Secretary of Defense Ashton B. Carter unveiled the Pentagon’s new cybersecurity strategy before a Stanford audience Thursday, saying the United States would defend the nation using cyber warfare and calling for a renewed partnership with Silicon Valley.

Carter, the first sitting secretary of defense to speak on the Stanford campus in two decades, warned cyber criminals that Washington considers a cyber attack against the homeland or American businesses and citizens like any other threat to national security.

“Adversaries should know that our preference for deterrence and our defensive posture don’t diminish our willingness to use cyber options if necessary,” he told the audience at CEMEX Auditorium. “And when we do take action – defensive or otherwise, conventionally or in cyberspace – we operate under rules of engagement that comply with domestic and international law.”

Carter, who has a doctorate in theoretical physics, has strong ties to technology. He knows that as he takes the helm at the Pentagon, digital innovators and cyber criminals are trying to outpace one another at breakneck speeds. A strong partnership between military strategist and technologists would establish an unbeatable pact, he said.

The secretary was a senior partner at Global Technology Partners, where he advised major investment firms on technology and defense. He acknowledges the boundless transformation of technology and the opportunities and prosperity that it has brought to all sectors of American society.

But, he added: “The same Internet that enables Wikipedia also allows terrorists to learn how to build a bomb. And the same technologies we use to target cruise missiles and jam enemy air defenses can be used against our own forces – and they’re now available to the highest bidder.”

This is why, he said, the Pentagon must rebuild the bridge between Washington and Silicon Valley. “Renewing our partnership is the only way we can do this right.” Carter was building on President Barack Obama’s cybersecurity policies outlined by the president at the White House Summit on Cybersecurity and Consumer Protection at Stanford earlier this year. 

Carter was the Payne distinguished visitor at the Freeman Spogli Institute for International Studies and a distinguished visiting fellow at the Hoover Institution until he was sworn in as the 25th secretary of defense in February.

Carter’s speech was delivered as the annual Drell Lecture for Stanford’s Center for International Security and Cooperation (CISAC).

The lecture is named for theoretical physicist and arms control expert Sidney Drell, the center’s co-founder, a senior fellow at Hoover and former director of the SLAC National Accelerator Laboratory. Drell and former Secretary of Defense William J. Perry – a FSI senior fellow and consulting professor at CISAC – were both mentors to Carter and he thanked them at length before his formal policy speech. (Read here.)

"Secretary Carter is the first sitting secretary of defense to speak in Silicon Valley in 20 years," said CISAC Co-Director and Hoover senior fellow Amy Zegart, who led a Q&A session with Carter at the end of his talk. "This was an historic day, with the unveiling of DoD's new cyber strategy, and we are honored that Stanford could play a part. Cybersecurity is one of the toughest international security challenges of our time, and we are dedicated to playing a leading role in bringing together policymakers, scholars, and industry leaders to develop the new technologies, talent, and ideas that our nation requires."

Image

As Carter was speaking, the Department of Defense released online its new cyber strategy based on three primary missions: To defend the Pentagon’s networks; to defend the United States and its interests against cyber attacks of “significant consequences”; and to provide integrated cyber capabilities to support military operations and contingency plans.

“The cyber threat against U.S. interests is increasing in severity and sophistication,” Carter said. “While the North Korean cyber attack on Sony was the most destructive on a U.S. entity so far, this threat affects us all. Just as Russia and China have advanced cyber capabilities and strategies ranging from stealthy network penetration to intellectual property theft, criminal and terrorist networks are also increasing their cyber operations. Low-cost and global proliferation of malware have lowered barriers to entry and made it easier for smaller malicious actors to strike in cyberspace.”

The cyber strategy calls for a 6,200-strong Cyber Mission Force of military, civilian and defense contractors, with 133 cyber protection and combat teams in action by 2018.

“These are the talented individuals who hunt down intruders, red-team our networks and perform the forensics that help keep our systems secure,” Carter said.

And the Pentagon is creating a new “point of partnership” in the Silicon Valley called the Defense Innovation Unit X.

“The first-of-its-kind unit will be staffed by an elite team of active-duty and civilian personnel, plus key people from the Reserves, where some of our best technical talent resides,” he said, adding the unit would scout for breakthrough and emerging technologies and potentially help startups find new ways to work with the military.

The Pentagon will establish a branch of the U.S. Digital Service, the outgrowth of the technical team that helped rescue the beleaguered healthcare.gov site, which collapsed when the Affordable Care Act was implemented.

