critical infrastructures. The strategy also must serve as a vehicle for properly informing and shaping public expectations about future terrorist threats and the roles that government, industry, and each individual must play in defending against those threats.
Today, we are presenting to the American people the first-ever National Strategy to Secure Cyberspace. The National Strategy is being released “for comment” by the nation. Providing the nation an opportunity to comment on the National Strategy underscores the importance of having broad support and commitment from the public in order to secure cyberspace.
This document – which was developed by the President’s Critical Infrastructure Protection Board – will serve as a starting point for consultations among the federal government, the private sector, and state and local governments on cyber security issues. Indeed, this strategy already reflects a considerable amount of input from the private sector. Many senior executives volunteered considerable time to this enterprise – in addition to performing their regular jobs – and were actively involved in providing input on how to secure our cyberspace. In addition, the Partnership for Critical Infrastructure Security – which is a non-profit organization consisting of over 80 companies and associations as well as federal government agencies involved in many of the infrastructure sectors – has coordinated and summarized common concerns that cut across various sectors, such as infrastructure interdependencies, gaps in research and development, and public policy challenges.
I want to emphasize that it is the strong preference of the U.S. Government – as expressed in the National Strategy – to rely on market solutions rather than regulatory mandates in addressing cyberspace security. Not only are private sector companies the predominant owners and operators of our cyberspace systems and assets, but they have enormous expertise on security matters. Our task, therefore, is to encourage and facilitate your full participation in discussions about the issues and potential solutions outlined in the National Strategy.
In the end, there is no viable alternative to partnership between the public and private sectors. Collaboration, not confrontation, is an essential ingredient to the success of securing cyberspace and our homeland. Leadership must come from both government and corporate America. And I am delighted that there are so many excellent examples of such leadership sitting in this room today. We look forward to working with those of you from the private sector and from state and local governments on further developing and refining this National Strategy.