Peter, thank you very much and good morning, everyone. What a great crowd, and I am thrilled to be here for this second Symposium sponsored by URI. I know you're in for an exciting morning and afternoon. We have some great speakers, and I'm just privileged to be a part of this. I would like to begin by thanking President Dooley for once again hosting this event. Your commitment, President Dooley, and leadership on this and other important education issues are a real inspiration, and it has been an honor to work with you over the years. Thank you for hosting us.
Also before I begin, we have an outstanding lineup of speakers, but I would like to thank and to welcome two of them here today: Mark Weatherford, the Deputy Undersecretary for Cybersecurity at the Department of Homeland Security and also LTG Mike Flynn, Assistant Director of National Intelligence for Partner Intelligence who was also just nominated to be the new director of the Defense Intelligence Agency, and also a URI grad. Congratulations and welcome to both these gentlemen. I hope you'll join me in a round of applause for them. [Applause] I would also like to congratulate President Dooley and the URI team, including Dr. Peter Alfonso, Dr. Vic Fay-Wolfe and Dr. Lisa DiPippo, on the
exciting news that President Dooley spoke about just earlier as URI has been designated as an NSA/DHS Center of Excellence in Intelligence Assurance Education. This recognition truly establishes URI's well-earned status as one of the nation's leading educational institutions sponsoring what is becoming our
nation's most serious national security challenge. I am certainly confident that URI will use this designation to strengthen protections for Americans against cyber threats and, at the same time, create jobs in our state. To all of your hard work -- to Vic Fay-Wolfe, to Lisa DiPippo, and Peter and the entire team -- everything that you did to obtain that designation was effort well spent, and I know it is going to serve both the University and the State and the country in a major way going forward. Thank you for your great work and congratulations.
[Applause]I'm especially proud to note that the initial spark for URI's decision to pursue the Center of Excellence designation came from last year's symposium. I know many more great ideas will be sparked at today's event, especially with so many distinguished panelists and speakers here today. I would like to thank all
of you for your participation in this event and welcome many of you to the Ocean State. I hope you enjoy your time on campus. Those of you that may be here from out of town, I hope you get a chance to see the state while you're here a bit, maybe do some shopping, spend a little money. [Laughter] Take
home a nice car, maybe [laughter]. A lot to see and a great place to be today.
Last but not least, thanks to all of you for taking the time to be here today to work on this important step for the Rhode Island cyber workforce pipeline and, more importantly, our country's national security. I feel a great sense of optimism when I see so many attendees from across federal government
and state agencies, academia, and private industry.
Ladies and gentlemen, it is almost cliché by now to say that our way of life, our economy, and even our national security are critically reliant on the Internet. We can all point to different aspects of how we use the internet on a daily basis. Look no further than the morning newspaper or the latest blog post and
you'll see that new threats are appearing in cyberspace every day. Individuals are having their bank accounts hacked and credit cards and social security numbers compromised at an all too frequent pace.
Intellectual property theft is weakening our economic competitiveness. Our military readiness and qualitative edge are being degraded and vulnerabilities in our critical infrastructure are creating the all-too-real possibility of catastrophic damage being done to our country.
Our reliance on cyberspace has led to exciting innovations, increased efficiencies and countless new ways to network and collaborate. But it also presents challenges that will truly redefine our national security priorities as we struggle to protect our critical data and infrastructure, while working to leverage these new capabilities to our national advantage. But still, our country's most important resource in cyberspace, of course, will be the people that operate it and, ultimately, defend it.
We have taken steps to pivot towards these threats at the federal level by standing up U.S. Cyber Command and empowering the Department of Homeland Security to take on this mission in the civilian space. In the Fiscal Year 2010 National Defense Authorization Act, I asked the Department of Homeland Security to examine its cyber workforce across the department. The resulting report indicated a massive undertaking as our military becomes more and more reliant on networked systems to defend our nation. This reliance is driving a short term race to fully staff new missions and a long term requirement to establish a strong pipeline for cyber talent.
In response to this report, last October, I commissioned a Cyber Workforce Workshop with the Department of Defense held at the National Defense University. I wanted to explore four areas: the size and growth of the cyber workforce; state and local cyber workforce issues; K-12, college and STEM
education; and credentialing for the cyber workforce. Rhode Island was well represented with General Paul Ayers, Theresa Murray and Vic Fay-Wolfe on hand to talk about the exciting cybersecurity partnerships already underway in Rhode Island. A lot of exciting thigns to share there, and we benefitted
for their expertise.