Herb Lin, a senior research scholar for cyber policy and security at CISAC and a research fellow at Hoover, said the concept was particularly noteworthy. “He’s asking technologists to take a tour of duty helping the DoD by working on some important technical problems. I heartily endorse this vision.”

Lin said the new DoD cyber strategy that was released online is also notable for its openness about the role of the Pentagon’s offensive cyber capabilities.

“It’s been an open secret for a long time that DoD has these capabilities, but by discussing them more forthrightly than any defense secretary has done before, Dr. Carter has done a real public service,” Lin said. “And the announcement of the new strategy will spark much needed conversations among policymakers and researchers about what should be done with these capabilities.”

Lin – chief scientist for the Computer Science and Telecommunications Board, National Research Council of the National Academies before coming to Stanford earlier this year – was also impressed by how open Carter was about wanting to repair relations with Silicon Valley. Those have been frosty at best since the Edward Snowden revelations.

“That will be a hard task, but you have to start somewhere, and Carter is quite tech-savvy, so if anyone can make headway, he can,” Lin said.

The secretary was slated to visit Facebook after his speech and meet with tech leaders on Friday. Not only does he hope to make amends, but to enlist their support in countering the threat of cyber attacks and ensuring the military has the technology it needs.

Carter revealed that earlier this year, sensors that guard the Pentagon’s unclassified networks detected what they believed were Russian hackers. After investigating, they discovered an old vulnerability in one of the DoD’s legacy networks that hadn’t been patched. But they caught it and kicked off the hackers within 24 hours.

He said the incident had not been made public until now.

“Shining a bright light on such intrusions can eventually benefit us all, government and business alike,” he said. “As secretary of defense, I believe that we at the Pentagon must be open, and think, as I like to say, outside our five-sided box.”

After his speech, the secretary took questions from the Stanford and Twitter audiences in a session moderated by Zegart.

One of those questions from Twitter asked why young Stanford computer scientists or technologists from the valley would want to join the cyber teams at the Pentagon.

“Because we have the most exciting problems you can have in technology,” he said. “And they’re consequential – they matter.”

Image

All Photos by Rod Searcey.

U.S. Navy Adm. Cecil D. Haney, the U.S. Strategic Command commander, hosted CISAC Co-Directors David Relman and Amy Zegart as well as CISAC faculty and fellows at Offutt Air Force Base in Nebraska on March 30-31, 2015, to promote military-to-university cooperation and innovation, and provide a better understanding of USSTRATCOM’s global missions.

The visit follows Haney’s trip to Stanford last year, during which he held seminars and private meetings with faculty, scholars and students to discuss strategic deterrence in the 21st century. Those discussions focused on reducing the U.S. nuclear weapons stockpile while maintaining an effective deterrent, the integration of space and cyberspace in nuclear platforms and the congested, contested and competitive operating environment in space.

“Developing and maintaining partnerships with security experts from the private sector and academic institutions like CISAC enables USSTRATCOM to view the strategic environment from a different perspective and adjust our decision calculous accordingly,” Haney said. “We are excited about this unique opportunity to exchange ideas and share information with this prestigious organization.” 

Haney opened the discussions by presenting a command mission brief, in which he described USSTRATCOM’s nine Unified Command Plan-assigned missions, his priorities as commander and his ongoing effort to build enduring relationships with partner organizations to exchange ideas and confront the broad range of global strategic challenges.

Zegart, who is also a senior fellow at Stanford’s Hoover Institution, said getting to see and experience how USSTRATCOM operates first-hand was “an eye opener.”

“It’s one thing to think about deterrence, it’s another to live it,” she said. “When you go to each other’s neighborhoods, you gain a better understanding of where each side is coming from … and that’s enormously important to us in how we think about deterrence and what we can do to help USSTRATCOM and its mission.”

“These kinds of exchanges have cascade effects on young people; how they think about civil-military relations [and] how they understand what our military is doing,” she added.

Image

The delegation also received a tour of USSTRATCOM’s global operations center and held discussions with subject matter experts on strategic deterrence, cyber responsibility and nuclear modernization.

“As a cybersecurity fellow, it was fascinating to visit the global operations center and the battle deck to see the role that cybersecurity and information technology plays in the strategic deterrence mission,” said Andreas Kuehn, a CISAC pre-doctoral cybersecurity fellow from Switzerland. “At CISAC, we often discuss deterrence from a theoretical perspective, so it was very insightful to hear from people who work in [this field] and see how they deal with deterrence in an operational manner.”

