WEBVTT

00:00:01.349 --> 00:00:06.228
Good morning. I am Alejandro Mayorkas,
Secretary of Homeland Security. It is

00:00:06.255 --> 00:00:10.517
an honor to be here with you today.
Thank you, Professor, for the kind

00:00:10.517 --> 00:00:15.070
introduction. I am thankful that
Hampton University, a historically

00:00:15.070 --> 00:00:20.888
Black university and recognized Center
of Excellence in cybersecurity, has

00:00:20.888 --> 00:00:24.568
joined us for today’s event. My
thanks to the RSA Conference and the

00:00:24.568 --> 00:00:30.787
Girl Scouts as well, for partnering
with us today. I want to especially

00:00:30.908 --> 00:00:34.925
commend the Girl Scouts for its program
in awarding cybersecurity badges to

00:00:34.925 --> 00:00:39.238
girls and young women. The program
speaks proudly and strongly to our

00:00:39.238 --> 00:00:44.906
future of greater cybersecurity. It
also speaks more profoundly of a better

00:00:44.906 --> 00:00:50.076
future altogether. Today is the last
day of women’s history month, and the

00:00:50.292 --> 00:00:54.323
words of the Girl Scouts’ then-CEO,
the architect of the cyber badge

00:00:54.523 --> 00:01:00.121
program, speak especially powerfully
now and about the subject of our event:

00:01:00.337 --> 00:01:05.451
“We don’t lead through fear. We are
raising girls to be courageous,

00:01:05.651 --> 00:01:10.248
confident people. We’re giving them
the skills to be fearless.”

00:01:12.043 --> 00:01:16.036
Partnering with the Girl Scouts, RSA
Conference, and Hampton University is

00:01:16.036 --> 00:01:21.486
exactly the type of alliance we need to
achieve cybersecurity resilience.

00:01:21.736 --> 00:01:25.121
Before I share with you my vision for
the Department’s cybersecurity work

00:01:25.233 --> 00:01:31.513
moving forward, allow me to share
several hard truths. First, the

00:01:31.813 --> 00:01:35.618
government does not have the capacity
to achieve our nation’s cyber

00:01:35.618 --> 00:01:39.707
resilience alone. So much of our
critical infrastructure is in the

00:01:39.707 --> 00:01:44.812
private sector’s hands. We need to
work with the private sector to protect

00:01:45.011 --> 00:01:49.315
the interests of the American people
and the services on which we rely. We

00:01:49.315 --> 00:01:54.708
need organizations like the Girl Scouts
and Hampton University to inspire and

00:01:54.939 --> 00:02:00.070
mobilize the next generation of diverse
talent to help us tackle what remains a

00:02:00.287 --> 00:02:06.187
monumental challenge. Second, our
government got hacked last year and we

00:02:06.187 --> 00:02:09.611
didn’t know about it for months. It
wasn’t until one of the world’s

00:02:09.611 --> 00:02:14.728
best cybersecurity companies got hacked
itself and alerted the government, that

00:02:14.895 --> 00:02:19.242
we found out. This incident is one of
many that underscores a need for the

00:02:19.409 --> 00:02:23.707
federal government to modernize
cybersecurity defenses and deepen our

00:02:23.914 --> 00:02:28.787
partnerships. Third, the government
seeks to speak with one voice but too

00:02:28.974 --> 00:02:32.908
often we speak through different
channels, which can confuse and

00:02:33.108 --> 00:02:39.014
distract those who need to act on our
information and act fast. We must

00:02:39.214 --> 00:02:43.762
confront these realities to develop a
vision that allows us to overcome the

00:02:43.945 --> 00:02:50.342
challenges and improve our cyber
resilience. Allow me to outline the

00:02:50.525 --> 00:02:54.367
principles that will guide our work in
this area moving forward, my vision for

00:02:54.516 --> 00:02:58.164
the Department as we work to realize
the Biden-Harris Administration’s

00:02:58.388 --> 00:03:04.595
cybersecurity strategy, and the road
map for how we plan to operationalize

00:03:04.761 --> 00:03:09.759
it. Five principles are foundational
for how we think about our work. To

