|About This Site||Feedback|
Dr. J.P. (Jack) London
Executive Chairman and Chairman of the Board of CACI International Inc
Dr. J.P. (Jack) London's Cyber Threats Symposium Opening Remarks, 3/1/11
The following is a transcript of Dr. J.P. (Jack) London's opening remarks at the Cyber Threats to National Security symposium, "Keeping the Nation's Industrial Base Safe from Cyber Threats," on March 1, 2011 at the Carnegie Institution of Science.
"Good morning and welcome everyone. Thank you for joining us today.
A few notes up front. First, our symposia are held as a pro bono, educational, public service event. Second, my views here are mine alone and do not necessarily represent those of CACI or anyone else here today. Finally, today's proceedings are "unclassified." All of the dialogue is "off-the-record," and "not for attribution." That said, let's get started!
Three years ago, we began a symposium series to address how U.S. and global security had become defined by asymmetric threats and threat actors in dramatically new ways. Nuclear weapons in Iran and North Korea - Al Qaeda and other terror groups - even homegrown terrorism - just to name a few.
Last March, our series turned to another dramatically and relatively new topic - cybersecurity. That symposium looked at the threat of cyber attacks on our nation's supply chains. Today, we are focusing on the risks to our nation's industrial base - the critical infrastructure that keeps our country moving. So how vulnerable is our industrial base to cyber threats? Consider this scenario:
Cellular and landline telephones service are overloaded or unavailable. Television and radio stations are off the air or running on generators. The water supply in several cities may be contaminated. Interstate passenger and commuter rail service is shut down. Gas stations are unable to pump fuel, causing traffic and transportation problems. Scores of factories are forced to close. ATMs are not working. Disruptions to financial markets and hospitals are widespread.
This isn't a movie plot. All this actually happened when the power went out. In August 2003, a blackout brought life to a standstill for 55 million people in eight Northeastern states and parts of Canada. The cause was strained power lines and a previously unknown software flaw in an alarm system. The problem at one power company triggered a domino effect, forcing 100 power plants to shut down. In this case, the disruption to U.S. infrastructure was accidental. But what if the disruption had been intentional?
According to the Internet security firm McAfee, over half of the world's critical infrastructure organizations have reported being hit by large-scale cyber attacks or infiltrations. China and Russia are both known to routinely probe American industrial networks to find information and vulnerabilities to use as leverage in any future dispute.
Just last month, we learned that major energy companies were hit by a series of cyber attacks that started in November 2009. In an operation dubbed "Night Dragon," hackers (believed to be Chinese) were able to steal intellectual property and collect data from control systems of global energy and petrochemical companies.
Threats are not just cyber attacks. They also include cyber espionage and exploitation of system vulnerabilities. And on our third panel on insider threats, we'll hear how they are not limited to nation-states or hackers, either. We can recall how Wikileaks published a secret list of worldwide critical infrastructure sites in December of 2010.
These threats, however, can't match the sophistication or danger of the Stuxnet worm identified last year. Stuxnet is malware that infects control system networks and it's believed to have damaged as many as one-fifth of the nuclear centrifuges in Iran.
Protecting our nation's industrial base from cyber threats is already a national security priority. Cybersecurity is a major component of the National Infrastructure Protection Plan, developed by the Department of Homeland Security in 2009. Last September, the U.S. Department of Energy announced more than $30 million for ten projects on cybersecurity issues facing the nation's electric grid.
These initiatives, of course, are very important. However, they must be anchored by a dynamic, national, cybersecurity policy framework that directs all government agencies. And we are seeing great activity here. I suspect we might hear in our second panel about the much debated new legislation "Cyber Security and Internet Freedom Act" reintroduced last month and the "kill switch" idea that has erupted from it.
Cybersecurity policies must be careful to balance technology development and risk management. For example, cloud computing is a big trend, but it requires a higher level of protection to ensure data reliability and availability. This decentralized approach may put critical infrastructure at risk. These conflicts are sure to come up in our first panel.
By owning 85% of the nation's infrastructure, in today's cyber age the private sector is on the front line of our national security. Experts and leaders from government and industry agree that "public-private" partnerships must be part of any effective cyber security strategy. We already have the FBI's InfraGard program, which facilitates sharing of actionable intelligence on possible threats between law enforcement, academia, and the private sector.
As you can see, we have serious and pressing topics to discuss. But before we begin, I want to thank CACI's co-sponsors of today's symposium. First is our co-sponsor over the past three symposia, the U.S. Naval Institute, represented by CEO Tom Wilkerson. Thank you, Tom! This year, we also have a new partner, the Center for Security Policy, represented by CEO Frank Gaffney. Welcome, Frank! Both Tom and Frank join CACI's CEO Paul Cofoni as panel moderators today. And thank you for leading the discussions.
We also meet today in a new venue - the Carnegie Institution for Science. I want to thank them for hosting us in this historic building. And finally, I want to thank everyone at CACI, USNI and CSP who made our symposium today a reality.
Again, welcome, and have a most productive day! Thank you!