The two-day visit concluded with an open discussion, during which CISAC and USSTRATCOM members discussed the most effective means to share information, plan future engagements and continue working to build on the mutually beneficial relationship between the two organizations.

“Sometimes people talk [about strategic issues] in the abstract and it becomes difficult to understand what is happening on the ground and in the real world,” Kuehn said. “I think [USSTRATCOM] took extra steps to keep the conversations open and concrete.”

USSTRATCOM is one of nine Department of Defense unified combatant commands charged with strategic deterrence, space operations, cyberspace operations, joint electronic warfare, global strike, missile defense, intelligence, surveillance and reconnaissance, combating weapons of mass destruction, and analysis and targeting.

Former U.S. Sen. Mark Udall gained notoriety for his vocal opposition to National Security Agency surveillance programs in the wake of the Edward Snowden disclosures of June 2013.

Before losing his seat in the mid-term elections last year, the senior senator from Colorado had become one of the staunchest critics of the U.S. spy agency for conducting massive, warrantless data grabs on millions of Americans without their knowledge.

Even before the Snowden leaks, Udall had warned on the Senate floor in 2011 that the Patriot Act was being interpreted in a way to allow domestic surveillance activities that many members of Congress and the American public do not understand.

"Americans would be alarmed if they knew how this law is being carried out," he told fellow senators before he introduced amendments to the Patriot Act that would have secured tougher privacy mechanisms. The act was renewed without the amendments.

Udall – who served on the Senate's Intelligence and Armed Services committees – will be in conversation with Center for International Security and Cooperation Co-Director Amy Zegart Thursday, April 2, at 7:30 p.m. in CEMEX Auditorium as part of Stanford's Security Conundrum lecture series. The event is open to the public but an RSVP is required by 5 p.m. April 1.

The special series has brought together nationally prominent experts this academic year to explore the critical issues raised by the NSA's activities, including their impact on security, privacy and civil liberties. The series ends April 10 with a public conversation with Judge Reggie Barnett Walton, former presiding judge of the Foreign Intelligence Surveillance Court, known as the FISA court.

The Foreign Intelligence Surveillance Act of 1978 empowered the FISA court to oversee government requests for surveillance of foreign intelligence agencies. During its existence, the court has granted more than 30,000 warrants; it has denied only 11.

Walton, in conversation with Stanford Law School Professor Jenny Martinez, will explain the role that the secretive institution attempts to play in maintaining the balance between civil liberties and national security.

"We're delighted to end the Security Conundrum series with a view from Congress and the courts," said Zegart, who is also a senior fellow at the Hoover Institution. "Holding serious campus-wide conversations about issues of national importance is an essential part of the Stanford experience."

Zegart said CISAC and Hoover would conduct a similar series on international cybersecurity challenges in the coming academic year.

Udall, the third speaker in the series, also advocated for the declassification of the Senate Intelligence Committee's study on the CIA's enhanced interrogation program. The post-9/11 program allowed the government to ship suspected terrorists to secret overseas prisons and subject them to waterboarding and other torture techniques.

Gen. Michael Hayden, the former director of the NSA and CIA who has defended the government surveillance programs, kicked off the Security Conundrum series in October. In that talk, he said the metadata collection "is something we would never have done on Sept. 9 or Sept. 10. But it seemed reasonable after Sept. 11. No one is doing this out of prurient interests. No – it as a logical response to the needs of the moment."

The second speaker in the series, journalist Barton Gellman, gave a detailed account of his relationship with former NSA contractor Snowden and how he worked with him to reveal the details of the NSA's global and domestic surveillance programs.

One of the first Snowden revelations, Gellman said, was the top-secret PRISM surveillance program, in which the NSA tapped into the servers of nine large U.S. Internet companies, including Google, Microsoft, Yahoo and Facebook. Snowden said he believed the extent of mass data collection on American citizens was far greater than what the public knew.

The PRISM program allows the U.S. intelligence community to gain access from the tech companies to a wide range of digital information, including audio, video chats, photographs, emails and stored data, that enables analysts to track foreign targets. The program does not require individual warrants, but instead operates under the broad authorization of the FISA court.

"I asked him very bluntly, 'Why are you doing this?'" Gellman said of Snowden.

