You are here

Remarks at Cybersecurity Event with White House Cybersecurity Coordinator Howard Schmidt

Commerce Secretary Gary Locke
Stanford, California
January 07, 2011

I want to thank our hosts today, TechAmerica, TechNet, the Churchill Club, Stanford University, and the TRUST Center.

And I want to thank all of you for joining us this morning.

There may be some other people here, who, like me, can remember when Time’s “Man of the Year” was a personal computer, and, according to reports, most of that story was composed on a typewriter.

That was in 1982, well before terms like “cyberspace” and “virtual reality” and “social networking” would enter the popular lexicon. 

There were precious few cell phones and certainly nothing called a blog.  The Internet was the private preserve of the Defense Department, federal researchers and certain universities.

Fifteen years ago, we saw the dawn of the commercial Internet. 

Flash forward to 2011. 

Nowadays, the world does an estimated $10 trillion of business online.  Nearly every transaction you can think of is being done over the Internet:

  • Consumers pay their utility bills from their smart phones;
  • People download movies, music and books online; and
  • Companies, from the smallest local store to the largest multinational corporation, order goods, pay vendors and sell to customers via the Internet.

E-commerce sales for the third quarter of 2010 were estimated at over $41 billion; up 13.6 percent over the same period last year.  And early reports indicate that the recent holiday buying season saw similar growth, with year-over-year sales up by over 13 percent.

Despite these ongoing successes, the reality is that the Internet still faces something of a “trust” issue.  And it will not reach its full potential until users and consumers feel more secure than they do today when they go online.

The threats on the Internet seem to be proliferating just as fast as the opportunities.  Data breaches, malware, ID theft and spam are just some of the most commonly known invasions of a user’s privacy and security.  People are worried about their personal information going out, and parents are worried about unwanted explicit material coming in to their children. 

And the landscape is getting more complex as dedicated hackers undertake persistent, targeted attacks and develop ever-more sophisticated frauds.

Dealing with these evolving threats has been an issue of high priority for President Obama since the earliest days of his administration. It was back in May 2009 when he said, “America’s economic prosperity in the 21st century will depend on cybersecurity.”

And he went on to declare that “This cyber threat is one of the most serious economic and national security challenges we face as a nation.”

To help meet these challenges, the Obama administration released a comprehensive Cyberspace Policy Review outlining a series of necessary actions by the public and private sector including: improving identity solutions, identity management services, and privacy-enhancing technologies.

This review has helped to lay the groundwork for the administration’s forthcoming National Strategy for Trusted Identities in Cyberspace.

The final version of this strategy will be signed by the president in the coming months, and Howard will be talking about this in a few minutes.

Many of you participated in the open public process to comment on the strategy and are familiar with the public draft released this past summer.  And we want to thank you for your thoughts and recommendations.

The end game, of course, is to create an Identity Ecosystem where individuals and organizations can complete online transactions with greater confidence. . . putting greater trust in the online identities of each other. . . and greater trust in the infrastructure that the transactions run across.

Let’s be clear.  We are not talking about a national ID card.  We are not talking about a government-controlled system.  What we are talking about is enhancing online security and privacy and reducing and perhaps even eliminating the need to memorize a dozen passwords, through creation and use of more trusted digital identities.

To accomplish this, industry leadership is essential.  We need the private sector’s expertise and its involvement in designing, building and implementing this Identity Ecosystem.

To succeed, we will also need a National Program Office at the Department of Commerce that is focused on implementing the Trusted Identities Strategy.

The Commerce Department already has extensive experience in this realm.  Last April for instance, we launched an Internet Policy Task Force to address the most pressing Internet issues of the day.

The Task Force is made up of experts from across the department – experts in trade policy, intellectual property, information policy, cybersecurity, and standards.

The Task Force is working on developing cybersecurity policy recommendations for the commercial sector, as well as policy recommendations on other critical Internet issues like privacy, copyright protection and international e-commerce.

We have reached out extensively for public comments on all of these topics.  And the Task Force just last month released initial recommendations on strengthening online privacy protection.

The Commerce Department’s National Institute of Standards and Technology also has significant, long-standing investments in cybersecurity R&D and in standardization programs.

All of this experience can help a new our program office be effective facilitators for both government and private sector engagement and indeed private sector leadership.

In the end, we want to: 

  • Build consensus on legal and policy frameworks necessary to make the Trusted Identities Strategy successful, including ways to enhance privacy, free expression and open markets;
  • We want to work with industry to identify where new standards or collaborative efforts may be needed;
  • Support inter-governmental collaboration; and
  • Promote important pilot projects.

These are important undertakings, and today’s meeting is just one part of a much longer journey.

Of course, we all know that these pilot projects, any follow-on commercial deployments, and the emergence of an Identity Ecosystem itself will be no panacea.  There is no magic bullet to solve all cybersecurity issues.

However, in this room we also know that robust identity solutions can substantially enhance the trustworthiness of online transactions.  They can not only improve security, but, if done properly, can enhance privacy as well.

That’s why Howard and I, along with Pat Gallagher, director of NIST, have come to Silicon Valley to announce our plans to move our Trusted Identities Strategy forward.   

And Pat’s going to be here for the rest of today to talk more about our efforts and to gather input from all of you.

The president’s goal is to enable an Identity Ecosystem where Internet users can use strong, interoperable credentials from public and private service providers to authenticate themselves online for various transactions.  

But the solutions allowing us to actually achieve that goal are very likely to emanate from your firms here in the Valley.

We know that you understand the basic equation:  the greater the trust, the more often people will rely on the Internet for more sophisticated applications and services.

We look forward to working with you to build that trust.

Thank you.