00:03:09.909 --> 00:03:15.090
start, we cannot ignore the broader
geopolitical context and democratic

00:03:15.256 --> 00:03:20.653
backsliding that is happening around
the world. Far too often, cybersecurity

00:03:20.820 --> 00:03:27.000
is used as a pretext to infringe on
civil liberties and human rights. Make

00:03:27.031 --> 00:03:32.256
no mistake: a free and secure
cyberspace is possible, and we will

00:03:32.256 --> 00:03:37.913
champion this vision with our words and
our actions. At the end of the day,

00:03:37.913 --> 00:03:43.127
cybersecurity is about people. It is
about protecting our way of life and

00:03:43.327 --> 00:03:49.441
protecting what we hold dear. Second,
we must fundamentally shift our mindset

00:03:49.624 --> 00:03:55.038
and acknowledge that defense must go
hand in hand with resilience. Bold and

00:03:55.238 --> 00:03:59.403
immediate innovations, wide-scale
investments, and raising the bar of

00:03:59.569 --> 00:04:04.501
essential cyber hygiene are urgently
needed to improve our cyber defenses.

00:04:04.670 --> 00:04:08.915
We need to prioritize investments
inside and outside of government

00:04:09.115 --> 00:04:15.695
accordingly. At the same time, I
promised hard truths and one hard truth

00:04:15.928 --> 00:04:19.708
is that no one is immune from cyber
attacks, including the federal

00:04:19.876 --> 00:04:24.856
government or our most advanced
technology companies. While one can

00:04:25.024 --> 00:04:29.871
reduce the frequency of incidents
through modernized defenses, ultimately

00:04:30.072 --> 00:04:34.785
it is not a question of if you get
hacked, but rather when. We must

00:04:35.002 --> 00:04:42.547
therefore also bolster our capacity to
respond when incidents do happen. To

00:04:42.682 --> 00:04:45.729
advance the federal government’s
ability to prevent and respond to cyber

00:04:45.946 --> 00:04:50.594
incidents, the Administration is
working on nearly a dozen actions for

00:04:50.826 --> 00:04:55.758
an upcoming Executive Order. More
details will of course be shared soon.

00:04:55.942 --> 00:04:59.357
The U.S. government will improve in the
areas of detection, information

00:04:59.523 --> 00:05:03.838
sharing, modernizing federal
cybersecurity, federal procurement, and

00:05:04.054 --> 00:05:09.185
federal incident response. The federal
government must lead by example at a

00:05:09.368 --> 00:05:14.549
time when the stakes are so high.
Pursuing cyber resilience requires a

00:05:14.740 --> 00:05:20.362
third principle, namely a focus on a
risk-based approach. Determining what

00:05:20.578 --> 00:05:25.694
risks to prioritize and how to allocate
limited resources is crucial to

00:05:26.009 --> 00:05:30.740
maximizing the government’s impact. A
fact-based framework needs to guide the

00:05:30.940 --> 00:05:35.721
assessment of risk at home and abroad.
Relatedly, addressing the most

00:05:35.871 --> 00:05:39.769
important risks is a shared
responsibility. We must strengthen

00:05:39.952 --> 00:05:44.600
collaboration between the private
sector and government to generate the

00:05:44.783 --> 00:05:50.780
insights necessary to detect malicious
cyber actors. If actionable, timely,

00:05:50.980 --> 00:05:55.728
and bidirectional information is not
distributed quickly, malicious cyber

00:05:55.925 --> 00:06:01.392
actors will gain the advantage of more
time to burrow into systems and inflict

00:06:01.575 --> 00:06:07.838
damage. The final principle is to
integrate diversity, equity, and

00:06:08.005 --> 00:06:13.867
inclusion – or DEI, as it is commonly known – throughout every aspect of our work.

00:06:13.867 --> 00:06:19.100
Developing sound public policy requires diverse perspectives from communities that

00:06:19.100 --> 00:06:24.216
represent America. It requires the
recruitment, development, and retention

00:06:24.432 --> 00:06:30.116
of diverse talent. It requires equal
access to professional development

00:06:30.280 --> 00:06:34.943
opportunities to fill the current half
million cyber vacancies across our

00:06:35.115 --> 00:06:39.592
country and to prevent future shortages
that threaten our ability to compete.