"He gave me very persuasive and consistent answers about his motives. Whatever you think of what he did or whether or not I should have published these stories, I would claim to you that all the evidence supports his claim that he had come across a dangerous accumulation of state power that the people needed to know about."

Stanford senior Sarah Kunis said she and other CISAC honors students were introducing themselves to some senior White House advisors when President Barack Obama walked in the room.

“I couldn’t stop my jaw from dropping,” said Kunis. It was honor enough to have an hourlong  sit-down with National Security Advisor Susan Rice, Senior Advisor to the President Valerie Jarrett, and Homeland Security Advisor Lisa Monaco.

The CISAC Honors Students spend their senior year working on theses that focus on critical international security issues. They were eager to get the chance to talk to the three powerful Washington advisors.

The students had just been in the audience to hear Obama address a large Stanford and Silicon Valley gathering at the White House Summit on Cybersecurity and Consumer Protection on Feb. 13. They were then taken to a conference room in the same auditorium where Obama spoke.

“I was surprised to see Susan Rice’s nameplate, so I thought she was who the invitation referred to, but there was an empty chair with no nameplate, between her and Jarrett,” recalled Patrick Cirenza, another CISAC honors student and a research assistant for retired U.S. Gen. Jim Mattis, a visiting fellow at the Hoover Institution.

Then Obama walked in the room. The students were stunned – and nervous.

“I remember how sweaty my palms were,” said Cirenza. “I already had a visceral reaction seeing him at the podium so you can only imagine being in the same room with him. His presence fills the room.”

Taylor Grossman, another CISAC honors student whose thesis looks at the incentives and payoffs of warning the public about terrorist threats, said the conversation started off with Obama asking them whether they might consider careers that would protect the digital domain.

“But then we branched out and talked about a lot of different things,” she said. “The situation in Syria, public warning systems, education, the civil-military divide. It was really a whole range of issues.”

Before being joined by Jarrett and Rice, the students spoke with Cheri Caddy, director for cybersecurity outreach and integration in the National Security Council, for about an hour.

“We asked her pretty frank questions about cybersecurity, North Korea … defensive and offensive capabilities, and getting students interested in the field,” said Grossman. “She was quite candid and provided her own opinions.”

Grossman is a research assistant for CISAC Co-Director Amy Zegart, who is also a senior fellow at Hoover and garnered a shout-out from the president during his keynote address, thanking her for helping to convene the summit.

Jarrett talked to the students about sexual assault on campus. It was the second time the honors students had met the Stanford alumna; they first met her during their two-week Honors College in Washington, D.C. before the start of their senior year.

Obama initially directed the conversation, focusing on cybersecurity. He then opened it up for questions on any topic.

CISAC Honors Students take a selfie before President Obama addresses the White House Summit on Cybersecurity and Consumer Protection, Feb. 13, 2015.

“I told him I thought we are in the 1950s nuclear stage now with regards to cyber-deterrence,” he said. The president disagreed.

“He said, ‘That’s interesting, but I don’t think it’s the case, since there are gradations with cyber wars whereas nuclear warfare is more black and white.’”

Grossman asked the president about the role of the National Terrorism Advisory System, which replaced the color-coded Homeland Security system, and whether he envisioned a scenario in which the government would have to use it.

“He and Lisa Monaco focused on specific warning systems, which was interesting to me,” she said.

The topic turned to Syria when the president noticed that Kunis had brought along a copy of U.N. Ambassador Samantha Power’s book, “A Problem From Hell: America and the Age of Genocide.”

“I asked why we are not intervening in Syria and why we are not fulfilling our Right to Protect (R2P) obligation,” said Kunis. “President Obama said that the situation there was heartbreaking and that everyone looked at the problem to figure out what we should do to stop the suffering, while evaluating our interests. We cannot intervene without having a plan for the future – and we can’t overthrow governments.”

Cirenza said Obama noted that there are routine calls to intervene in Syria, but few to intervene in other nations, such as the Democratic Republic of Congo, where more than 5.4 million people have died from conflict-related causes since a civil war erupted in the central African nation in 1998.

President Obama also shared his view that he doesn't believe the United States would have been locked into the Iraq and Afghanistan wars as long as it has if there were a mandatory national draft in place. He asked students what they thought of instituting such a draft.

Almost none thought it a good idea.

Overall, the students said, it was the most incredible day of their Stanford careers“It’s going to be hard to look forward to much else,” said Cirenza, who now has adjustments to make to his honors thesis. “Pretty much downhill from here. Thanks, Obama.” 

