ASIS 2012: Napolitano calls on industry to spend more on cyber preparedness

DHS Secretary Janet Napolitano

When DHS Secretary Janet Napolitano received the 2012 CSO Roundtable’s “Leadership and Security Award” and addressed a luncheon crowd at the ASIS show in Philadelphia on September 10, the not-so-subtle message she seemed to deliver was this: I’m telling you the cyber-threat is real, so start spending the cold, hard cash that is necessary to protect your company’s computer networks now, and don’t come crying to me after the nation is attacked.

Of course, a Cabinet member can never be quite so blunt, so Napolitano couched her message in warm-and-fuzzy bureaucratic niceties, but her conclusion was inescapable. The threat of a crippling cyber-attack, she told her audience, “is the most active, the most dynamic and, potentially, the most threatening risk we face today.”

Because private industry owns and operates the vast majority of the nation’s critical infrastructure sites that could be hit by a cyber-assault (chemical plants, electricity grids, communications facilities, etc.), Napolitano seemed to aim her remarks directly at the top executives who control the purse strings of these critical facilities.

“We need to address cyber security now,” she emphasized. “Not in years to come.”

She chose not to “re-hash” the frustrating impasse on Capitol Hill this summer which caused the Senate to hesitate once again, rather than pass any sweeping cyber-security legislation. Most Democrats were in favor of passing legislation that would have required certain critical businesses to invest in their own cyber security protections, while most Republicans preferred to allow such businesses to make their own investment decisions.

Napolitano told her listeners at the ASIS lunch that everyone needs to do his or her part to guard against cyber-threats. “We are all in this together,” she argued. “You are a critical part of that homeland security enterprise.”

After outlining evidence of the magnitude of the current threat (5,000 alerts from U.S. CERT  last year; $114 billion in estimated annual costs from cyber threats), the DHS secretary went on to tick off a list of things that her department has already accomplished (established fusion centers, beefed up the “See Something, Say Something” public awareness campaign, promoted community policing to address violent extremism) and identify steps that DHS plans for the future (better info-sharing after a cyber- attack, developing a national cyber response plan, promoting a “Stop, Think, Connect” public awareness campaign aimed at young Americans.)

“Cyber-attacks have increased significantly in the three-plus years I have served as DHS secretary,” said Napolitano.  It is time to get serious, she implored.