00:06:41.712 --> 00:06:45.809
These five principles are the
foundation of my vision. At its center

00:06:45.809 --> 00:06:50.592
is the Department’s Cybersecurity and
Infrastructure Security Agency, or

00:06:50.891 --> 00:06:55.272
CISA, as it is commonly known.
President Biden has made cybersecurity

00:06:55.473 --> 00:07:00.220
a top priority for his administration.
We have elevated cybersecurity with the

00:07:00.419 --> 00:07:06.018
first ever Deputy National Security
Advisor for Cyber, Anne Neuberger. That

00:07:06.200 --> 00:07:10.881
role was filled on Day One of this
Administration. In just the first two

00:07:11.081 --> 00:07:15.329
months, the Administration has made
significant strides in remediating the

00:07:15.513 --> 00:07:20.494
impact of the SolarWinds and Microsoft
Exchange incidents, and we continue to

00:07:20.676 --> 00:07:24.974
work urgently to make the investments
necessary to effectively defend the

00:07:25.158 --> 00:07:30.005
Nation against malicious cyber
activity. Deputy National Security

00:07:30.171 --> 00:07:34.536
Advisor Neuberger is coordinating a
whole-of-government response to build

00:07:34.719 --> 00:07:40.557
back better and modernize our cyber
defenses. We are working closely with

00:07:40.750 --> 00:07:46.447
Congress and the private sector to get
this done. We know that CISA is

00:07:46.632 --> 00:07:51.611
integral to this objective. As some
have said, the government needs a

00:07:51.778 --> 00:07:58.524
quarterback on its cybersecurity team.
CISA is that quarterback. Created less

00:07:58.692 --> 00:08:02.955
than three years ago as the country’s
national cyber defense center, CISA has

00:08:03.139 --> 00:08:07.953
already proven its immense value. Last
year, CISA protected the integrity of

00:08:08.103 --> 00:08:12.167
the 2020 election against foreign
interference. The agency has also

00:08:12.384 --> 00:08:18.319
become the Nation’s risk advisor and
is responsible for much more. Among my

00:08:18.547 --> 00:08:22.985
top priorities as Secretary is to
strengthen CISA to execute its mission.

00:08:23.519 --> 00:08:28.624
I am specifically and particularly
grateful to Congress for further

00:08:28.807 --> 00:08:33.272
empowering CISA in recent months by
providing it with additional

00:08:33.505 --> 00:08:39.635
authorities and resources. CISA, as the
Nation’s cyber quarterback, is well

00:08:39.836 --> 00:08:44.967
positioned to address the hard truths I
outlined earlier. The new authorities

00:08:45.149 --> 00:08:50.234
Congress provided to CISA will enable
it to proactively hunt for intruders on

00:08:50.413 --> 00:08:53.995
civilian federal government networks,
shortening the amount of time they

00:08:54.162 --> 00:08:59.943
remain undetected. Once detected, CISA
will continue to take action and work

00:09:00.142 --> 00:09:05.505
with civilian federal agencies to
minimize risk. CISA is also expanding

00:09:05.672 --> 00:09:10.663
its ability to offer shared services
based on security-by-design for these

00:09:10.719 --> 00:09:17.134
agencies. This will raise the bar and
make it harder for malicious hackers to

00:09:17.317 --> 00:09:22.898
gain access in the first instance. CISA
is the private sector’s most trusted

00:09:23.064 --> 00:09:27.429
interlocutor and is clearly best
positioned to be the tip of the spear

00:09:27.662 --> 00:09:32.210
and the front door for the U.S.
government’s engagement with industry

00:09:32.376 --> 00:09:38.223
on cybersecurity. We will therefore
soon launch an awareness campaign to

00:09:38.406 --> 00:09:43.380
ensure private companies – both large
and small – know of the resources and

00:09:43.471 --> 00:09:47.901
services CISA has to offer. We also
plan to launch an expanded

00:09:48.134 --> 00:09:52.615
cybersecurity grant program to
facilitate and support the adoption of