Joshua Alvarez is a 2012 Stanford graduate and was a CISAC honors student.

11:33 A.M. PST

THE PRESIDENT:  Hello, Stanford!  (Applause.)  Thank you so much.  Thank you.  Thank you, everybody.  Have a seat.  Have a seat.

AUDIENCE MEMBER:  Yes, we can!

THE PRESIDENT:  Yes, we can!  (Applause.)

First of all, let me thank President Hennessy for not just the introduction but for your outstanding leadership at one of the great universities of the world.  (Applause.)  I’ve got to admit, like, I kind of want to go here.  (Laughter and applause.)  I was trying to figure out why it is that a really nice place like this is wasted on young people -- (laughter) -- who don’t fully appreciate what you got.  It’s really nice.  And everybody here is so friendly and smart, and it’s beautiful.  And what’s there not to like?

I want to thank you and everyone at Stanford for hosting this summit, especially Amy Zegart, George Triantis, and someone who served as a great advisor to me at the White House and as an outstanding ambassador to Russia before coming back to The Farm -- Mike McFaul.  (Applause.)

It is great to be here at Leland Stanford Junior University.  And I’m pleased to be joined by members of my team who bleed Cardinal red.  We’re infiltrated with Stanford people.  We’ve got Senior Advisor Valerie Jarrett, National Security Advisor Susan Rice, Secretary of Commerce Penny Pritzker.  (Applause.)  And, let’s face it, I like Stanford grads.  I noticed Steve Chu was around here, who helped lead our Energy Department for a while.  (Applause.)  And he’s now hanging out.  I’m also pleased to be joined by other members of my Cabinet -- our Secretary of Homeland Security Jeh Johnson is here, and our Small Business Administrator, Maria Contreras-Sweet.  And I want to acknowledge my tireless Homeland Security Advisor who helped, and continues to shape, our cybersecurity efforts -- Lisa Monaco.  (Applause.)  Thank you, Lisa.  

So I’d always heard about this campus, and everybody is riding bikes, and people hopping into fountains -- (laughter) -- and the current holder of The Axe.  (Applause.)  This is the place that made “nerd” cool.  (Laughter.)  I was thinking about wearing some black-rimmed glasses, some tape in the middle, but I guess that’s not what you do anymore.  Ambassador McFaul told me if I came to Stanford, you’d “talk nerdy to me.”  (Laughter.)       

But I’m not just here to enjoy myself.  As we gather here today, America is seeing incredible progress that we can all be proud of.  We just had the best year of job growth since the 1990s.  (Applause.)  Over the past 59 months, our businesses have created nearly 12 million new jobs, which is the longest streak of private sector job growth on record.  And in a hopeful sign for middle-class families, wages are beginning to rise again.

And, meanwhile, we’re doing more to prepare our young people for a competitive world.  Our high school graduation rate has hit an all-time high.  More Americans are finishing college than ever before.  Here at Stanford and across the country, we’ve got the best universities, we’ve got the best scientists, the best researchers in the world.  We’ve got the most dynamic economy in the world.  And no place represents that better than this region.  So make no mistake, more than any other nation on Earth, the United States is positioned to lead in the 21st century. 

And so much of our economic competitiveness is tied to what brings me here today, and that is America’s leadership in the digital economy.  It’s our ability -- almost unique across the planet -- our ability to innovate and to learn, and to discover, and to create, and build, and do business online, and stretch the boundaries of what’s possible.  That’s what drives us.  And so when we had to decide where to have this summit, the decision was easy, because so much of our Information Age began right here, at Stanford.  

It was here where two students, Bill Hewlett and Dave Packard, met and then, in a garage not far from here, started a company that eventually built one of the first personal computers, weighing in at 40 pounds.  (Laughter.)  It was from here, in 1968, where a researcher, Douglas Englebart, astonished an audience with two computers, connected “online,” and hypertext you could click on with something called a “mouse.” 

A year later, a computer here received the first message from another computer 350 miles away -- the beginnings of what would become the Internet.  And, by the way, it’s no secret that many of these innovations built on government-funded research is one of the reasons that if we want to maintain our economic leadership in the world, America has to keep investing in basic research in science and technology.  It's absolutely critical.  (Applause.)

