[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[infowar.de] Government, Business Must Share Responsibility on Cybersecurity Opening Remarks for the U.S.-EU Information Security Forum
Government, Business Must Share Responsibility on Cybersecurity
(Commerce's Bodman addresses U.S.-EU conference on information security)
Protecting the information infrastructure that supports a nation's
critical economic, government and services systems is a responsibility
that must be shared by governments and the private sector, according to
U.S. Deputy Secretary of Commerce Samuel W. Bodman. He spoke October 28
a U.S.-EU Information Security Forum held in Brussels, Belgium.
"We must strike the right balance between private sector leadership and
government involvement," said Bodman as he explained the joint
responsibilities to enhance security systems so that information
infrastructure can withstand attack by international terrorists and
criminals. He called information security a critical component of
security for the United States and other nations.
"Information security is -- and should be -- incorporated into the
of doing business . . . it must be an integral part of a company's
strategic planning and operations, just like marketing or product
development," said Bodman. "Companies must institutionalize the process
identifying critical assets, assessing their vulnerabilities and
the risks associated with these vulnerabilities."
At the same time, Bodman said business and government must remain
of the need to protect civil liberties while at the same time empowering
law enforcement to combat online terrorists.
The following terms are used in the text:
DSL: Digital Subscriber Line
OECD: Organization for Economic Cooperation and Development
Following are Bodman's remarks as prepared for delivery:
U.S. Deputy Secretary of Commerce Samuel W. Bodman
Opening Remarks for the U.S.-EU Information Security Forum
Monday, October 28, 2002
[AS PREPARED FOR DELIVERY]
Thank you Ambassador Schnabel for that introduction . . . and thank you
all for participating in this timely and important Forum. I would also
like to thank the European Commission, partnering industry associations,
and the individual corporate sponsors for making this event possible.
It is my pleasure to welcome you on behalf of the United States
of Commerce. Secretary of Commerce Don Evans and I see ourselves as
stewards of the American free enterprise system. Our mission is quite
simple: to advocate for and facilitate business in the United States . .
and between the United States and the world. We believe that in order
successfully carry out that mission we must collaborate and partner with
industry and with other governments . . . and this is certainly true in
the information security arena. All of us in the public and private
sectors must work together to address these issues. It is not just a
"good idea," it is absolutely essential . . . and you all know that, and
that's why you are here today.
As demonstrated by the horrific events of the last year, the health of
economies is dependent on security - the security of our borders, our
transportation systems, our mail systems, and our computer networks. At
the same time, our collective security has never been more dependent on
vibrant private sector. It has become tragically clear that the ultimate
goal of international terrorism is to compel us to withdraw from our
global commitments and presence. By attacking our economies and our
infrastructures, terrorists hope to drive us inward . . . they seek to
undermine our will and compel us to abandon global engagement.
As a result, what we now call "homeland security" is fundamentally
different from our traditional notions of national security. Traditional
national security is largely a governmental responsibility - involving
national militaries, our intelligence communities, our strategic
alliances, and our international institutions.
Homeland security, however, is a shared responsibility. It simply cannot
be carried out by governments alone. Consider this compelling
in the United States, the private sector owns or operates 85 percent of
our critical infrastructures. Collaboration, not confrontation, is an
essential ingredient to the success of securing our homeland.
Information security is a critical component of the homeland security
equation. As the world is increasingly connected by the Internet, we
also more vulnerable from different directions . . . the cyber-world has
no borders. Just last week, this vulnerability was evidenced by the
"distributed denial of service" attack launched against the Internet
servers. While this attack did not significantly impact Internet users,
it does remind us of the constant threat that cyber attacks pose.
Cybersecurity rightly has the attention of the highest levels of the
government. The participation later today of Richard Clarke, Special
Advisor to the President on Cybersecurity, demonstrates President Bush's
commitment to our transatlantic dialogue on strengthening global
infrastructure protection and increasing network security.