00:09:52.832 --> 00:09:57.729
those services. With its strong and
deep network of partnerships, CISA is

00:09:57.930 --> 00:10:02.078
the ideal nexus for the government to
mobilize action and advance cyber

00:10:02.294 --> 00:10:08.046
resilience across all sectors and at
every level of government. CISA’s

00:10:08.218 --> 00:10:13.494
role in leading national efforts to
secure the 2020 election illustrates

00:10:13.659 --> 00:10:18.274
what we can accomplish through strong
partnerships, a clear vision, and an

00:10:18.458 --> 00:10:24.655
appropriate sense of urgency. Looking
ahead, expanding CISA’s footprint

00:10:24.821 --> 00:10:30.058
across the country will be critical to
institutionalize and maximize its

00:10:30.184 --> 00:10:35.348
network of partnerships. CISA is
already moving ahead with placing State

00:10:35.531 --> 00:10:41.944
Cybersecurity Coordinators across the
country, deepening its longstanding

00:10:42.059 --> 00:10:46.440
relationships from coast to coast. The
Department is also working on a

00:10:46.249 --> 00:10:51.580
proposal for a Cyber Response and
Recovery Fund that will further augment

00:10:51.242 --> 00:10:56.322
CISA’s ability to provide assistance
to state, local, tribal, and

00:10:56.522 --> 00:11:01.319
territorial governments. Of course, we
know that even the best quarterback

00:11:01.504 --> 00:11:05.684
can’t win a game alone. CISA fulfills
its lead role for national cyber

00:11:05.885 --> 00:11:10.827
resilience in collaboration with other
agencies at every level of government.

00:11:10.827 --> 00:11:15.391
This includes federal law enforcement
agencies who bring cyber criminals to

00:11:15.589 --> 00:11:20.560
justice, our Intelligence Community,
which focuses on better understanding

00:11:20.256 --> 00:11:25.820
how our cyber adversaries intend to
compromise American networks, and other

00:11:26.220 --> 00:11:31.633
agencies with the capability to impose
costs on malicious cyber actors. This

00:11:31.800 --> 00:11:36.198
includes the National Cyber Director
– a newly created Senate-confirmed

00:11:36.381 --> 00:11:40.578
position that our Administration is
committed to position for success.

00:11:42.940 --> 00:11:46.475
Beyond CISA, the Department has other
unique capabilities it brings to bear

00:11:46.475 --> 00:11:50.718
to better protect the nation against
cyber threats. The U.S. Coast Guard,

00:11:50.742 --> 00:11:55.348
which is also part of DHS, plays a
critical role in increasing the cyber

00:11:55.348 --> 00:11:59.545
resilience of the maritime
transportation system through which 90

00:11:59.545 --> 00:12:06.792
percent of U.S. imports and exports –
worth $5.4 trillion – pass through.

00:12:07.688 --> 00:12:11.553
The Department will continue to
implement the National Maritime

00:12:11.703 --> 00:12:15.705
Cybersecurity Plan released by the
previous administration to enable the

00:12:15.922 --> 00:12:21.202
Coast Guard’s important work in this
area. The Department will also empower

00:12:21.202 --> 00:12:25.200
the Transportation Security
Administration to increase the cyber

00:12:25.200 --> 00:12:30.114
resilience of other transportation
systems – from rail to pipelines –

00:12:30.114 --> 00:12:35.645
that fuel so much of our economy. Last
and certainly not least, the Department

00:12:35.645 --> 00:12:39.776
will continue to ensure the United
States Secret Service and ICE’s

00:12:39.776 --> 00:12:45.307
Homeland Security Investigations remain
well positioned to combat 21st century

00:12:45.307 --> 00:12:52.237
crimes. Let me be clear: the numbers
are staggering. According to the FBI,

00:12:52.237 --> 00:12:58.450
the reported losses tied to cybercrime
exceeded $4.1 billion last year alone.