So here at Stanford, pioneers developed the protocols and architecture of the Internet, DSL, the first webpage in America, innovations for cloud computing.  Student projects here became Yahoo and Google.  Those were pretty good student projects.  (Laughter.)  Your graduates have gone on to help create and build thousands of companies that have shaped our digital society -- from Cisco to Sun Microsystems, YouTube to Instagram, StubHub, Bonobos.  According to one study, if all the companies traced back to Stanford graduates formed their own nation, you’d be one the largest economies in the world and have a pretty good football team as well.  (Laughter and applause.)

And today, with your cutting-edge research programs and your new cyber initiatives, you’re helping us navigate some of the most complicated cyber challenges that we face as a nation.  And that’s why we’re here.  I want to thank all of you who have joined us today -- members of Congress, representatives from the private sector, government, academia, privacy and consumer groups, and especially the students who are here.  Just as we’re all connected like never before, we have to work together like never before, both to seize opportunities but also meet the challenges of this Information Age. 

And it’s one of the great paradoxes of our time that the very technologies that empower us to do great good can also be used to undermine us and inflict great harm.  The same information technologies that help make our military the most advanced in the world are targeted by hackers from China and Russia who go after our defense contractors and systems that are built for our troops.  The same social media we use in government to advocate for democracy and human rights around the world can also be used by terrorists to spread hateful ideologies.  So these cyber threats are a challenge to our national security. 

Much of our critical infrastructure -- our financial systems, our power grid, health systems -- run on networks connected to the Internet, which is hugely empowering but also dangerous, and creates new points of vulnerability that we didn’t have before.  Foreign governments and criminals are probing these systems every single day.  We only have to think of real-life examples -- an air traffic control system going down and disrupting flights, or blackouts that plunge cities into darkness -- to imagine what a set of systematic cyber attacks might do.  So this is also a matter of public safety.

As a nation, we do more business online than ever before -- trillions of dollars a year.  And high-tech industries, like those across the Valley, support millions of American jobs.  All this gives us an enormous competitive advantage in the global economy.  And for that very reason, American companies are being targeted, their trade secrets stolen, intellectual property ripped off.  The North Korean cyber attack on Sony Pictures destroyed data and disabled thousands of computers, and exposed the personal information of Sony employees.  And these attacks are hurting American companies and costing American jobs.  So this is also a threat to America’s economic security.

As consumers, we do more online than ever before.  We manage our bank accounts.  We shop.  We pay our bills.  We handle our medical records.  And as a country, one of our greatest resources are the young people who are here today --digitally fearless and unencumbered by convention, and uninterested in old debates.  And they’re remaking the world every day.  But it also means that this problem of how we secure this digital world is only going to increase. 

I want more Americans succeeding in our digital world.  I want young people like you to unleash the next waves of innovation, and launch the next startups, and give Americans the tools to create new jobs and new businesses, and to expand connectivity in places that we currently can't imagine, to help open up new world and new experiences and empower individuals in ways that would seem unimaginable 10, 15, 20 years ago. 

And that’s why we’re working to connect 99 percent of America’s students to high-speed Internet -- because when it comes to educating our children, we can’t afford any digital divides.  It’s why we’re helping more communities get across to the next generation of broadband faster, with cheaper Internet, so that students and entrepreneurs and small businesses across America, not just in pockets of America, have the same opportunities to learn and compete as you do here in the Valley.  It’s why I’ve come out so strongly and publicly for net neutrality, for an open and free Internet -- (applause) -- because we have to preserve one of the greatest engines for creativity and innovation in human history.

So our connectivity brings extraordinary benefits to our daily lives, but it also brings risks.  And when companies get hacked, Americans’ personal information, including their financial information, gets stolen.  Identity theft can ruin your credit rating and turn your life upside down.  In recent breaches, more than 100 million Americans had their personal data compromised, including, in some cases, credit card information.  We want our children to go online and explore the world, but we also want them to be safe and not have their privacy violated.  So this is a direct threat to the economic security of American families, not just the economy overall, and to the wellbeing of our children, which means we’ve got to put in place mechanisms to protect them.

So shortly after I took office, before I had gray hair -- (laughter) -- I said that these cyber threats were one of the most serious economic national security challenges that we face as a nation, and I made confronting them a priority.  And given the complexity of these threats, I believe we have to be guided by some basic principles.  So let me share those with you today.

First, this has to be a shared mission.  So much of our computer networks and critical infrastructure are in the private sector, which means government cannot do this alone.  But the fact is that the private sector can’t do it alone either, because it’s government that often has the latest information on new threats.  There’s only one way to defend America from these cyber threats, and that is through government and industry working together, sharing appropriate information as true partners. 

