Introduction
Thank you Administrator Long for that kind introduction.
I’d like to start off by thanking Tom Donohue, Marc DeCourcey, and Carolyn Cowley for the invitation to speak at this year’s event. The discussions held at this conference each year help strengthen the critically important bridge between government and non-governmental organizations, and I’m grateful for the opportunity to spend some time with all of you today.
And thank you all for attending and for participating. It’s great to see a number of familiar faces in the room representing groups we have been working with since the creation of DHS, and just as exciting to see new faces, and to see new groups join these conversations.
This is my first time joining this event as DHS Secretary, but it is not my first time here. I participated in a panel four years ago and—at that time—I was on the “private” rather than the “public” side of these partnerships.
Throughout my career in the private and public sectors, I have spent a great deal of time focusing on building resilience and improving disaster preparedness, and I cannot overstate the importance of forging partnerships.
At DHS, we rely extensively on partnerships that span the incredibly diverse U.S. economic, infrastructure, academic, and NGO space. Our domestic and international collaboration provides critical support—and without it we would not be able to achieve our mission of securing the nation against all threats.
It’s a big task, and one that we can’t do alone. Whether it is responding to hurricanes, preventing cyberattacks, or heading off threats to public venues—we are stronger when we work together.
I have learned that—for the most part—everyone wants to help, and wants to build stronger, more resilient communities. But as always—the devil is in the details, and determining exactly how we can work together, and how these partnerships can grow and change is the challenge.
Roadmap
Today I’m glad to be able to talk to all of you about new initiatives at the Department, and share ways that your organizations can get involved, and contribute to a stronger and more resilient nation.
2017 Disasters
The past year has tested our nation like never before. We endured high-profile mass shootings at concert venues, churches, and schools…we saw wide-ranging and damaging attacks on our cyber infrastructure…and we faced an unprecedented series of natural disasters.
One after another, Hurricanes Harvey, Irma, and Maria, devastated the southern United States and territories, destroying homes, businesses, and communities. And as we were moving toward the end of hurricane season, we were sending resources westward—aiding those impacted by the series of wildfires.
According to the National Oceanic and Atmospheric Administration, last year was one of the costliest and most-damaging seasons for natural disasters in history, with the cumulative cost exceeding $300 billion.
In total, more than 46.9 million Americans—nearly 15% of the U.S. population—were affected by these storms and wildfires. Since Hurricane Harvey made landfall, FEMA has provided more than $5.7 billion to individuals and households affected by disasters, and more people were registered for assistance than Katrina, Sandy, Ike and Wilma combined.
Another indicator of an active season, the critical infrastructure impacts of the 2017 Atlantic hurricane season were significant and widespread. The electric grid in particular drew national attention, and it became increasingly clear just how critical that infrastructure is. I know Tom Fanning—who is co-chair of the Electricity Subsector Coordinating Council—is giving tomorrow’s keynote, and I’m sure he will share his valuable insight on the subject.
But it’s not just power—critical infrastructure includes all the key systems that underpin our national vitality, security and prosperity. It includes services such as water, transportation, health care, and communications. These are the systems that need to be back online as quickly as possible to enable effective response and help a community recover from a disaster, and we learned last year—we have room for improvement.
Last year we also saw two of the most costly and disruptive cyberattacks on record. First North Korea unleashed the WannaCry ransomware, then Russia’s NotPetya ransomware broke free of its intended targets in the Ukraine infecting governments and companies worldwide.
Estimates for the total financial impact of these events run into the billions, and we saw infrastructure failures as disruptions propagated around the globe. The UK’s National Health Service, pharmaceutical manufacturing, global shipping and businesses big and small were affected.
I want to emphasize that the combined efforts of the private and public sectors at every level were key to response and recovery efforts, and strengthening our relationships and enhancing our partnerships is imperative to preparing for those disasters still to come.
