Remarks by Condoleezza Rice at Partnership For Critical Infrastructure Annual Meetinggreenspun.com : LUSENET : Unk's Wild Wild West : One Thread |
http://politics.yahoo.com/politics/features/us_newswire/20013/0322-120.htmlRemarks by Condoleezza Rice at Partnership For Critical Infrastructure Annual Meeting
WASHINGTON, March 22 /U.S. Newswire/ -- The following are remarks by Condoleezza Rice, assistant to the President for national security affairs, at the Partnership for Critical Infrastructure annual meeting, as prepared for delivery:
U.S. CHAMBER OF COMMERCE WASHINGTON, D.C. MARCH 22, 2001
"Understanding Risk and U.S. Economic Security"
It is truly a pleasure to have this opportunity to talk with you this morning. I don't accept very many of the hundreds of speaking invitations that come across my desk. But Dick Clarke didn't have to twist my arm very hard to persuade me to come here. That's because critical infrastructure protection is a critically important issue -- one that is squarely on our radar screen at the National Security Council. The President himself is on record as stating that infrastructure protection is important "to (our) economy and (our) national security, and it will be a priority for my Administration."
Just a few years ago, this would have been a very surprising, or at least very odd-sounding statement. Certainly, the "Internet" and "cyber security" were not terms that were used a lot when I was in graduate school studying international relations, or even during my first stint at the NSC ten years ago. Today, it's not much of a stretch to say that you can't get out of bed in the morning without relying on information technology. I know from my own experience as provost at Stanford University that large institutions could not function without information technology -- it is simply ubiquitous. And it is often taken for granted -- even though it is clear we cannot afford to. Today, the cyber economy is the economy. And I don't mean the dot coms. I mean virtually every vital service -- water supply, transportation, energy, banking and finance, telecommunications, public health. All of these rely upon computers and the fiber-optic lines, switchers and routers that connect them.
Corrupt those networks, and you disrupt the nation. It is a paradox of our times: the very technology that makes our economy so dynamic and our military forces so dominating -- also makes us more vulnerable. As the President's National Security Advisor, I have to worry about that vulnerability. But each corporate CEO has to worry about the fact that a much smaller cyber attack than on the U.S. could place the very existence of your company at issue.
Our gaming exercises have told us for some time now that a few well-organized hackers could disrupt everything from our power lines to our 911 systems. And everyday it is driven home to us that the threat is not just theoretical -- whether it be a new virus that sweeps across the country or a new report like the one last week from the Computer Security Institute that told us that 85 percent of large corporations and government agencies detected security breaches in the last 12 months. Financial losses from these electronic break-ins totaled almost $400 million dollars -- a 40 percent jump from the year before. Remember too that these are only the breaches that were reported.
The government's responsibility for shoring up this vulnerability is both internal and external. Government has a direct responsibility to ensure that it can deliver its our core competencies -- like national defense and public safety. There is also a more general responsibility to ensure the smooth functioning of the economy. Government has always acknowledged a responsibility for protecting critical infrastructure, such as dams and power plants. Now that circle is enlarged to include critical information infrastructures as well.
But it is clear to anyone who gives it just a little bit of thought that meeting this challenge is not something that government can do alone. Protecting our nation's critical infrastructure can only be done in concert with private industry. Moreover, this collaborative effort needs to encompass efforts at both the federal and state levels and within and among various sectors of the economy. What we are talking about is a collaborative partnership between the public and private sectors that is unprecedented in our history. It's a unique problem and it is going to require a unique solution.
And, of course, this is what makes this Partnership -- PCIS -- so important. You have set for yourself a task of uncommon difficulty -- the task of bringing together competitors, suppliers and users to reach consensus on how to think about and how to meet a challenge that affects all three groups differently. But it is even harder than that. Because ultimately, the consensus must not include just industry, but also the Executive Branch, the Congress and the American people.
The next version of the National Plan for Critical Infrastructure Assurance -- due out this summer -- will be the first integrated plan ever produced by any nation where government and industry are the authors and architects of their future course. I applaud the work this group is doing to contribute to this effort -- particularly the infrastructure sectors' work in preparing reports for incorporation into the plan.
Right now the Administration is conducting a thorough review of our critical infrastructure protection policy. But I would like to share with you this morning a few truths about this subject that we already know.
First, we know that that no single government agency can handle critical infrastructure assurance all by itself. All agencies are stakeholders and each has a role in the solution. But it is also true that we can't have as many solutions as there are Federal agencies. We have to coordinate among the government's naturally occurring stovepipes. We have to encourage common standards. We have maximized our resources and energies by making sure they are focused instead of allowing them to be dissipated through dispersal. We also have to make sure that the Federal government's organization provides for a common point of contact that is accessible to private sector, Congress and the American people.