 Second, we have to focus on our unique strengths.  Government has many capabilities, but it’s not appropriate or even possible for government to secure the computer networks of private businesses.  Many of the companies who are here today are cutting-edge, but the private sector doesn’t always have the capabilities needed during a cyber attack, the situational awareness, or the ability to warn other companies in real time, or the capacity to coordinate a response across companies and sectors.  So we’re going to have to be smart and efficient and focus on what each sector does best, and then do it together.

Third, we’re going to have to constantly evolve.  The first computer viruses hit personal computers in the early 1980s, and essentially, we’ve been in a cyber arms race ever since.  We design new defenses, and then hackers and criminals design new ways to penetrate them.  Whether it’s phishing or botnets, spyware or malware, and now ransomware, these attacks are getting more and more sophisticated every day.  So we’ve got to be just as fast and flexible and nimble in constantly evolving our defenses. 

And fourth, and most importantly, in all our work we have to make sure we are protecting the privacy and civil liberty of the American people.  And we grapple with these issues in government.  We’ve pursued important reforms to make sure we are respecting peoples’ privacy as well as ensuring our national security.  And the private sector wrestles with this as well.  When consumers share their personal information with companies, they deserve to know that it’s going to be protected.  When government and industry share information about cyber threats, we’ve got to do so in a way that safeguards your personal information.  When people go online, we shouldn’t have to forfeit the basic privacy we’re entitled to as Americans.

In recent years, we’ve worked to put these principles into practice.  And as part of our comprehensive strategy, we’ve boosted our defenses in government, we’re sharing more information with the private sector to help those companies defend themselves, we’re working with industry to use what we call a Cybersecurity Framework to prevent, respond to, and recover from attacks when they happen.

And, by the way, I recently went to the National Cybersecurity Communications Integration Center, which is part of the Department of Homeland Security, where representatives from government and the private sector monitor cyber threats 24/7.  And so defending against cyber threats, just like terrorism or other threats, is one more reason that we are calling on Congress, not to engage in politics -- this is not a Republican or Democratic issue -- but work to make sure that our security is safeguarded and that we fully fund the Department of Homeland Security, because it has great responsibilities in this area.

So we’re making progress, and I’ve recently announced new actions to keep up this momentum.  We’ve called for a single national standard so Americans know within 30 days if your information has been stolen.  This month, we’ll be proposing legislation that we call a Consumer Privacy Bill of Rights to give Americans some baseline protections, like the right to decide what personal data companies collect from you, and the right to know how companies are using that information.  We’ve proposed the Student Digital Privacy Act, which is modeled on the landmark law here in California -- because today’s amazing educational technologies should be used to teach our students and not collect data for marketing to students.

And we’ve also taken new steps to strengthen our cybersecurity -- proposing new legislation to promote greater information sharing between government and the private sector, including liability protections for companies that share information about cyber threats.  Today, I’m once again calling on Congress to come together and get this done.

And this week, we announced the creation of our new Cyber Threat Intelligence Integration Center.  Just like we do with terrorist threats, we’re going to have a single entity that’s analyzing and integrating and quickly sharing intelligence about cyber threats across government so we can act on all those threats even faster.

And today, we’re taking an additional step -- which is why there’s a desk here.  You were wondering, I'm sure.  (Laughter.)  I’m signing a new executive order to promote even more information sharing about cyber threats, both within the private sector and between government and the private sector.  And it will encourage more companies and industries to set up organizations -- hubs -- so you can share information with each other.  It will call for a common set of standards, including protections for privacy and civil liberties, so that government can share threat information with these hubs more easily.  And it can help make it easier for companies to get the classified cybersecurity threat information that they need to protect their companies.

I want to acknowledge, by the way, that the companies who are represented here are stepping up as well.  The Cyber Threat Alliance, which includes companies like Palo Alto Networks and Symantec, are going to work with us to share more information under this new executive order.  You’ve got companies from Apple to Intel, from Bank of America to PG&E, who are going to use the Cybersecurity Framework to strengthen their own defenses.  As part of our BuySecure Initiative, Visa and MasterCard and American Express and others are going to make their transactions more secure.  Nationstar is joining companies that are giving their companies [customers] another weapon to battle identity theft, and that's free access to their credit scores. 