We cannot assume that 2017 was an aberration. As we look to the future—I hate to be the Debbie Downer in the room—but I don’t expect things to get any easier. We will continue to be challenged by mother nature, by nation state threats, by terrorism that has gone viral, and by new and emerging threats such as drones.
That is why the Department is leading the way with new initiatives—all focused around better public sector-private sector integration—designed to make us more prepared, more responsive and, ultimately, more resilient.
Catastrophic events stress our logistics, supply chains, communications and staffing capacities. Disasters require a response beyond what any one entity can handle. It requires all levels of government, non-profit organizations, private sector businesses, and individual communities to work together to prepare—and be ready to respond when disaster strikes.
Each of us make up only one part of the overall team, and we need to ensure that—come game day—each player is ready to go. I often say let‘s do what we do best and partner for the rest. That is why one of my top priorities is building a culture of preparedness.
So let me give you an example of tangible public-private sector integration.
Updating the National Response Framework
The National Response Framework has guided disaster operations across the Nation for over a decade. It is built around partnerships, those between Federal agencies, between Federal authorities and State, county and local governments, between government and industry, between communities and the American people.
It has been more than five years since it was fully revised, but the findings in our recently released after action report for the 2017 hurricane season led us to conclude that the NRF needs to be modernized.
Specifically, our after action found that the success of our partners during a catastrophic incident is decided before an incident even begins. We recognize that our coordination needs to be enhanced with, and within, the private sector.
For years we have worked within the bounds of the existing emergency support functions that cover areas such as transportation, communications, and energy. But as our infrastructure has grown increasingly interdependent, our structures have not evolved to meet our current need to coordinate across sectors and across the government to respond to disruptions in our essential infrastructure systems and their functions.
So, as part of the process to update our response framework and plans, we will create a new cross sector coordination emergency support function—ESF 14—to improve our unity of effort around the rapid stabilization of lifelines such as power, communications, health and medical, food and water, wastewater, and transportation.
The revision will cement in doctrine and practice the public-private sector partnership that is essential to stabilization and unity of effort, and bring new capacity to whole community response operations. This ESF will go beyond the current, and over decade old, protection and response doctrine, and make operational tenets of private industry engagement and infrastructure protection within the emergency management field.
Updating the NRF will require the creativity, energy and expertise of the people in this room, across governments and across the country. We do not have the luxury of time in its development as we are already in the middle of the 2018 hurricane season. But I am sure this community can rise to the occasion, so I urge you to get involved and contribute to this important work.
Closing the Insurance Gap
Let me give you a tangible example of how we are working towards and encouraging a culture of preparedness, which is essential to creating a strong, resilient Nation. A key element to fostering this culture is closing the insurance gap, or the difference between what is currently insured and what is insurable.
There is no more important or valuable disaster recovery tool than insurance, and we need to dramatically increase coverage to close the gap. Experience has shown repeatedly that individuals, communities and businesses that manage risk through insurance recover faster and more fully after a disaster.
One study by a large reinsurance company pegged annual expected uninsured losses from natural disasters at more than $30 billion, which means that of the total estimated natural disaster losses in the U.S., more than half are uninsured.
This of course includes flood insurance and we are working to double those covered from $5 to $10 million by 2022. I will talk a bit more about the National Flood Insurance Program in a moment, but it’s not just flood insurance. All types of insurance have a role to play in reducing financial risk for individuals, communities, and federal taxpayers.
I visited California to talk to survivors of last year’s devastating wildfires. They had heartbreaking stories of fleeing their homes as the fast moving fires moved in, and losing everything they could not carry. These losses were often compounded when told that their homeowner’s insurance was insufficient to rebuild their home.
Their underinsurance now becomes a community challenge as plots go undeveloped, robbing communities of its citizens and its tax base.
FEMA programs were never intended to supplant homeowners’ insurance policies. FEMA’s disaster payment to individuals and households is on average a few thousand dollars. This is far short of what most homeowners would need to rebuild, yet few individuals understand the limited scope of FEMA’s individual assistance programs.