00:12:59.383 --> 00:13:04.280
The Secret Service arrested more than
1,000 people for cyber-financial crimes

00:13:04.280 --> 00:13:10.261
and prevented over $2 billion in
potential fraud losses. These numbers

00:13:10.261 --> 00:13:15.580
highlight that cybersecurity is not
some abstract concept or a threat

00:13:15.580 --> 00:13:19.590
limited to the government or critical
infrastructure. Hackers target American

00:13:19.590 --> 00:13:25.170
citizens directly every day and impact
their lives at a time when we have

00:13:25.170 --> 00:13:31.100
experienced unprecedented hardships.
Communities of color across the country

00:13:31.100 --> 00:13:35.815
are disproportionately impacted through
this activity. Many of these crimes are

00:13:35.815 --> 00:13:40.413
transnational in nature and require
international cooperation to address.

00:13:41.695 --> 00:13:45.694
Fighting cybercrime more effectively
therefore also reflects the

00:13:45.694 --> 00:13:50.425
Biden-Harris administration’s
commitment to a foreign policy for all

00:13:50.425 --> 00:13:55.902
Americans. We must align our foreign
policy priorities and international

00:13:55.902 --> 00:14:02.385
partnerships accordingly. Finally, and
this applies to everything I have said

00:14:02.461 --> 00:14:09.344
so far: DHS must lead by example. We
must have our own house in order before

00:14:09.344 --> 00:14:13.708
we can expect others to heed our
advice. We must model what effective

00:14:13.708 --> 00:14:19.361
partnerships look like. We must ensure
our own workforce is reflective of the

00:14:19.361 --> 00:14:27.169
communities we serve. So, how will we
move from vision to action? We will

00:14:27.169 --> 00:14:32.349
proceed along two tracks. First, I am
announcing today a series of 60-day

00:14:32.349 --> 00:14:37.013
“sprints,” each focused on the most
important and most urgent priorities

00:14:37.013 --> 00:14:42.395
needed to achieve our goals. Second, we
will focus on four medium-term

00:14:42.395 --> 00:14:46.491
priorities that will receive my
sustained attention over the longer

00:14:46.491 --> 00:14:51.623
term. The series of sprints will
mobilize action by elevating existing

00:14:51.623 --> 00:14:56.253
efforts, removing roadblocks, and
launching new initiatives where

00:14:56.253 --> 00:15:01.951
necessary. Each sprint has a dedicated
action plan to drive action within the

00:15:01.951 --> 00:15:06.532
Department and energize our engagement
with partners in the private and public

00:15:06.532 --> 00:15:12.145
sectors, both domestically and
internationally. The first sprint will

00:15:12.145 --> 00:15:16.393
focus on the fight against ransomware,
a particularly egregious type of

00:15:16.393 --> 00:15:21.091
malicious cyber activity that usually
does not discriminate whom it targets.

00:15:22.090 --> 00:15:26.688
It is malicious code that infects and
paralyzes computer systems until a

00:15:26.688 --> 00:15:32.861
ransom has been paid. Individuals,
companies, schools, even hospitals and

00:15:32.861 --> 00:15:39.233
other critical infrastructure have been
among the victims. Let me be clear here

00:15:39.233 --> 00:15:45.679
as well: ransomware now poses a
national security threat. Last fall,

00:15:45.679 --> 00:15:49.627
CISA and its government partners issued
a joint alert warning of increased

00:15:49.627 --> 00:15:53.675
ransomware attacks that could paralyze
hospitals and other health care

00:15:53.675 --> 00:15:59.072
facilities. There are actors out there
who maliciously use ransomware during

00:15:59.072 --> 00:16:04.803
an unprecedented and ongoing global
pandemic, disrupting hospitals as

00:16:04.803 --> 00:16:11.043
hundreds of thousands die. This should
shock everyone’s conscience. Those

00:16:11.043 --> 00:16:14.859
behind these malicious activities
should be held accountable for their

00:16:14.859 --> 00:16:19.356
actions. That includes governments that
do not use the full extent of their

00:16:19.356 --> 00:16:24.839
authority to stop the culprits. We must
condemn them for it and remind them

00:16:24.839 --> 00:16:29.869
that any responsible government must
take steps to prevent or stop such

00:16:29.869 --> 00:16:34.915
activity. We will do everything we can
to prevent and respond to these

00:16:34.915 --> 00:16:42.068
horrendous attacks, and we call on others
around the world to do the same. In the

