In one of the most serious cyber incidents to date against our military networks, several thousand computers were infected last year by malicious software — malware. And while no sensitive information was compromised, our troops and defense personnel had to give up those external memory devices — thumb drives — changing the way they used their computers every day.
And last year we had a glimpse of the future face of war. As Russian tanks rolled into Georgia, cyber attacks crippled Georgian government websites. The terrorists that sowed so much death and destruction in Mumbai relied not only on guns and grenades but also on GPS and phones using voice-over-the-Internet.
For all these reasons, it’s now clear this cyber threat is one of the most serious economic and national security challenges we face as a nation.
It’s also clear that we’re not as prepared as we should be, as a government or as a country. In recent years, some progress has been made at the federal level. But just as we failed in the past to invest in our physical infrastructure — our roads, our bridges and rails — we’ve failed to invest in the security of our digital infrastructure.
No single official oversees cybersecurity policy across the federal government, and no single agency has the responsibility or authority to match the scope and scale of the challenge. Indeed, when it comes to cybersecurity, federal agencies have overlapping missions and don’t coordinate and communicate nearly as well as they should — with each other or with the private sector. We saw this in the disorganized response to Conficker, the Internet “worm” that in recent months has infected millions of computers around the world.
This status quo is no longer acceptable — not when there’s so much at stake. We can and we must do better.
And that’s why shortly after taking office I directed my National Security Council and Homeland Security Council to conduct a top-to-bottom review of the federal government’s efforts to defend our information and communications infrastructure and to recommend the best way to ensure that these networks are able to secure our networks as well as our prosperity.
Our review was open and transparent. I want to acknowledge, Melissa Hathaway, who is here, who is the Acting Senior Director for Cyberspace on our National Security Council, who led the review team, as well as the Center for Strategic and International Studies bipartisan Commission on Cybersecurity, and all who were part of our 60-day review team. They listened to a wide variety of groups, many of which are represented here today and I want to thank for their input: industry and academia, civil liberties and private — privacy advocates. We listened to every level and branch of government — from local to state to federal, civilian, military, homeland as well as intelligence, Congress and international partners, as well. I consulted with my national security teams, my homeland security teams, and my economic advisors.