We have established the U.S. Cyber Command to operate and defend our networks. We have begun discussions with our allies on implementing shared cyber defenses. And we are in the final stages of review of a comprehensive cyber strategy, called Cyber 3.0.
Second, we have equipped our networks with active defenses. It is not adequate to rely on passive defenses that employ only after-the-fact detection and notification. We have developed and now employ a more dynamic approach to cyber defense. Active defenses operate at network speed, using sensors, software, and signatures derived from intelligence to detect and stop malicious code before it succeeds.
Fourth, we are building collective defenses with our allies. Just as our air defenses are linked to those of our allies to provide warning of aerial attack, so too can we cooperatively monitor our computer networks for cyber intrusions.
The fifth pillar of our strategy is to marshal our country’s vast technological and human resources to ensure the United States retains its preeminent capabilities in cyberspace, as it does in other domains. I want to spend the remainder of my time discussing this aspect of the strategy and its implications for private industry.
Cyber 3.0 is an important milestone for our Department. But even if we execute it flawlessly, the fact is that the government cannot protect our nation alone.
Cyber defense is not a military mission, like defending our airspace, where the sole responsibility lies with the military. The overwhelming percentage of our nation’s critical infrastructure—including the internet itself—is largely in private hands. It is going to take a public-private partnership to secure our networks.