I know that you will also hear from U.S. Federal Trade Commissioner
Swindle about our efforts to increase consumer confidence in e-commerce
=2E . another area that demands cooperation between governments, private
industry, and individual citizens. Although the U.S. government
very strongly in the necessity of security measures to protect our
citizens and our economic interests, an increased emphasis on security
raises legitimate questions about civil rights protection and the role
The perceived - and sometimes real - increased power of law enforcement
monitor online behavior causes some to warn that it will stifle
and infringe on our citizens' rights to privacy.
So is this a problem for the private sector or for government? Well, I
think the answer is clear: both. In the U. S., protecting privacy and
securing individuals' personal information is a high priority for
consumers and for the federal government, and it is also a genuine
for businesses. Consumers repeatedly cite fears that their personal
information will be misused as a reason for not doing business online.
This is, of course, true in Europe as well. A Pricewaterhouse Coopers
study released last year on online business-to-business procurement in
Europe asked companies to identify the most important obstacle to
conducting business online. The number one answer by far was concern
about security, safety, and trust of online transactions.
In addressing these concerns, we must strike the right balance between
private sector leadership and government involvement. President Bush
consistently advocated a policy agenda that promotes market-based
solutions and encourages competition . . . and which regulates, when
absolutely necessary, in a transparent and unobtrusive manner.
I would submit that security is viewed today by industry with the same
concern and uncertainty that employee safety and environmental
were three decades ago. Companies - rightfully concerned with
revenues in a highly competitive marketplace - worry that security
measures will impose added costs, reduce the attractiveness of products,
and annoy consumers. But, much like industrial manufacturers of several
decades ago - be they automotive, chemical, or energy - I believe that
industry is discovering that security represents a competitive
Information security is - and should be - incorporated into the fabric
doing business . . . it must be an integral part of a company's
planning and operations, just like marketing or product development.
Companies must institutionalize the process of identifying critical
assets, assessing their vulnerabilities, and managing the risks
with these vulnerabilities. Security is essential to business assurance
and continuity. It is a valuable asset, and security-minded businesses
being rewarded accordingly by purchasers and suppliers - and consumers.
In short, security - like safety - is becoming a competitive metric.
We all know that in a market-based system, the private sector creates
wealth. I believe - and Secretary Evans and President Bush share this
view - that our job in government is to create the right environment for
companies and entrepreneurs to innovate and flourish. The bottom line
that the market drives technological innovation, and the market is
demanding information security. We in government can and do support
demand, but not without - or ahead of - direction from the corporate
Our National Strategy to Secure Cyberspace, which is currently available
for public comment, was the result of collaboration with the private
sector. We are looking forward to continuing a healthy, collaborative
process. We want your input on that Strategy, which is open for comment
until November 18th. I believe that the National Strategy is a firm
toward creating a "culture of security" - in the words of the OECD. The
Strategy covers everything from securing major global IT networks to
securing the DSL line that runs to your home computer. You will hear
about it later today from Mr. Clarke.
Today's session is another step in the right direction . . . you will be
discussing how businesses and governments can work together to create
culture of security and e-confidence . . . you will hear from industry
experts on best practices and technical solutions for securing
systems and networks . . . and you will discuss e-government initiatives
underway in the U.S. and the EU.
I look forward to hearing about the results of your dialogue today. As
the governments and industries of the United States and the European
work together in this area, it is my sincere hope that our cooperation
will illustrate to the world the importance of strong partnerships for
promoting global security and stability.
I thank you for your time this morning . . . and for your dedication and
hard work. Thank you.
HSFK Hessische Stiftung f=FCr Friedens- und Konfliktforschung
PRIF Peace Research Institute Frankfurt
Leimenrode 29 60322 Frankfurt a/M Germany
Tel +49 (0)69 9591 0422 Fax +49 (0)69 5584 81
- hsfk -
Mail an infowar -
- infopeace -
de mit "unsubscribe" im Text.