00:16:42.068 --> 00:16:45.778
coming weeks, the Department will step
up our efforts to tackle ransomware on

00:16:45.778 --> 00:16:50.930
both ends of the equation. With respect
to preventing ransomware incidents, we

00:16:51.114 --> 00:16:54.846
will take action to minimize the risk
of becoming a victim in the first

00:16:54.846 --> 00:16:59.710
place. We will launch an awareness
campaign and engage with industry and

00:16:59.710 --> 00:17:03.791
key partners, like insurance companies.
With respect to responding to

00:17:03.791 --> 00:17:08.772
ransomware attacks, we will strengthen
our capabilities to disrupt those who

00:17:08.772 --> 00:17:15.035
launch them and the marketplaces that
enable them. Closely related to this

00:17:15.035 --> 00:17:19.301
first sprint, is the second sprint
focusing on the cybersecurity

00:17:19.301 --> 00:17:23.265
workforce. We cannot tackle ransomware
and the broader cybersecurity

00:17:23.265 --> 00:17:27.246
challenges without talented and
dedicated people who can help protect

00:17:27.246 --> 00:17:33.416
our schools, hospitals, critical
infrastructure, and communities. During

00:17:33.416 --> 00:17:37.507
the workforce sprint, which we will
launch next month, we will focus on

00:17:37.507 --> 00:17:42.472
several elements. Front and center is
support for our current workforce, who

00:17:42.472 --> 00:17:47.019
have done a heroic job protecting the
election and now responding to two

00:17:47.019 --> 00:17:52.400
major incidents. In addition, we will
set an example and launch a DHS Honors

00:17:52.400 --> 00:17:57.864
Program with an initial focus on
cybersecurity. We will also start

00:17:57.864 --> 00:18:05.593
publishing DHS’s DEI data and step up
our internal DEI strategy to ensure we

00:18:05.593 --> 00:18:10.408
are attracting, developing, and
retaining the best diverse talent.

00:18:11.907 --> 00:18:17.271
Beyond DHS, we will champion DEI across
the cyber workforce of the entire

00:18:17.271 --> 00:18:21.919
federal government. To this end, I am
excited that we are partnering with the

00:18:21.919 --> 00:18:25.950
Girl Scouts today and exploring
additional opportunities for us to

00:18:25.950 --> 00:18:30.598
collaborate in the future. To further
help inspire the next generation of

00:18:30.598 --> 00:18:35.845
diverse cyber talent, we will also
expand our cybersecurity education and

00:18:35.845 --> 00:18:42.442
training program that has reached over
25,000 teachers so far. Later this

00:18:42.442 --> 00:18:47.673
summer, we will launch our third sprint
focused on mobilizing action to improve

00:18:47.673 --> 00:18:53.653
the resilience of industrial control
systems. The cybersecurity incident at

00:18:53.653 --> 00:18:58.983
the water treatment facility in Florida
last month was a powerful reminder of

00:18:58.983 --> 00:19:03.898
the substantial risks we need to
address. The last three sprints for the

00:19:03.898 --> 00:19:07.979
coming year will focus on better
protecting our transportation systems,

00:19:07.979 --> 00:19:11.677
safeguarding election security, and
advancing international

00:19:11.677 --> 00:19:16.041
capacity-building. While the series of
sprints will drive action over the

00:19:16.041 --> 00:19:20.073
coming year, we will also focus on
several medium- to long-term priorities

00:19:20.073 --> 00:19:26.570
that will have my sustained personal
attention. First, we need to cement the

00:19:26.570 --> 00:19:29.862
resilience of our democratic
infrastructures. We have made great

00:19:29.862 --> 00:19:33.523
progress to protect the integrity of
elections, which we will need to

00:19:33.740 --> 00:19:38.038
continue to safeguard in the years to
come. We must also improve the

00:19:38.221 --> 00:19:43.668
resilience of the other infrastructure
our democracy depends upon. Several

00:19:43.668 --> 00:19:48.765
high-profile attacks against our allies
and partners are warning signs that we

00:19:48.765 --> 00:19:52.980
must focus on securing all our
democratic institutions, including

00:19:52.980 --> 00:19:58.411
those outside of the executive branch.
Second, following last year’s supply

00:19:58.411 --> 00:20:03.376
chain compromise targeting the federal
government, we must build back better.

