Department of Commerce Cyber Security Symposium
July 27, 2010

"The following is Senator Mikulski's speech on cyber security at the Department of Commerce Cyber Security Symposium

"Good morning everybody. I’m delighted to be here.

"I would like to congratulate Secretary Locke and Dr. Gallagher for convening this symposium on cyber security in the commercial domain.

"Once again, it’s going to be the Commerce Department that helps create the path forward to be sure that we have a safer country and a stronger economy by being a smarter government in how we work with the private sector.

"I’m here because, as Secretary Locke said, I chair the Commerce, Justice and Science Appropriations Subcommittee. So while the authorizers may think policy, I’m the one that puts the funds in the federal checkbook and who can decide who gets the job done.

"I’m going to talk about cyber security today and absolutely what it can determine: the future of the United States of America and our standing in the world, both from a security standpoint and an economic standpoint.

"I’m no Janie-come-lately who is new to this issue. My concern on cyber security began exactly 39 months ago. I remember it quite vividly. It was April 30th, 2007. I was sitting in the Intelligence Committee, which has a room, kind of like an underground bunker, at the Capitol where we are sealed in something like bubble wrap.

"There I was, reading the classified documents on the latest intel assessments around the world. One assessment caught my eye. It described a barrage of cyber attacks, a Web war attacking one of our newest members of NATO, Estonia. It was attacking its banking sector. It was threatening people’s way of life. It was being used to intimidate Estonia’s national security.

"As I read it, I was filled with a chill. I thought, Is this the beginning of a global NATO cyber war? Are we going to have to trigger Article V of the NATO charter, which says an attack on one is an attack on all? The ramifications were enormous, and at that point I knew that cyber security was an issue of the future, an issue for the United States of America, and an issue important for our NATO allies.

"I got involved in it immediately with my staff and the Intel Committee. Later in discussing it with the President of Estonia, it was really the United States and our allies, particularly the United Kingdom, that helped Estonia that day. But we knew we were in a new cyber world war.

"Cyber security today isn’t the obscure issue of three years ago. It’s something that affects us all, whether it’s someone booking a ticket on a cruise line, or FBI Director Mueller who almost fell prey to cyber attacks in his personal business with something called a spear phishing scam.

"Three years ago I wouldn’t have known what a spear phishing scam was. I would have thought that it was something happening in Florida or when he went to visit the Galapagos. I didn’t realize that it was happening right here. Now we all know it’s trendy to talk about zero-day attacks, strategic weapon wars, cyber logic-bombs, malware, and also because it is now, “trendy,” everybody wants to get in on cyber security. But we are concerned that need to have a clear path forward.

"My role in cyber security stems from both my deep commitment to this country and my committee assignments in the Senate. I am on the Intelligence Committee. I’m also on the Appropriations Committee, where I am a member of the DOD Appropriations Subcommittee, which funds 80 percent of America’s intelligence efforts. I also am Chairwoman of the Commerce, Justice, Science Appropriations Subcommittee, which funds the Commerce Department’s cyber concerns, including NIST, and law enforcement agencies like the Federal Bureau of Investigation.

"On the Intelligence Committee, I’m a member of a bipartisan Cyber Security Taskforce made up of Senator Whitehouse, Senator Snowe and myself. As we work on our taskforce it is very clear that there are four issues that affect us. First is governance - Who is in charge? Well, I think that’s a little mushy. We have a very talented Cyber Czar in Howard Schmidt. We have a Cyber Commander in General Alexander. There’s the need of other cyber leaders in our civilian agencies and I think we need clarification about who is in charge. But what we also noted is that there have to be civilian gateways for the private sector to be able to get important advice, technical assistance and ideas from the federal government.

"The other big issue is technological development - How do we maintain our qualitative edge. How do we make sure we maintain our cyber shields, our cyber locks and our cyber vaults in terms of securing our information?

"Another is workforce development - Where are we going to get the cyber security workforce, both in the civilian and government domain? How are we going to train and equip them? Right now there is no cohesive national strategy for that.

"And finally, the protection of our civil liberties and our privacy issues. Our task force is working on all of these.

"We cannot do anything in the United States government to protect and defend the United States government and its critical assents without the private sector. The private sector is both the solution, and simultaneously, is also the target of cyber attacks. I’m on the side of the private sector and I want to work with you to make the sure the private sector gets the best it can out of its government.

