Before a packed room of leading government officials, technologists, and journalists in downtown Washington this morning, U.S. Secretary of Homeland Security Janet Napolitano stressed the need for a new public-private partnership framework that enables innovation and workforce development in cybersecurity in order to adequately protect our nation’s interests from cyber attacks. The event — Cybersecurity Breakfast: Protecting Our Nation’s Assets — was sponsored in part by Washington Post Live, the live journalism arm of The Washington Post Co., and held at the newspaper company’s headquarters.

Napolitano described the cybersecurity challenge in her opening remarks:

The risks to national and economic security from cyberspace affect us all. So we begin by saying that cybersecurity is a shared responsibility; everyone has a role to play. We have to have a concerted public-private partnership to protect that infrastructure. And the Department of Homeland Security plays an important role here. With our Federal partners, we are working to secure unclassified neworks… We are also partnering with owners and operators of critical infrastructure and key resources to support cybersecurity preparedness, incident mitigation, and immediate response.

 

But we need to do more… the attacks are increasing in frequency and complexity and in consequence. In fiscal year 2011 alone, our own Computer Emergency Readiness Team — US-CERT — responded to more than 100,000 incident reports and released more than 5,000 actionable cybersecurity alerts and information products. And we know that only a small proportion of cybersecurity incidents are reported to the government.

Later, during audience Q&A moderated by Washington Post Live Editor Mary Jordan, Napolitano elaborated on what makes these challenges unique (after the jump)…

I think cyber is different in important ways. First of all, the people who deal with cyber have a technological expertise that needs to be harnessed. And they need to be able to talk with each other. And you need to create the space in which those discussions can occur and technological exchange can be accomplished.

 

Secondly, we have a lot of public-private partnerships where we’re really just trying to be force-multipliers of each other, but [here] there’s a clear public domain and a clear private domain. In [cybersecurity], where we’re talking about the nation’s critical infrastructure, there’s a huge public interest in making sure the private sector is doing what it says it’s going to do… because the consequences of failure [are that much greater]… So to just say that we’re in the same room totgether to talk about issues is not robust enough.

…discussed common cyber threats…

Theft of intellectual property, which is a huge economic issue for the U.S. — and a growing one. Because as an economy, we depend on innovation, and if people are stealing our intellectual property, that’s a big, big deal…

 

Intrusion into private infrastructures can take different forms — a denial of service attack (protecting against that, detecting that, immediately patch against that and provide notice, etc.), implanting a piece of malware, intrusions into private cyberinfrastructure… What we’re worried about is you have critical infrastructure — financial institutions, telecommunications, utilities — all of which [is] dependent upon cyber networks. And if they are intruded upon, if they are shut down, the economic impact is great…

 

[And] intrusions into government and civilian networks — [to learn for example] what positions the U.S. is going to take on certain matters by seeing what documents are being prepared.

…and briefly noted that the DHS’s Science and Technology Directorate is supporting research and innovation to help the department — and the nation — defend against these:

In our Science & Technology Directorate, we are regularly engaging with innovators and academic institutions [on things like] “here’s what we think we need to do our jobs” and “what kind of research is going on out there that would help us.” We have a whole experimental arm of the department that looks into that.

Napolitano also touched on a growing need for cybersecurity professionals, saying “if she could do one thing tomorrow” it would be to “have every cyber geek in the U.S. who is any good at detecting [hackers or threats] to come work for me.”

We’ve been increasing hiring over the last several years. We are five times as large as we were even two years ago, and we are going to be on that pace in the next year. The Office of Personnel Management has given us direct authority for hiring — which for those of you who know the government know is pretty rare — for up to 1,000 more cybersecurity professionals.

Archived video of the event will be available at Washington Post Live later today — and the newspaper is planning a special report on cybersecurity in the coming weeks.

(Contributed by Erwin Gianchandani, CCC Director)