On May 18, U.S. Secretary of Commerce Penny Pritzker delivered keynote remarks at the Global Digital Challenge Initiative Conference hosted by the Bipartisan Policy Center and the Mike Rogers Center for Intelligence and Global Affairs.  This conference brought together leaders in policy, business and technology to discuss issues critical to the global digital economy, such as cybersecurity and online privacy.

During her remarks, Secretary Pritzker discussed why collaboration between industry and government is essential to securing the digital economy as a platform for continued economic growth and innovation, as well as the Obama Administration’s efforts to strengthen our national cybersecurity posture.

Remarks As Prepared for Delivery

I want to thank the Bipartisan Policy Center and the Mike Rogers Center for Intelligence and Global Affairs for joining forces on the Global Digital Challenge Initiative.

As the voice of American business in policymaking for the Obama Administration, the Commerce Department plays an important role on cybersecurity issues. We understand that the cybersecurity of our businesses, our economy, and our nation as a whole is only as strong as its weakest link - which is what brings us together for today’s conference.

I want to begin by sharing with you some new figures from our National Telecommunications and Information Administration and the U.S. Census Bureau: in a survey of over 41,000 households, 45 percent of Internet users said that concerns over privacy and security have discouraged them from going online to: conduct financial transactions, buy goods and services on the web, or even express their views on social media.

Are you as shocked by these numbers as I am? I share them with you because they underscore how cyber threats and violations of privacy have a chilling effect on consumer behavior.

Trust is the lynchpin of the digital economy. If we want to realize the vast potential of the Internet, we must get cybersecurity right.

We also know that the Internet has transformed our lives, created enormous wealth, and proven a powerful platform for free expression and global commerce.  Secure and reliable networks form the digital backbone of the 21st century economy, placing markets across the world virtually next-door to one another. A start-up in California can win support from investors in London, open factories in Singapore, and monitor production over cloud servers housed in Virginia. Yet as technology evolves, so do the threats we face from hackers, cyber criminals, terrorists, and unfriendly foreign governments. In this new threat environment, every consumer, business, and government agency is on the front lines.

Cybersecurity is not a traditional security issue that our law enforcement, military, and intelligence agencies can handle alone. At Commerce, we believe that cybersecurity starts with business because the private sector owns and operates the digital backbone of our economy – our telecommunications networks, power grids, financial systems, and other critical infrastructure. When Iran attacked our banks and infiltrated the control system of a dam in New York, they targeted and used privately-owned infrastructure. When North Korea attacked Sony Pictures, they damaged one of America's largest corporations. The private ownership of our critical infrastructure underscores why government alone is not capable of securing our digital economy.

And let’s not forget that private companies have the greatest incentive to protect their digital assets.  When data breaches compromise customer data or denial-of-service attacks interrupt services, companies: violate the trust of their consumers; lose the confidence of their investors; and in some cases endanger the digital infrastructure of our entire society.

Put simply: companies that fail to protect their digital assets will not only undermine our national security but will also struggle to compete in the 21^st century. But the private sector alone, like government, is not able to secure our digital economy either. 

The Obama Administration, as well as the Commerce Department, sees close cooperation between industry and government as an imperative for strong cybersecurity. Many of the businesses working with the Global Digital Challenge Initiative are partners in our efforts.

Some have contributed to the Cybersecurity Framework, the common language for cyber risk management spearheaded by our National Institute of Standards and Technology. Others are helping develop technical solutions at our expanded National Cybersecurity Center of Excellence, or providing workforce development guidance to our National Initiative for Cybersecurity Education. And many are working with our National Telecommunications and Information Administration to improve research and disclosure of cyber vulnerabilities in software. 

Thanks to your engagement, we are making real progress. However, there are many critical challenges we have yet to tackle.

I want to briefly discuss the digital elephant in the room today: encryption. It was 1972 when the National Bureau of Standards, now known as NIST, was tasked with developing the Data Encryption Standard. Thanks to NIST’s collaboration with industry and academia, today billions of people around the world use encryption to protect their credit card transactions, health records, and more. NIST continues to develop advancements in cryptography that will drive innovative security solutions and strengthen trust in the digital economy.

Concerns about the difficulties encryption poses in law enforcement investigations are real. Yet encryption is also essential to our national and economic security. From protecting military secrets to maintaining emergency preparedness systems, it is an important tool for industry and government alike. As the President has said, and I quote, “there’s no scenario in which we don't want really strong encryption.” 

The federal government has a solemn obligation to keep our country safe. Today, that responsibility includes defending us against traditional threats and those in cyber space.  Law enforcement investigations are critical on both fronts. At the same time, the private sector’s role in national security has never been more essential. Without secure business networks, our society is vulnerable.

This debate is about far more than balancing individual privacy and law enforcement investigations. This is an issue of competing security interests, and also of legitimate economic interests. Any adjustments to encryption policy that affect the security of our networks could also impact our economic and our national security. There are no simple answers, but one thing is clear: only by working together will industry and government arrive at solutions that address the competing needs of our society.

Ultimately, there are many issues critical to securing the digital economy.  We need a comprehensive approach. In February, President Obama created the Commission on Enhancing National Cybersecurity, an independent Commission supported by Commerce. The President has charged the Commission with delivering a long-term cybersecurity strategy for country by December 1st of this year. Allow me to be frank.  Too often, the recommendations put forward by blue-ribbon commissions after the fact. Think about the 9/11 Commission or the Financial Crisis Inquiry Commission. The Commission reports begin common refrain: we should have seen this coming. The warning signs were there in both instances.

Today, the United States experiences significant cybersecurity incidents on a daily basis. Consider the results of a recent survey, in which over 90 percent of board members in cyber vulnerable companies said that they cannot interpret their own cybersecurity reports.  That is a problem with severe national security and economic implications.  President Obama understands that the time to act is now.

For example, business leaders clearly need better metrics for managing cyber risk.  As someone who has run businesses for 27 years and sat on many corporate boards, I know that quality, discerning data is essential for risk management.  Managing financial risk is a basic element of running a business. But when it comes to cybersecurity, we still lack reliable methods for: measuring cyber risk; conducting cost-benefit analyses; and making wise investments to defend against cyber threats.

Too often, actions taken in the aftermath of cyber-attacks today are mere gestures, even at the most sophisticated and well-resourced companies. That must change.  And you can help.  I urge you to provide the Commission with your best ideas on how to measure, and ultimately put a price on the cost and benefits of effective cyber risk management.

In addition, in the months ahead you will have opportunities to advise the Commission on many issues, including on how to: identify and encourage adoption of best practices, strengthen identity authentication management, develop the cybersecurity workforce, and address areas like cybersecurity insurance, security for the Internet of Things, and more. The President needs you to offer your expertise in order to develop actionable recommendations that government and industry can implement over the next decade to strengthen our cybersecurity posture.

The technological innovation unleashed in recent years is just a preview of what is to come.  As manufacturing goes digital, as cars go driverless, as more data crosses borders, the cyber threats we face will only grow more sophisticated. Our need for constant collaboration between business and government will only grow more urgent.

Together, we must reject the notion that security and economic growth are at odds. Together, we must ensure that trust remains the lynchpin of the digital economy. Thank you.