Ambassador Baker addresses cyber-security forum
Information Systems & Network Security Forum
Sept. 10, 2003
It is a pleasure to be here today. I would like to take this opportunity to announce that yesterday U.S. and Japanese government officials confirmed the United States-Japan Joint Statement on Promoting Global Cyber Security. The statement is the first joint cyber security statement that the United States Government has done with another country. It is an important step forward in cooperation between our two countries on cyber security issues. I encourage you to read the statement, which is available on the embassy's website.
Before you begin the forum, I think that it is appropriate that we take a moment to reflect on how much information technology has changed our lives over the past twenty years. Try to imagine life in your workplace without e-mail. Imagine your business without a single computer. It is difficult, if not impossible, to do.
We take for granted that each day thousands of people will communicate with each other, make travel plans, carry out financial transactions, and buy and sell every type of product imaginable via the Internet. We also take for granted that computer networks control everything from trains and electrical transformers to radars and chemical vats. As President Bush's recent National Strategy to Secure Cyberspace points out, "A network of networks directly supports the operation of all sectors of our economy." The report also notes that we created these networks "without a great deal of thought about security."
It is quite natural to immediately think about cyber terrorism given the fact that tomorrow is the anniversary of the horrific attacks in the United States. Although cyber terrorists are a threat, both the private and public information networks face a wide variety of challenges ranging from cyber criminals to hackers to cyber protesters. A hacker seeking to show his technical expertise by damaging a vital system can be just as dangerous as a terrorist.
Two very recent court cases in the United States illustrate the scope of the problem. In July, a Kazakhstan hacker was sentenced to over four years in prison after trying to hack into Bloomberg L.P.'s computer system. The hacker tried to steal confidential information and use the information to extort money from Bloomberg. At the sentencing the judge stated the crime "was a very serious one because of its threat to international commerce and the integrity of data that the financial community relies upon to do its business." In another recent case, a 19-year-old man pled guilty to charges arising from intrusions into four different computer systems. The man compromised the integrity of a system on a United States Air Force base and stole credit card and personal information from a company's computer system.
These cases illustrate three very important points. First, cyber security problems extend across national borders. As a result, in order to defend our networks, the United States, Japan and other countries must cooperate. I would like to point out that in the Bloomberg case law enforcement authorities in the United States, Kazakhstan, and the United Kingdom worked together to bring the hacker to justice. As our national cyber strategy notes, without international cooperation, "our collective ability to detect, deter, and minimize the effects of cyber-based attacks would be greatly diminished." International cyberspace security cooperation is one of our national strategy's five priorities. I view this forum as an important step in increasing cooperation between the United States and Japan on cyber security issues.
Second, the cases I mentioned point out the importance of public and private sector cooperation. In the second case, both the government and the private sector were the targets. In addition, in order to apprehend the criminals, prosecutors had to work closely with the private sector victims. Public and private sector coordination makes sense. Both parties have information that is vital for the protection of the other's networks. In addition, the private sector controls the majority of the United States and Japan's critical infrastructure.
Finally, both cases required a number of federal and state agencies to work together. It is essential that central and local government agencies coordinate their activities.
The public and private sectors both face daunting challenges. As governments devise strategies to secure cyber space they must confront a whole new series of questions ranging from concerns over civil liberties to the potential liability of corporations when sensitive data is compromised. Companies fear that confidential, proprietary, or potentially embarrassing data could become public if shared with governments. Concerns about competitive advantage also keep companies from sharing information with other companies. In order to meet these challenges and concerns, governments and the private sector must work together to find the right balance of regulation and disclosure that will give us the maximum amount of protection while at the same time protecting civil liberties and encouraging technical innovation. I believe that this forum, as well as the joint statement, is important steps in this essential dialogue.
Thank you very much.