Our goal instead is to help transfer risks to private insurance and reinsurance markets, through public education and innovative programs. We must use every tool, at every level, to shift this paradigm. This includes how we communicate about risk. What we’re doing today is not working sufficient.
We need to make the case that individuals and organizations can’t afford to go without insurance. It’s also important to note that the greatest contributor to individual resilience is financial security – so the faster we can assist or facilitate the conditions for commerce right after a disaster – that’s helping you and it’s also helping enable the greatest form of disaster assistance – a job earning income.
This is another area where close partnership between the government and private sector is vital, both in creating the conditions where private insurance markets can thrive, and in ensuring that individuals, business and communities have the insurance they need for the risks they face.
Before I move on, I would be remiss if I didn’t mention the importance of the National Flood Insurance Program or NFIP, whose authorization expires midnight next Tuesday. This is a critical program, and a lapse in its authorization could pose serious consequences for individuals, families, business and local communities. The Department urges Congress to act on legislation to reauthorize the program, and, as they do, we ask that they consider badly needed reforms, strongly supported by the Administration, that are essential to the long-term viability of the program.
National Risk Management Initiative
Insurance is an important tool in managing financial risk, but at the Federal-level we must use a much broader lens when evaluating and managing the risks facing our country. And no place is that more challenging and urgent than in addressing the Nation’s cybersecurity risks.
Across industry and government, increased connectivity has led to enormous efficiencies, but the resulting interdependencies have also made us more dependent on vulnerable systems and provides opportunities for our adversaries, who have the intent and capability to threaten us.
When we released our Cybersecurity Strategy in May, we focused it around a risk management framework. From identifying risks to reducing vulnerabilities to mitigating consequences, we want to speak the same language as our private sector partners.
This was by design. We all agree no one person, company, industry, or government can solve this problem alone. No one entity has all of the authorities, capabilities and capacity to address it. We must work together.
Next week the Department is hosting a Cyber Summit in New York, bringing together government, industry and academia to collectively identify ways we can work together to manage our cyber risks.
At that time we will officially launch a National Risk Management Initiative designed to create a focal point for integrated industry-government, cross-sector efforts to assess risk, develop plans to mitigate risk, and coordinate operational efforts to manage risk.
One of the early efforts of this initiative will be to identify cross-cutting critical national functions—ones that may not be obvious by using our legacy sector by sector approaches. These critical national functions will help us prioritize our risk management activities whether that is protection, preparedness and mitigation before an incident, or response and recovery after one.
We will soon be releasing more information on this initiative, but again I want to encourage you to participate. DHS created this initiative based on feedback from the private sector, and it is designed to respond to your needs, but it requires your engagement, your knowledge and your passion.
I also wanted to thank the Chamber and a growing list of other associations for the support you are providing for our efforts to rename and reorganize the National Protection and Programs Directorate. Creating the Cybersecurity and Infrastructure Security Agency is one of my top legislative priorities, and standing CISA up is essential to advancing the department’s infrastructure security and resilience mission. So thank you.
Call to Action
But there’s still more that can be done, by all of us. I encourage all of you to increase your involvement in preparedness, response, and recovery efforts for all hazards.
Download the FEMA app, take lifesaving training, develop continuity and care plans for employees and customers. Look for volunteers or donation opportunities.
The private sector is not on the sidelines—it is a critical part of the team. Let us know more about your unique needs, unique risks and unique operating environments so that we can better support and partner.
It’s no secret that things in Washington don’t move quickly, and we rely on the innovation, tools, and resources that those of you in this room can provide.
Over the next two days, I hope you will engage in the conversations about how to be more involved and lead in this area.
When a disaster strikes, time is our most valuable resource. It is important to have these conversations today, so we will be ready tomorrow.
Closing
Once again, I would like to thank the U.S. Chamber of Commerce for the invitation to spend some time with all of you today.
I look forward to continued partnership and collaboration in the months and years ahead.
With that, I am happy to answer your questions.