Howard Schmidt

Cybersecurity Summit Address at the U.S. Chamber of Commerce's 3rd Annual Cybersecurity Summit

delivered 28 October 2014, Washington, D.C.

Audio AR-XE mp3 of Address


[AUTHENTICITY CERTIFIED: Text version below transcribed directly from audio]

Thank you, Anne, for that -- that kind introduction and to all of you for attending. And more broadly, thank you to the Chamber for your continued support of cyber security and the things that we're doing.

I think back every time I'm in this room here. I think back to about 1996-'97 time frame when President Clinton had put together the President’s Commission for Critical Infrastructure Protection, ultimately resulting in Presidential Decision Directive No. 63. And the core of that is much of what Anne had mentioned about private-public partnerships.

Immediately, when that was released the Chamber pulled together all its great members, as many people as they could sort of round up from the government that knew anything about this at that time, and working with some of the sponsors that very similar to what we see today, and had one of the first cyber summits. And the room was nowhere near as large. The attendance was nowhere near as great. And I think the expertise and discussions were much more junior than what we have today. So it's wonderful that -- that they continue to do that.

The other thing I want to reflect on relative to the Chamber is the support they've given us for many of the initiatives both in private sector and the government. And specifically, I want to thank the -- the Chamber for when we released the National Strategy for Trusted Identities in Cyberspace, or the NSTIC -- the huge outpouring that we had from private sector with the leadership of the U.S. Chamber. I remember the three of us were up here at the time from the White House and talked it -- Gene Sperling,1 [and] former Ambassador to China, who is my former governor, Gary Locke. And it was an interesting day because it really, I think, put a mark in -- at least in the D.C. area -- that many of these problems we're dealing with, many of the things can be solved, but often times can be solved by private sector.

And it's interesting, when you put together all the pieces of this -- you look at the military, the law enforcement, the private sector, the Executive Branch of the government, the congressional piece of it, which may not move as fast as I think we all would like to see it -- at least we have the same direction. We have the same function of saying, “Yes, we really need to do something.”

On a personal note, a number of months back [at] my home in Seattle, a pipe separated and flooded much of the house. And I haven't been back in -- to be able to move back in. But in doing so, my wife got one of her biggest wishes: to get rid of all that stuff I've accumulated over the years -- all the binders, all the briefings, all the -- the old hardware and drives and stuff that we had that contained a lot of this stuff.

And in doing so, of course very selectively, I found a report from 1998. It was a report by RAND Corporation in joint with the Chamber and a lot of other organizations looking at critical infrastructure protection, particularly looking at it from a perspective of “How do we do this?” It was a clarion call, if you would, for private-public partnerships. And it was very clear at the time: the government give information to private sector, private sector shared information with the government; and more importantly that the private sector share information amongst themselves, particularly on threats, vulnerabilities, and best practices.

Here we are almost 20 years later. We're having the same discussion. We have to really refine the things that we're doing.

Now, I ideal a fair amount with financial services, international energy companies, and I see on a day-to-day basis not just incremental but great leaps moving forward on securing their systems. They're working with the government task forces, you know, the -- the energy sector,  the -- the Capability Maturity Model that -- that we started a few years back. These companies are not taking this lightly. There are certain things that Anne suggested that we need the government to do. We need to good -- have good legislation that protects the companies from sharing that information because there's a lot of people out there, and particularly in...a lot of the [Legal] Counsel offices [who say], "Well, we're not sure you can do this." Or, "If you share information with the government and some issue becomes of it and litigation starts out of it, as you may be on the hook, you may not have the same level of expertise to -- to fight the case for you, as you're going to hire outside counsel. You're going to have to do these things, and as a consequence, it's just not worth it.

But now some of the boardrooms that I'm sitting in and some of the meetings I'm having with some of the chairman -- Tom [Ridge]2 and I do on a regular basis -- the discussion has changed. It's not, “We can’t do it.” It's, “How do we do it?” How do we make sure that we support what the government’s efforts are with -- without inferring additional regulation on us. Some of the sectors we work with are so heavily regulated, it's difficult to actually do the things that they need to do. And that's where we're working at now. And that's what I think all of you with the Chamber and the sponsors here should be talking about today.

We're going to hear from great speakers. Michael [ph],3 a panel later on the day on some of these things. But at the end of it, when all the "speechifying" -- as John Brennan used to call it all the time -- when that is done, we've got to go to work. We've got the strategies, the strategies going back to -- to 2003 with the National Strategy to Secure Cyberspace, the International Strategy, the NSTIC, NICE, the National -- the International Strategy for Cyberspace. And by the way, note: It's not about securing cyberspace. It's what cyberspace generally will do to us.

And then, in sort of closing, to -- to once again thank the Executive Branch. When all the retail things that we've seen in the news recently about intrusions and breaches, and -- and sort of we're looking at this whole system that we operate. There was a lot going on. There continues to be a lot going on. And I don’t know how many else in the audience in the recent weeks got that little card in the mail that says, by the way, just as "precaution," we're replacing your credit card. Got mine the other day and had PIN and chip technology built in to it.

So, we're making progress. And when the President called for a secure buying for the government, we in private sector are moving [in] that direction as well. No longer are we going to be part of a system that depends on User ID and passwords to do all the work that we need to do. It's not easy. It's not cheap. But if we continue to admire the problem and not put the pieces together that said, “Here's the strategies that we're looking at” from the government perspective, from the private sector perspective, from the research and development community -- if we're not taking those strategies and executing on them, next year we're going to be having a discussion at this conference again about the things that we should be doing.

The time for strategy and looking at the problem is long gone. That 1998 report that I mentioned a few moment ago, it could have been written yesterday. So we need to execute on the plans that we have. We need to actually do the collaboration and figure out ways to make it better. We're on a path to do that. I think everyone in this room is committed to do that. I think the people from the government are here to commit to that. And I think if we each to do that, we each do our part to secure our part of cyberspace, then next year when we have this meeting, it will be about all the things that we've been able to accomplish -- not only to build a better security but also to improve the business and economic environment globally; because when it comes down to it, that's what keeps the machine running.

So with that, I thank you once again for your attendance and in the -- in the Chamber I thank you for inviting us and I look forward to the rest of the deliberations.

Thank you very much.

Book/CDs by Michael E. Eidenmuller, Published by McGraw-Hill (2008)

1 Mr. Sperling served as economic advisor to the President. He played a pivotal role in negotiating the World Trade Organization accord between the U.S. and China in 1999.

2 Referent of "Tom" is an educated guess. Governor Tom Ridge and Howard Schmidt were cofounders of and partners at the cybersecurity consulting firm Ridge-Schmidt Cyber LLC (reconfigured as Ridge Global following Schmidt's passing).

3 Possibly NSA Director Adm Michael S. Rogers who was scheduled to deliver (and accordingly did deliver) that day's luncheon keynote address: "Sharing Cyber Threat Information to Protect Business and America"

Audio Source:

Audio Note: AR-XE = American Rhetoric Extreme Enhancement

Research Note: Principal transcription by South Transcription Unlimited, Inc. | | | (+63) 920.921.8709. Supplementary transcription work and editorial oversight by Michael E. Eidenmuller.

Page Updated: 2/3/24

U.S. Copyright Status: Text = Uncertain. Audio = Property of Image (Screenshot) = Fair Use.
































Top 100 American Speeches

Online Speech Bank

Movie Speeches

© Copyright 2001-Present. 
American Rhetoric.