00:20:03.541 --> 00:20:07.689
This cannot be done in a sprint, as it
will take months or even years to fully

00:20:07.689 --> 00:20:12.321
implement. We are grateful to Congress
for the support provided to CISA

00:20:12.321 --> 00:20:16.502
through the American Rescue Plan, which
is a down payment to address this

00:20:16.502 --> 00:20:21.882
urgent challenge. Third, the
exploitation of SolarWinds highlighted

00:20:21.882 --> 00:20:26.347
that we need to think about supply
chain risks holistically. While some

00:20:26.347 --> 00:20:29.428
risks are clearly associated with
certain foreign companies and

00:20:29.428 --> 00:20:33.709
governments, we need a risk-based
approach to ensure we address all

00:20:33.709 --> 00:20:40.673
systemic supply chain risks. Bearing in
mind that 100% cybersecurity is just

00:20:40.673 --> 00:20:45.854
not possible, this includes considering
zero trust architectures where needed

00:20:45.854 --> 00:20:51.502
to reach the level of resilience
required. Finally, we must ensure that

00:20:51.502 --> 00:20:55.815
our work is not driven only by the
crisis of the day. We must get ahead of

00:20:55.815 --> 00:21:00.652
the curve and think long term. It is
imperative to dedicate senior

00:21:00.652 --> 00:21:07.859
leadership attention to strategic,
on-the-horizon issues. For example, the

00:21:07.859 --> 00:21:12.457
transition to post-quantum encryption
algorithms is as much dependent on the

00:21:12.457 --> 00:21:17.889
development of such algorithms as it is
on their adoption. While the former is already

00:21:17.889 --> 00:21:25.148
ongoing, planning for the latter remains in its infancy. We must prepare for it now to protect

00:21:25.162 --> 00:21:32.666
the confidentiality of data that already exists today and remains sensitive in the future.

00:21:33.718 --> 00:21:39.149
This is a priority and DHS will start developing a plan for how it can help facilitate

00:21:39.149 --> 00:21:44.463
this transition. Considering the scale, implementation will be driven by the private

00:21:44.463 --> 00:21:50.187
sector, but the government can help ensure the transition will occur equitably, and

00:21:50.187 --> 00:21:56.865
that nobody will be left behind. For
too long, cybersecurity has been seen

00:21:56.865 --> 00:22:02.055
as a technical challenge couched in
bureaucratic terms. But cybersecurity

00:22:02.094 --> 00:22:07.303
is not about protecting an abstract
“cyberspace.” Cybersecurity is

00:22:07.303 --> 00:22:12.667
about protecting the American people
and the services and infrastructure on

00:22:12.667 --> 00:22:18.747
which we rely. With over $4 billion in
cybercrime losses reported to the U.S.

00:22:18.747 --> 00:22:23.478
government last year alone, it affects
the wallets of Americans across the

00:22:23.478 --> 00:22:28.475
country, often the most vulnerable:
elderly and unemployed individuals

00:22:28.475 --> 00:22:33.089
reliant on government assistance,
communities of color, and American

00:22:33.089 --> 00:22:37.954
families. And as we have seen with the
wave of ransomware attacks and

00:22:37.954 --> 00:22:41.602
intrusions into critical
infrastructure, cyber threats are

00:22:41.602 --> 00:22:47.799
coming dangerously close to threatening
our lives. We need to be clear-eyed

00:22:47.799 --> 00:22:53.546
that this is also about protecting
democracy, at home and abroad. For this

00:22:53.546 --> 00:22:58.744
reason, today’s event is designed to
outline a vision and to provide a road

00:22:58.744 --> 00:23:03.974
map. I could not imagine a more ideal
group of partners to launch this call

00:23:03.974 --> 00:23:09.442
for action than the RSA Conference,
Hampton University, and the Girl

00:23:09.442 --> 00:23:14.704
Scouts. I look forward to what we all
can accomplish together in the months

00:23:14.704 --> 00:23:16.909
to come. Thank you so much.