U.S. Deputy Secretary Of Commerce Rebecca Blank Delivers Remarks At Cybersecurity Workshop

PRESS RELEASE

Today, U.S. Deputy Secretary of Commerce Rebecca Blank delivered remarks at the first in a series of cybersecurity workshops that are part of efforts to implement President Obama's Executive Order on Improving Critical Infrastructure Cybersecurity. The workshops are part of a broader effort by the Commerce Department's National Institute of Standards and Technology (NIST) to develop a voluntary framework for reducing the nation's vulnerability to cyber risks. Throughout the day, industry will have the opportunity to participate in a series of panel discussions with experts, ask questions, and provide feedback on the framework, including best practices.

In her address, the Deputy Secretary highlighted the need for industry partnership and input to ensure that America's businesses are aware of evolving cybersecurity threats and proactive in adopting best practices to protect themselves and our economy. White House Cybersecurity Coordinator Michael Daniel, Under Secretary for Standards and Technology and NIST Director Patrick Gallagher, and U.S. Department of Homeland Security Deputy Secretary Jane Holl Lute also delivered remarks at the event.

###

Remarks as Prepared for Rebecca Blank, U.S. Deputy Secretary of Commerce

Good morning, everyone. Welcome to the Commerce Department and thank you for being here for today's important dialogue.

Nearly two months ago in this room, we announced the President's Executive Order on improving cybersecurity for critical infrastructure.

As we have all seen in the news, concern about cybersecurity threats and risks has continued to grow. Clearly, this is one of the most critical issues facing both our nation's security and our nation's economy in the 21st century.

Protecting America's businesses and infrastructure from attacks is crucial to ensuring that our economy will keep growing.

The question is "How can we do that?" To which the only viable answer is "Together." That's what today's discussions are all about.

The good news is this: Many innovative approaches to cybersecurity challenges already exist in businesses and organizations around the country.

I'm sure that some of you here today have implemented cybersecurity enhancements in your firms and perhaps even in your industry groups and associations.

Sharing and spreading those ideas and approaches more broadly has never been more important.

The Executive Order directs the Commerce Department's National Institute of Standards and Technology – NIST – to develop a voluntary program – a Framework – that will promote best practices at critical infrastructure facilities.

To build this Framework, we need to hear from industry about the best practices and standards that should be included.

As many of you know, NIST has a century-long track record of close and successful partnerships with industry, tackling a large number of complex scientific and engineering challenges.

For example, we worked with some of the firms represented here today to develop voluntary frameworks for Smart Grid interoperability and security, as well as health IT.

Today, NIST Director Patrick Gallagher and his team are eager to hear more about how we can collaborate effectively and nimbly across many sectors. We want to hear from you.

What are you doing now to reduce cybersecurity risks? What are the threats that you face? And what threats do you anticipate in the near future? How can the marketplace for new technologies and services best meet your cybersecurity needs? And how can we continue to grow this partnership in the months and years ahead?

The input we receive today will add to written comments that we are receiving in response to our recent Request for Information. In that RFI, we asked how people like you currently manage cyber risk, what standards and policies you use, and what challenges you face.

Those responses are due Monday, and we look forward to that input as well.

As NIST analyzes those responses and begins to develop a Framework, we will continue to host more public workshops like this one throughout the country – sharing and refining ideas along the way.

And we will move quickly because the first draft of the Framework is due in just eight months.

The long-term goal is to develop a living framework that adapts as the risks "out there" change, and that relies on industry-developed standards to help businesses and organizations know when and where they might be behind the curve.

Constant awareness of both evolving threats as well as technological advances in cybersecurity must become the norm.

Again – and I can't emphasize this enough – the success of this effort is largely dependent on industry involvement. You are the ones who can help empower owners and operators of critical infrastructure – and others – to make the best possible decisions in cybersecurity.

Once the framework is published, the Department of Homeland Security will create a voluntary program for its implementation in critical infrastructure areas such as water, electric, nuclear and transportation.

In fact, a little later, you will hear from DHS Deputy Secretary, Jane Lute, who will talk about how DHS is implementing its responsibilities under the Executive Order and the Presidential Policy Directive. I believe she will also discuss how DHS is building a process to allow increased threat-sharing information with industry.

And while DHS builds these programs, NIST will continually receive input from industry leaders and the public to ensure that the Framework remains both current and flexible.

More immediately – and also as part of the Executive Order – the departments of Commerce, Treasury and Homeland Security are required to report to the President on the most effective incentives to encourage even more companies to get involved with the Framework.

To that end, I'm pleased to say that the Commerce Department just issued a Notice of Inquiry. We're asking for opinions from you and other stakeholders on what incentives might work best.

I'm sure that we will get comments in areas ranging from tax incentives, to liability protections, and much more. Public comments are open until April 27, and I want to thank you in advance for your insights.

In closing, now more than ever, we need your commitment and your leadership to help protect American businesses and America's infrastructure.

The President understands that this will take a whole of government approach – an approach that draws from the most advanced ideas, the strongest efforts, and the best practices in our intelligence, security, law enforcement, and economic agencies. And he knows that government cannot and should not do it alone.

We must work hand-in-hand with all of you to ensure that America's businesses will be both aware of cybersecurity problems and proactive in adopting best practices to protect themselves and our economy.

Today's program will help build this public-private partnership. You have a great lineup of speakers and panelists who reflect a diverse cross-section of sectors and expertise areas.

To get us started, we are going to hear from White House Cybersecurity Coordinator Michael Daniel. As you may know, he and the National Security Staff at the White House worked tirelessly to ensure that a broad set of stakeholder views were reflected as the Executive Order came together. He will talk about cross-government implementation of the E.O.

So, thank you all for coming. I hope you have a wonderful and productive day. Now please welcome one of the nation's leaders on national security and cybersecurity issues – Michael Daniel.