Second, we need to build on the progress of the private sector, including the PCIS and the Information Sharing and Analysis Centers. The Federal Government's approach should strengthen our partnership with private industry. This does not mean regulation. Here's a point where I think our experience in addressing the Y2K problem is instructive. We learned in addressing that challenge that there is a lot that government and industry can accomplish if we work together, build partnerships, share information, and encourage best practices. We should apply those lessons here.
Third, both the government and the private sector need to be prepared for the day when all our efforts won't be enough. In some ways, protecting our critical infrastructure is a classical national security problem. We want to deter action against us through prevention. Deterrence worked during the Cold War. It may not work here.
Unlike the Soviet Union, today's adversaries may not fit the classic game theory models. They may be a small, well-organized group that attacks us through a series of hop points, including neutral countries or from within the United States.
We also have to remember that the same technology that empowers us, empowers America's adversaries. And our very dominance in conventional military strength, may make those adversaries turn to unconventional battlefields such as cyberspace
In short, it is just not clear that we can count on deterrence to work in this context. That means we have to be prepared for scenarios where we have to restore and reconstitute critical operations quickly once they've been disrupted. And here again, this is not something that government can tackle on its own. We need to work hand in hand with the private sector. In short, we need you.
Finally, I think it is clear that if there was ever a challenge that called upon us to think anew -- and not be afraid to break old paradigms -- this is it. We need to think seriously about how we can build security into the next generation of IT networks -- security that is not an appendage or an afterthought, but an integral part of the network. We need to think seriously about how privacy rights and cyber security measures overlap and intersect -- not just how they conflict.
We have a big job ahead of us. But for all the differences between this national security challenge and other challenges our nation has faced in the past, I still think the similarities win out. We still need dedication to the principles of freedom that define our very nationhood. We still need decisiveness. And we still need the best thinking our nation has to offer -- both in and out of government.
Dean Acheson wrote in his memoirs of being "present at the creation" of the strategy and structures that guided our efforts to meet the challenges of what was then called the "Atomic Age." All of us here today will be able to speak of being "present at the creation" of the strategy and structures that guide our efforts to meet the challenge of the Information Age. Armed with a clear vision, a judicious temperament, and a strong heart, I trust that we will be able to conclude the narrative in a fashion that is equally satisfactory.
-- (news@of.note), March 25, 2001
Now read between the lines. Bush and his administration is asking the makers of computers to impliment something that allows the government to control and "regulate" the internet and information technology. They are even using the kind of words that would be used to encourage people and business to come together in a war effort. Master manipulators aren't they? They aren't going to us, the American people, they are going to those who have the ability to put it in the product you buy. Why would they bother to ask us, or even tell us about it. Wait till this summer when it's a done deal.WASHINGTON, March 22 /U.S. Newswire/ -- The following are remarks by Condoleezza Rice, assistant to the President for national security affairs, at the Partnership for Critical Infrastructure annual meeting, as prepared for delivery:
U.S. CHAMBER OF COMMERCE WASHINGTON, D.C. MARCH 22, 2001
"Understanding Risk and U.S. Economic Security"
It is truly a pleasure to have this opportunity to talk with you this morning. I don't accept very many of the hundreds of speaking invitations that come across my desk. But Dick Clarke didn't have to twist my arm very hard to persuade me to come here. That's because critical infrastructure protection is a critically important that is squarely on our radar screen at the National Security Council. The President himself is on record as stating that infrastructure protection is important "to (our) economy and (our) national security, and it will be a priority for my Administration."
Just a few years ago, this would have been a very surprising, or at least very odd-sounding statement. Certainly, the "Internet" and "cyber security" were not terms that were used a lot when I was in graduate school studying international relations, or even during my first stint at the NSC ten years ago. Today, it's not much of a stretch to say that you can't get out of bed in the morning without relying on information technology. I know from my own experience as provost at Stanford University that large institutions could not function without information technology -- it is simply ubiquitous. And it is often taken for granted -- even though it is clear we cannot afford to. Today, the cyber economy is the economy. And I don't mean the dot coms. I mean virtually every vital service -- water supply, transportation, energy, banking and finance, telecommunications, public health. All of these rely upon computers and the fiber-optic lines, switchers and routers that connect them.
