Where Industry and Security Intersect
What's New | Sitemap | Search
I suspect that some of you are curious as to why the Commerce Department, and in particular the Under Secretary of Commerce for Export Administration, have an interest in critical infrastructure protection. The Critical Infrastructure Assurance Office (CIAO) is part of the Bureau of Export Administration, which is responsible for monitoring the health of the country's critical technology base, among other things. In addition, as you may know, Norm Mineta, who was sworn in as Secretary of Commerce last Friday, served on the Advisory Committee to the President's Commission on Critical Infrastructure Protection.
That's the organizational explanation. But there are more important substantive reasons.
Our critical infrastructure -- now more dependent than ever on our information systems -- is the underpinning for our well-being. This infrastructure is largely owned and operated by the private sector -- by companies such as those represented here tonight.
Simply put, the further development of electronic commerce and all that comes with it is increasingly critical to our prosperity, health and safety.
Inter-dependent computer networks are an integral part of doing business in the Information Age, and our nation is increasingly dependent upon computer networks for essential services. We are moving toward a world of over one billion connected computers. New ways of doing business in the twenty-first century are rapidly evolving. Business is increasingly relying on e-commerce for its commercial transactions. Forrester Research, for example, projects that Internet commerce will grow exponentially from $8 billion in 1996 to $327 billion in 2002 -- and at the same time the business-to-business share of this commerce will grow from 64 per cent to 79 per cent.
The public sector, too, depends heavily on these infrastructures to get its business done.
We can all recognize the many benefits that the Internet and the Information Age have brought us in the past few years, not to mention the new issues and problems, and we can reasonably expect more of both in the future. Our common challenge is to measure, manage and mitigate these new risks in order to keep the problems from choking off the opportunities in front of us now.
This conference, and the Partnership as a whole, illustrate the potential for further cooperation between government and industry, and the benefits we can all realize from a cooperative approach to meeting our common goals and obligations.
As you know, the Partnership is an essential part of the Administration's overall approach to protecting our critical infrastructures. It has three main elements:
Let me expand briefly on each of these points.
With respect to the business case for effective action, I would like to stress that, despite the progress we are starting to see in addressing this problem, the need for focused efforts is growing.
Most of us in this room are aware of the dimensions of the problem we face. Year by year -- almost day by day -- our economy and society are becoming more dependent on inter-connected networks.
This issue goes far beyond today's headlines and tomorrow's hacker incidents. We do face risks to both our cyber and our physical infrastructures. In some ways the most significant of these risks is that, if we fail to act effectively, the economic transformation we are going through now--with all of its benefits and promises--will be disrupted and limited, and the potential for economic growth and prosperity will be short-circuited.
The business issue is straightforward.
In other words, as the psychiatrists always tell us, the first step towards cure is recognition of the problem. The second step, of course, is actually to do something about it, and in this case that means taking it on board as a priority at the CEO level and not just as a minor technical problem.
Protecting our critical infrastructures requires that we draw on various assets of both government and the private sector. When specific incidents or cyber events occur, the government needs the capacity to analyze available data, issue warnings, investigate the incident, and develop a case to punish the offenders. The National Information Protection Center (NIPC) and the FBI are organized to deal with such events as they occur.
This policy approach is complemented by the administration's recent proposals to toughen laws against hacking and to enable more effective enforcement in these areas.
While the Federal government's responsibility is clear with respect to a response and law enforcement capability, that is only part of the equation. With respect to prevention and the development of more comprehensive security measures, the government can best play a supporting role. The infrastructure at risk is, for the most part, owned and operated by the private sector. Inevitably, private sector companies must come together to take the steps necessary to protect themselves.
The government can help. We can identify problems and publicize them, encourage planning, promote research and development, and convene meetings such as this one. In short, we can act as a catalyst.
That is precisely the role the Critical Infrastructure Assurance Office is playing.
For instance, the CIAO coordinated the development of the National Plan for Information Systems Protection, which was announced by President Clinton on January 7, and has served as a catalyst in the creation of this Partnership.
I met with senior members of Partnership companies in December in New York and again in February to encourage business leaders to adopt information security as an important business practice.
President Clinton met in February with 25 senior executives concerned about the disruptions to the Internet. This meeting reinforced the need for further cooperation between government and industry to help the private sector develop its action agenda for cyber security, and at the same time it made clear this Administration's commitment to such cooperation.
If we are to reap the benefits of the Information Age, we need to take action to maintain a secure business environment in order to ensure both our national security and the growth of our economy.
Voluntary cooperation, in our view, is by far the best and most effective way to mobilize the talents of the private sector and address this problem effectively. The Partnership is an essential part of this effort. That is why we welcome your initiative and will work alongside you in this area. But I want to emphasize, this is your partnership and your meeting. We can participate, and we can facilitate, but at the end of the day it is your work that will determine the outcome.
In April of 2002 the Bureau of Export Administration (BXA)
changed its name to the Bureau of Industry and Security(BIS). For historical
purposes we have not changed the references to BXA in the legacy documents
found in the Archived Press and Public Information.