This workshop stressed not only that the cybersecurity workforce must be significantly expanded, [coughing] I hope that's not a cyber thing going around there [laughter] But in any event, this workshop stressed not only that the cybersecurity workforce must be significantly expanded, but that it has to
grow both qualitatively and quantitatively. I believe we must define cyber careers that will build a framework for both government and industry positions.
Of course the reality of constrained funding limits policy options at both the federal and state levels. The workshop therefore spent significant time
exploring how to build partnerships in order to better leverage our resources and find new and unique ways to fill the gaps in the workforce that exist today.
In Rhode Island we are bringing together our National Guard forces, Emergency Management Agency, universities and businesses to leverage the talent of existing cyber professionals across a variety of needs. This initiative is designed to determine what role the local and federal government can play in protecting state, local, or even private assets. It will also provide an opportunity for those coming into or re-entering the workforce to have a wide range of employment opportunities in the cyber career field.
This partnership builds on our state's nationally recognized programs, like the Digital Forensics Lab and the Rhode Island Cyber Disruption Team, which acts preemptively to combat potentially devastating cyberspace threats to vital sectors ranging from the power grid to water systems and health care
facilities. Their charge, the Cyber Disruption Team is basically to identify the critical cyber assets that we have in our state or those entities that really depend on cyber to operate. Identify them, look to see what we can do to harden those assets ahead of time but also figure out mitigation plans so that if there is a major cyberattack and these operations are shut down, how do we quickly recover. We will hear more about this partnership later in today's program, but I am excited to highlight that this group will also oversee education initiatives to raise awareness about cybersecurity challenges and to assist in providing the law enforcement instruction and technical training needed to develop a workforce capable of meeting these challenges.
Based on both the DOD workshop and our work here in Rhode Island, I turned to my colleague Dan Lungren, a Republican from California, and asked that he add certain provisions, of our work, as he was drafting the PRECISE Act, that he was sponsoring in the Congress. As some of you know, this bipartisan bill would have made important progress towards securing our critical infrastructure through the creation of minimum standards for those who own and operate it and by strengthening the abilities of the Department of Homeland Security in the cyber domain. Mr. Lungren agreed to add language I advocated for that would have established a pilot program for grassroots cyber efforts, like those in
Rhode Island, and would have created a federal program to help existing groups better coordinate online training and best practices.
Unfortunately, despite the bill having strong bipartisan support, it was not debated last week during the House of Representatives' so-called "Cyber Week", where multiple bills were brought to the floor that dealt with cybersecurity, but we're going to continue at it, and hopefully that bill will be brought back
up. And so, to my great frustration, the need to comprehensively address the vulnerabilities in our critical infrastructure remains what I believe is really unaddressed -- as does the need to assist those grassroots cyber efforts.
However, there were three important pieces of legislation that the House did
consider and pass that I would like to highlight just a couple of those here this morning.
One of the bills is the Cyber Intelligence Sharing and Protection Act, or CISPA, maybe the most important of the bills we did pass. Under current law, the government -- as I'm sure many of you know -- cannot share classified cyber threat information with the private sector and businesses cannot share similar
information with the government, an obstacle uniformly pointed to by experts as hampering our cybersecurity. CISPA creates a voluntary information sharing network, with rigorous privacy requirements in place, that will provide private sector and many critical infrastructure entities with classified threat information to allow them to better secure their networks. It will also permit those
entities to provide limited threat information back to the federal government, helping to provide situational awareness, or "radar," that we so desperately need to better understand the nature of the increasingly sophisticated threats arrayed against U.S. interests in cyberspace.
I was proud to push for strengthening privacy standards to protect citizens as the bill moved forward.
The version that passed the House included strict limitations of what information can be given to the government along with a requirement for an Inspector General's report reviewing what information was shared and how it was used, among other protections. The bill also has a sunset provision within five years, and we'll make adjustments as necessary as we go forward and we see how the bill -- if it becomes law -- how it's implemented.
While I do not believe this legislation is perfect, and I hope to continue to work with privacy and civil liberties groups to allay their concerns, CISPA does represent a good-faith effort to come together in a first step towards better cybersecurity for our nation, and I was proud to co-sponsor and vote for what I
believe is a very important measure.
However, I am disappointed that House leadership has not moved more aggressively and broadly or in a bipartisan way to address our nation's cybersecurity challenges, and much work remains. I am hopeful that passage of CISPA will spur the Senate to act on comprehensive cybersecurity legislation -- I'm sure you've heard some of the talk right now that the Senate is considering a more comprehensive bill; while the House did more piece by piece legislation, the Senate is considering more comprehensive legislation such as that proposed by Senators Lieberman and Collins, that is so sorely needed.