Corrupt those networks, and you disrupt the nation. It is a paradox of our times: the very technology that makes our economy so dynamic and our military forces so dominating -- also makes us more vulnerable. As the President's National Security Advisor, I have to worry about that vulnerability. But each corporate CEO has to worry about the fact that a much smaller cyber attack than on the U.S. could place the very existence of your company at issue.Our gaming exercises have told us for some time now that a few well-organized hackers could disrupt everything from our power lines to our 911 systems. And everyday it is driven home to us that the threat is not just theoretical -- whether it be a new virus that sweeps across the country or a new report like the one last week from the Computer Security Institute that told us that 85 percent of large corporations and government agencies detected security breaches in the last 12 months. Financial losses from these electronic break-ins totaled almost $400 million dollars -- a 40 percent jump from the year before. Remember too that these are only the breaches that were reported.
The government's responsibility for shoring up this vulnerability is both internal and external. Government has a direct responsibility to ensure that it can deliver its our core competencies -- like national defense and public safety. There is also a more general responsibility to ensure the smooth functioning of the economy. Government has always acknowledged a responsibility for protecting critical infrastructure, such as dams and power plants. Now that circle is enlarged to include critical information infrastructures as well.
But it is clear to anyone who gives it just a little bit of thought that meeting this challenge is not something that government can do alone. Protecting our nation's critical infrastructure can only be done in concert with private industry. Moreover, this collaborative effort needs to encompass efforts at both the federal and state levels and within and among various sectors of the economy. What we are talking about is a collaborative partnership between the public and private sectors that is unprecedented in our history. It's a unique problem and it is going to require a unique solution.
And, of course, this is what makes this Partnership -- PCIS -- so important. You have set for yourself a task of uncommon difficulty -- the task of bringing together competitors, suppliers and users to reach consensus on how to think about and how to meet a challenge that affects all three groups differently. But it is even harder than that. Because ultimately, the consensus must not include just industry, but also the Executive Branch, the Congress and the American people.
The next version of the National Plan for Critical Infrastructure Assurance -- due out this summer -- will be the first integrated plan ever produced by any nation where government and industry are the authors and architects of their future course. I applaud the work this group is doing to contribute to this effort -- particularly the infrastructure sectors' work in preparing reports for incorporation into the plan.
Right now the Administration is conducting a thorough review of our critical infrastructure protection policy. But I would like to share with you this morning a few truths about this subject that we already know.
First, we know that that no single government agency can handle critical infrastructure assurance all by itself. All agencies are stakeholders and each has a role in the solution. But it is also true that we can't have as many solutions as there are Federal agencies. We have to coordinate among the government's naturally occurring stovepipes. We have to encourage common standards. We have maximized our resources and energies by making sure they are focused instead of allowing them to be dissipated through dispersal. We also have to make sure that the Federal government's organization provides for a common point of contact that is accessible to private sector, Congress and the American people.
Second, we need to build on the progress of the private sector, including the PCIS and the Information Sharing and Analysis Centers. The Federal Government's approach should strengthen our partnership with private industry. This does not mean regulation.
Wanna bet?
Here's a point where I think our experience in addressing the Y2K problem is instructive. We learned in addressing that challenge that there is a lot that government and industry can accomplish if we work together, build partnerships, share information, and encourage best practices. We should apply those lessons here.
Third, both the government and the private sector need to be prepared for the day when all our efforts won't be enough. In some ways, protecting our critical infrastructure is a classical national security problem. We want to deter action against us through prevention. Deterrence worked during the Cold War. It may not work here.
Unlike the Soviet Union, today's adversaries may not fit the classic game theory models. They may be a small, well-organized group that attacks us through a series of hop points, including neutral countries or from within the United States.
We also have to remember that the same technology that empowers us, empowers America's adversaries. And our very dominance in conventional military strength, may make those adversaries turn to unconventional battlefields such as cyberspace
In short, it is just not clear that we can count on deterrence to work in this context. That means we have to be prepared for scenarios where we have to restore and reconstitute critical operations quickly once they've been disrupted. And here again, this is not something that government can tackle on its own. We need to work hand in hand with the private sector. In short, we need you.
Finally, I think it is clear that if there was ever a challenge that called upon us to think anew -- and not be afraid to break old paradigms -- this is it.
We need to think seriously about how we can build security into the next generation of IT networks -- security that is not an appendage or an afterthought, but an integral part of the network. We need to think seriously about how privacy rights and cyber security measures overlap and intersect -- not just how they conflict.