"In terms of the private sector being a target, we know that we will be helping protect your proprietary information, your personal data, the new ideas and the intellectual private property against cyber espionage. The private sector is the source of technological innovation and ingenuity. You’re going to develop the new ideas and are going to come up with the new products that are going to protect the United States of America and its dot-com world, as well as dot-mil, and dot-gov domains.

"Now, this new technology needs to be built to standards and this is where NIST comes in. The standards should be and must be a United States standard – not a China standard. I believe that the country that creates the standards first will create the products and the jobs first. We admire the work of the National Security Agency. It is a reservoir of cyber security intel and expertise. But it is a military agency, it is a security agency, its job is to protect dot-mil.  The private sector needs a civilian agency to go to, as I said earlier. I believe that one of the private sector’s primary gateways for working with our government to develop our country’s qualitative edge is the National Institute of Standards and Technology. There’s nothing like it. 

"Now if you were in Montgomery County, you know there’s the agency called the National Institute of Health. We love it. And it gets all the press.

"But right up Rockville Pike, right up on Route 70, on the outer banks of Gaithersburg, in Germantown, there’s the National Institute of Standards and Technology. And what a national treasure it is. I believe its role in this is important exactly because it’s not a security agency. When the private sector goes there, they don’t get a spook, they get a scientist or a technologist. And your customers won’t be spooked by you going to NIST either.

"NIST has a history of developing standards for protecting the American people. I’m so proud of the role that they play in developing national-quality standards to ensure the safety of workers and patients as well. The safety standards for buildings after the 9/11 attacks, and the quality standards for mammogram equipment. NIST has been on the job developing standards to protect the American people.

"That’s why I have created in my CJS Appropriations bill a National Cyber Security Center of Excellence at NIST. I have funded this with $10 million. Let me say that again. At NIST, I plan to stand up a National Cyber Security Center of Excellence.  And the Appropriations Committee has approved my plan.

"And what will it do?  Well, it’s going to create a hub of innovation and development. It will be a gateway for the private sector to forge partnerships to adopt mutually beneficial research, cyber-technology tools and other important things.

"It’s going to do three things. First - technology transfer. There are lot of good ideas out there. Where do you go to find out how measure it, set standards for it and then can you make it and use it?  Technology transfer at NIST and its new cyber security center will support the research, development and evaluation of cyber technologies from private companies and academia to the government.

"Second, it will have a small research and development pot of money. It will be merit-based research—no earmarks—to stimulate innovation, a hallmark of Secretary Locke’s and Dr. Gallagher’s leadership, in leap-ahead cyber technologies.  We’re not only fighting the cyber war of today, we’ve got to go over the horizon and look to where there’s no horizon at all with these leap-ahead technologies. 

"And third, it will have information clearinghouse to serve as a link between government, academia and the private sector on the latest research advancements, experience with technology and the test results of new technology.  In other words, it’s going to be news that you can use.

"This is a major effort on our behalf to provide, as I said, one gateway for the private sector to be able to interact with the government, to maintain our technology development and qualitative edge.

"But we are also leaping ahead in the area of workforce.  Right now, there are five cyber-related scholarships in our government. They tend to be agency-specific.  You can get a scholarship to be a CIA agent, a small scholarship to work at NSA. 

"But at the National Science Foundation, again funded in my appropriations bill, we have created a government pipeline that’s called NSF’s Scholarship for Service. Research shows it’s one of our most effective programs because it’s not agency-specific. To get a scholarship for the National Science Foundation, you must be of service in a science or technological area. It was funded under the Bush administration at a modest $15 million.  I’m taking it to $45 million.

"Many of our talented young men and women come to work in our government loaded with idealism, which will be good to use, and they come loaded with student debt. This will provide nearly 400 scholarships, for undergraduate, professional masters and PhD students to pursue careers in cyber security at an agency of their choosing.

"So these are two efforts that I’ve put into the appropriations bill to keep President Obama’s momentum going. To assure that America continues to lead the way, and we do it in a way that makes sure we have a more secure country in both its public and private domains.  And at the same time, using this as an opportunity to build a stronger economy where we are able to compete among ourselves and in the global market.

"I’m so proud of our country.  We win the Nobel prizes.  We even work at NIST.  But what we want to make sure is we win the markets.  And when we do, we’re secure in our place in doing it.  I look forward to working with you and all of you."