I was also pleased to support the bill offered by Congressman Darrell Issa that updated the Federal Information Security Management Act, or FISMA, which will improve the framework for ensuring security for information technology systems that support the federal government. This is an excellent start, and in the last Congress I authored legislation very similar to Mr. Issa's that passed the House before dying in the Senate.
But in order for our government to have a well-coordinated response to cyber threats across federal agencies, I believe our legislative efforts must include providing the Executive Office of the President a central coordinating role over cyber activities that includes both policy and budgetary authority. Right
now I think that the problem is that we're now well coordinated enough, and we need something at the level of the director's position within the Executive Office of the President, similar to what we have with the Cyber Coordinator, Howard Schmidt who's at the White House right now. As a great a job as I think
Howard is doing, I think he really lacks the policy and budgetary authority he needs to effectively coordinate at the federal level.
Such an office is consistent with multiple policy recommendations made by the Obama Administration's 60-Day Cyberspace Policy Review, public-private sector working groups such as the CSIS Commission on Cybersecurity for the 44th Presidency, and the Government Accountability Office to remedy security
deficiencies throughout the federal government. It would also give the Congress much-needed oversight of cyber in the federal government. Mr. Issa and others on the relevant committees have pledged to work with me to address this need, and I will look forward to working with them in the months ahead.
Finally, but perhaps most relevantly, I was glad to support the Cybersecurity Enhancement Act with my colleague and fellow co-chair of the bipartisan Congressional Cybersecurity Caucus, Congressman Mike McCaul from Texas. This bill will strengthen coordination and cooperation among the various cyber
research and development efforts across the federal government. I am also pleased to highlight that this bill enhances programs that increase the size and skills of our nation's cybersecurity workforce.
While these three bills represent only the barest of beginnings compared to what needs to be done, they are nonetheless an important reminder of how far the debate on cybersecurity has come. Five years ago, I and many of you in this room seemed out in the wilderness as we tried to raise awareness about an issue that most had probably never even heard about. Now cybersecurity and the cyber debate are part of our daily policy conversations, and it's universally identified by the country's top security officials as one of the biggest threats to our national security. The discussion is not about if we must act, but how. We have made progress in protecting the nation in cyberspace, but we must
continue to build on this success.
I am optimistic that with the talent we are developing through our higher education system, in high tech industry, across government and particularly within the military community, we will stand ready to meet the challenges ahead. And as we continue to look for ways to strengthen our nation's security, this area offers a tremendous opportunity to create sustainable job growth opportunities.
As we continue these efforts, we must ensure that we reach the next generation. Our education system needs to inspire younger students and capture their talent and creativity. Strengthening the pipeline for cyber jobs will require engaging not only our nation's schools, but also our businesses, universities and other invested partners in a common goal. We must work to incorporate the perspectives of public and private partnerships and entities to build a competitive cyber workforce that meets our national security needs.
With Rhode Island partners in the room today, I have been proud to help launch a cyber program to foster computer security skills at the high school level. Run by the SANS Institute, the Cyber Foundations Competition features three timed tests given over a period of six weeks that measure aptitude in the three most important foundational skills of effective cybersecurity: networking, operating systems, and system administration.
We want to show the next generation that an interest in computers is not just a hobby -- it can become a career. The business, military, education and nonprofit sectors are also encouraged to get involved by volunteering as mentors, speaking at workshops or taking part in other outreach efforts. We are
currently seeking businesses that would be interested in offering summer internships to Cyber Foundations participants. If you are interested in getting involved, you can contact my office; we'd love to have the opportunity to get you involved in providing internships to some of these incredibly bright
I am proud that Rhode Island is taking the lead in a critical area of our security that also happens to represent a rapidly growing industry and will provide sustainable job creation in our state. I hope that our distinguished speakers will spark new ideas and partnerships for all of you, and I encourage you to
discuss these issues with your colleagues to find opportunities for collaboration.
Just as President Kennedy rallied the nation to win the space race by putting a man of the moon, we must rally to meet these new challenges facing our nation online. I know we have the talent all across this great country, and particularly in Rhode Island, to help get us there. I'm excited to get started, and
I'm thrilled that you all could be here today to help set the path forward for our cyber workforce.
Thank you all very much. Enjoy the conference.