We have a big job ahead of us. But for all the differences between this national security challenge and other challenges our nation has faced in the past, I still think the similarities win out. We still need dedication to the principles of freedom that define our very nationhood. We still need decisiveness. another way of saying to do something that will not be welcomed with open arms! Going against the public's wishes! And we still need the best thinking our nation has to offer -- both in and out of government.
Dean Acheson wrote in his memoirs of being "present at the creation" of the strategy and structures that guided our efforts to meet the challenges of what was then called the "Atomic Age." All of us here today will be able to speak of being "present at the creation" of the strategy and structures that guide our efforts to meet the challenge of the Information Age. Armed with a clear vision, a judicious temperament, and a strong heart, I trust that we will be able to conclude the narrative in a fashion that is equally satisfactory.
-- Cherri (jessam5@home.com), March 25, 2001.
WASHINGTON, March 22 /U.S. Newswire/ -- The following are remarks by Condoleezza Rice, assistant to the President for national security affairs, at the Partnership for Critical Infrastructure annual meeting, as prepared for delivery:U.S. CHAMBER OF COMMERCE WASHINGTON, D.C. MARCH 22, 2001
"Understanding Risk and U.S. Economic Security"
It is truly a pleasure to have this opportunity to talk with you this morning. I don't accept very many of the hundreds of speaking invitations that come across my desk. But Dick Clarke didn't have to twist my arm very hard to persuade me to come here. That's because critical infrastructure protection is a critically important that is squarely on our radar screen at the National Security Council. The President himself is on record as stating that infrastructure protection is important "to (our) economy and (our) national security, and it will be a priority for my Administration."
Just a few years ago, this would have been a very surprising, or at least very odd-sounding statement. Certainly, the "Internet" and "cyber security" were not terms that were used a lot when I was in graduate school studying international relations, or even during my first stint at the NSC ten years ago. Today, it's not much of a stretch to say that you can't get out of bed in the morning without relying on information technology. I know from my own experience as provost at Stanford University that large institutions could not function without information technology -- it is simply ubiquitous. And it is often taken for granted -- even though it is clear we cannot afford to. Today, the cyber economy is the economy. And I don't mean the dot coms. I mean virtually every vital service -- water supply, transportation, energy, banking and finance, telecommunications, public health. All of these rely upon computers and the fiber-optic lines, switchers and routers that connect them.
Corrupt those networks, and you disrupt the nation. It is a paradox of our times: the very technology that makes our economy so dynamic and our military forces so dominating -- also makes us more vulnerable. As the President's National Security Advisor, I have to worry about that vulnerability. But each corporate CEO has to worry about the fact that a much smaller cyber attack than on the U.S. could place the very existence of your company at issue.Our gaming exercises have told us for some time now that a few well-organized hackers could disrupt everything from our power lines to our 911 systems. And everyday it is driven home to us that the threat is not just theoretical -- whether it be a new virus that sweeps across the country or a new report like the one last week from the Computer Security Institute that told us that 85 percent of large corporations and government agencies detected security breaches in the last 12 months. Financial losses from these electronic break-ins totaled almost $400 million dollars -- a 40 percent jump from the year before. Remember too that these are only the breaches that were reported.
The government's responsibility for shoring up this vulnerability is both internal and external. Government has a direct responsibility to ensure that it can deliver its our core competencies -- like national defense and public safety. There is also a more general responsibility to ensure the smooth functioning of the economy. Government has always acknowledged a responsibility for protecting critical infrastructure, such as dams and power plants. Now that circle is enlarged to include critical information infrastructures as well.
But it is clear to anyone who gives it just a little bit of thought that meeting this challenge is not something that government can do alone. Protecting our nation's critical infrastructure can only be done in concert with private industry. Moreover, this collaborative effort needs to encompass efforts at both the federal and state levels and within and among various sectors of the economy. What we are talking about is a collaborative partnership between the public and private sectors that is unprecedented in our history. It's a unique problem and it is going to require a unique solution.
And, of course, this is what makes this Partnership -- PCIS -- so important. You have set for yourself a task of uncommon difficulty -- the task of bringing together competitors, suppliers and users to reach consensus on how to think about and how to meet a challenge that affects all three groups differently. But it is even harder than that. Because ultimately, the consensus must not include just industry, but also the Executive Branch, the Congress and the American people.
The next version of the National Plan for Critical Infrastructure Assurance -- due out this summer -- will be the first integrated plan ever produced by any nation where government and industry are the authors and architects of their future course. I applaud the work this group is doing to contribute to this effort -- particularly the infrastructure sectors' work in preparing reports for incorporation into the plan.