And more companies are moving to new, stronger technologies to authenticate user identities, like biometrics -- because it’s just too easy for hackers to figure out usernames and passwords, like “password.”  (Laughter.)  Or “12345 -- (laughter) -- 7.”  (Laughter.)  Those are some of my previous passwords.  (Laughter.)  I've changed them since then.  (Applause.)  

So this summit is an example of what we need more of -- all of us working together to do what none of us can achieve alone.  And it is difficult.  Some of the challenges I’ve described today have defied solutions for years.  And I want to say very clearly that, as somebody who is a former constitutional law teacher, and somebody who deeply values his privacy and his family’s privacy -- although I chose the wrong job for that -- (laughter) -- but will be a private citizen again, and cares deeply about this -- I have to tell you that grappling with how government protects the American people from adverse events while, at the same time, making sure that government itself is not abusing its capabilities is hard. 

The cyber world is sort of the wild, wild West.  And to some degree, we're asked to be the sheriff.  When something like Sony happens, people want to know what can government do about this.  If information is being shared by terrorists in the cyber world and an attack happens, people want to know are there ways of stopping that from happening.  By necessity, that means government has its own significant capabilities in the cyber world.  But then people, rightly, ask, well, what safeguards do we have against government intruding on our own privacy?  And it's hard, and it constantly evolves because the technology so often outstrips whatever rules and structures and standards have been put in place, which means that government has to be constantly self-critical and we have to be able to have an open debate about it.  

But we’re all here today because we know that we're going to have to break through some of these barriers that are holding us back if we are going to continue to thrive in this remarkable new world.  We all know what we need to do.  We have to build stronger defenses and disrupt more attacks.  We have to make cyberspace safer.  We have to improve cooperation across the board.  And, by the way, this is not just here in America, but internationally -- which also, by the way, makes things complicated because a lot of countries don't necessarily share our investment -- or our commitment to openness, and we have to try to navigate that.

But this should not be an ideological issue.  And that’s one thing I want to emphasize:  This is not a Democratic issue, or a Republican issue.  This is not a liberal or conservative issue.  Everybody is online, and everybody is vulnerable.  The business leaders here want their privacy and their children protected, just like the consumer and privacy advocates here want America to keep leading the world in technology and be safe from attacks.  So I’m hopeful that through this forum and the work that we do subsequently, that we're able to generate ideas and best practices, and that the work of this summit can help guide our planning and execution for years to come.

After all, we are just getting started.  Think about it.  Tim Berners-Lee, from his lab in Switzerland, invented the World Wide Web in 1989, which was only 26 years ago.  The great epochs in human history -- the Bronze Age, Iron Age, Agricultural Revolution, Industrial Revolution -- they spanned centuries.  We’re only 26 years into this Internet Age.  We’ve only scratched the surface.  And as I guess they say at Google, “The future is awesome.”  (Laughter.)  We haven’t even begun to imagine the discoveries and innovations that are going to be unleashed in the decades to come.  But we know how we’ll get there.

Reflecting on his work in the 1960s on ARPANET, the precursor of the Internet, the late Paul Baran said this:  “The process of technological developments is like building a cathedral.  Over the course of several hundred years, new people come along and each lays down a block on top of the old foundations, each saying, ‘I built the cathedral.’  And then comes along an historian who asks, ‘Well, who built the cathedral?’”  And Baran said, “If you’re not careful, you can con yourself into believing that you did the most important part.  But the reality is that each contribution has to follow on to previous work.  Everything is tied to everything else.”

Everything is tied to everything else.  The innovations that first appeared on this campus all those decades ago -- that first mouse, that first message -- helped lay a foundation.  And in the decades since, on campuses like this, in companies like those that are represented here, new people have come along, each laying down a block, one on top of the other.  And when future historians ask who built this Information Age, it won’t be any one of us who did the most important part alone.  The answer will be, “We all did, as Americans.”

And I’m absolutely confident that if we keep at this, if we keep working together in a spirit of collaboration, like all those innovators before us, our work will endure, like a great cathedral, for centuries to come.  And that cathedral will not just be about technology, it will be about the values that we’ve embedded in the architecture of this system.  It will be about privacy, and it will be about community.  And it will be about connection.  What a magnificent cathedral that all of you have helped to build.  We want to be a part of that, and we look forward to working with you in the future.

Thank you for your partnership.  With that, I’m going to sign this executive order.  Thank you.  (Applause.)

                                      END                12:03 P.M. PST