Right now the Administration is conducting a thorough review of our critical infrastructure protection policy. But I would like to share with you this morning a few truths about this subject that we already know.
First, we know that that no single government agency can handle critical infrastructure assurance all by itself. All agencies are stakeholders and each has a role in the solution. But it is also true that we can't have as many solutions as there are Federal agencies. We have to coordinate among the government's naturally occurring stovepipes. We have to encourage common standards. We have maximized our resources and energies by making sure they are focused instead of allowing them to be dissipated through dispersal. We also have to make sure that the Federal government's organization provides for a common point of contact that is accessible to private sector, Congress and the American people.
Second, we need to build on the progress of the private sector, including the PCIS and the Information Sharing and Analysis Centers. The Federal Government's approach should strengthen our partnership with private industry. This does not mean regulation.
Wanna bet?
Here's a point where I think our experience in addressing the Y2K problem is instructive. We learned in addressing that challenge that there is a lot that government and industry can accomplish if we work together, build partnerships, share information, and encourage best practices. We should apply those lessons here.
Third, both the government and the private sector need to be prepared for the day when all our efforts won't be enough. In some ways, protecting our critical infrastructure is a classical national security problem. We want to deter action against us through prevention. Deterrence worked during the Cold War. It may not work here.
Unlike the Soviet Union, today's adversaries may not fit the classic game theory models. They may be a small, well-organized group that attacks us through a series of hop points, including neutral countries or from within the United States.
We also have to remember that the same technology that empowers us, empowers America's adversaries. And our very dominance in conventional military strength, may make those adversaries turn to unconventional battlefields such as cyberspace
In short, it is just not clear that we can count on deterrence to work in this context. That means we have to be prepared for scenarios where we have to restore and reconstitute critical operations quickly once they've been disrupted. And here again, this is not something that government can tackle on its own. We need to work hand in hand with the private sector. In short, we need you.
Finally, I think it is clear that if there was ever a challenge that called upon us to think anew -- and not be afraid to break old paradigms -- this is it.
We need to think seriously about how we can build security into the next generation of IT networks -- security that is not an appendage or an afterthought, but an integral part of the network. We need to think seriously about how privacy rights and cyber security measures overlap and intersect -- not just how they conflict.
We have a big job ahead of us. But for all the differences between this national security challenge and other challenges our nation has faced in the past, I still think the similarities win out. We still need dedication to the principles of freedom that define our very nationhood. We still need decisiveness. another way of saying to do something that will not be welcomed with open arms! Going against the public's wishes! And we still need the best thinking our nation has to offer -- both in and out of government.
Dean Acheson wrote in his memoirs of being "present at the creation" of the strategy and structures that guided our efforts to meet the challenges of what was then called the "Atomic Age." All of us here today will be able to speak of being "present at the creation" of the strategy and structures that guide our efforts to meet the challenge of the Information Age. Armed with a clear vision, a judicious temperament, and a strong heart, I trust that we will be able to conclude the narrative in a fashion that is equally satisfactory.
-- aarrrgg! (weoquih@euhbf.com), March 25, 2001.
THEY ARE JUST A BUNCH OF NAZI'S! HEIL CZAR BUSH!!!!!!!!!
-- I didn't close my tags on purpose (pretty@lame.huh?), March 25, 2001.
off?
-- (font@off.?), March 25, 2001.
Bold off
-- (Bold@off.too), March 25, 2001.
So what? What I wanna know is, is she good in bed?
-- I like that gap in her font teeth (cutiepie@nsa.gov), March 25, 2001.
Even though I "tested" my post befor posting, I still messed up and wanted my selected points to be highlighted.The reason? Because, if you read the wording correctly, you will find that our freedoms of information are going to be taken away. This is a set-up, they are acting like we are at war to justify security measures that will limit our privacy and right to access the information that is available to us now via the internet. That is why they are appealing to business, attempting to convince them that it id=s for their own safety as well as the safety of government security. WE, as individuals, will not find out about it until it is already a done deal.
Has ANYONE heard about this National Plan for Critical Infrastructure Assurance?
I thought not.
We will not even be given a choice about it either.We need to think seriously about how we can build security into the next generation of IT networks -- security that is not an appendage or an afterthought, but an integral part of the network. We need to think seriously about how privacy rights and cyber security measures overlap and intersect-- not just how they conflict.
It is being done without our knowledge. By the time it is implimented, it will be too late to do anything to stop it.
These things are being done fast and secretly. If they were socially acceptable, they would be in the open.
-- Cherri (jessam5@home.com), March 25, 2001.