Pages

25 April 2015

Strategy for Cyber Warfare


1. President Obama is very demanding on his Secy of Defense. He already has some very fine professionals as his Defense Secy starting from Robert Gates, Leon Panetta an ex CIA Chief, A recipient of two Purple Hearts while an infantry squad leader in the Vietnam War Chuck Hagel and now the 25th Def Sec Ash Carter.

2. Carter's Bio is very impressive. Outside of his government service, Secretary Carter was most recently a distinguished visiting fellow at Stanford University’s Hoover Institution and a lecturer at Stanford’s Freeman Spogli Institute for International Studies. He also was a Senior Executive at the Markle Foundation, helping its Economic Future Initiative advance technology strategies to enable Americans to flourish in a networked global economy. Previously Secretary Carter served as a Senior Partner of Global Technology Partners focused on advising major investment firms in technology, and an advisor on global affairs to Goldman Sachs. At Harvard’s Kennedy School, he was Professor of Science and International Affairs and Chair of the International & Global Affairs faculty. He served on the boards of the MITRE Corporation, Mitretek Systems, and Lincoln Laboratories at the Massachusetts Institute of Technology (M.I.T.) and as a member of the Draper Laboratory Corporation. He was elected a Fellow of the American Academy of Arts and Sciences and is a member of the Council on Foreign Relations and the Aspen Strategy Group.

Secretary Carter earned his bachelor’s degrees in physics and in medieval history, summa cum laude, at Yale University, where he was also awarded Phi Beta Kappa; and he received his doctorate in theoretical physics from Oxford University, where he was a Rhodes Scholar. He was a physics instructor at Oxford, a postdoctoral fellow at Rockefeller University and M.I.T., and an experimental research associate at Brookhaven and Fermilab National Laboratories.

3. Within the Dept of Defense he has been DoD’s chief operating officer, Under Secretary of Defense for Acquisition, Technology and Logistics (ATL), Assistant Secretary of Defense for International Security Policy, Secretary Carter also served on the Defense Policy Board, the Defense Science Board, and the Secretary of State’s International Security Advisory Board.

4. Yesterday Ash Carter delivered a widely awaited and anticipated speech in Stanford University. I am reproducing the speech and Q&A below.

5. Mostly the talk is on Cyber. For the first time that his Dept was hacked by Russians came up : Earlier this year, the sensors that guard DoD’s unclassified networks detected Russian hackers accessing one of our networks. They’d discovered an old vulnerability in one of our legacy networks that hadn’t been patched.

6. As Carter was speaking, the Department of Defense released online its new cyber strategy based on three primary missions: to defend the Pentagon's networks; to defend the United States and its interests against cyberattacks of "significant consequences"; and to provide integrated cyber capabilities to support military operations and contingency plans.

6. STRATEGIC GOALS AND KEY IMPLEMENTATION OBJECTIVES of the Cyber Strategy is :

 I. BUILD AND MAINTAIN READY FORCES AND CAPABILITIES TO CONDUCT  CYBERSPACE OPERATIONS

II. DEFEND THE DOD INFORMATION NETWORK, SECURE DOD DATA, AND MITIGATE RISKS TO DOD MISSIONS

III. BE PREPARED TO DEFEND THE U.S. HOMELAND AND U.S. VITAL INTERESTS FROM DISRUPTIVE OR DESTRUCTIVE CYBERATTACKS OF SIGNIFICANT CONSEQUENCE.

IV. BUILD AND MAINTAIN VIABLE CYBER OPTIONS AND PLAN TO USE THOSE OPTIONS TO CONTROL CONFLICT ESCALATION AND TO SHAPE THE CONFLICT ENVIRONMENT AT ALL STAGES.

V. BUILD AND MAINTAIN ROBUST INTERNATIONAL ALLIANCES AND PARTNERSHIPS TO DETER SHARED THREATS AND INCREASE INTERNATIONAL SECURITY AND STABILITY.

7. DoD will pursue the following management objectives to govern its cyber activities and missions :

  • Establish the Office of the Principal Cyber Advisor to the Secretary of Defense
  • Improve cyber budgetary management.
  • Develop DoD’s cyber operations and cybersecurity policy framework
  • Conduct an end-to-end assessment of DoD’s cyber capabilities
8. Now where are we.

9. Our Honourable RM, an ex IITan is quick on the button. Already he has started giving some well deserved Hard Talks to the Services. That Cyber warfare will be very important in all future scenarios is well known for a long time. Establishment of a Joint services org of Cyber Command was announced long time back. As Arnab would like to tell, Nation wants to know what has happened to that. All over the world individual services never come to a mutually accepted decision on joint efforts. But Indian Armed Forces take the icing on cake on joint issues. It is always the executive which forces the issue. USA has already started talking about the modification of The Goldwater–Nichols Department of Defense Reorganization Act of 1986.

10. My recommendation to the Honourable RM would be :

  • Ask for the progress of Cyber Command.
  • Give them timelines. Don't leave it to the services or bureaucrats, After lot of studies and meetings they will arrive at status quo.
  • Good, bad, ugly at least something is better than having nothing but procrastination. One can always do some mid course correction. At least start doing something.
11. Is the RM listening?

     -- PKM

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Remarks by Secretary Carter at the Drell Lecture Cemex Auditorium, Stanford Graduate School of Business, Stanford, California

Presenter: Defense Secretary Ash Carter
April 23, 2015

SECRETARY OF DEFENSE ASH CARTER: Thank you, President Hennessey, for that wonderful introduction. And thanks to all of the colleagues – many colleagues and friends here at Stanford for the opportunity to be with you today. It’s a special privilege for me to give the Sidney Drell Lecture, and I need to tell you why.

I began my career – as John Hennessey indicated – in elementary particle physics, and the classic textbook in relativistic quantum field theory, which described the first of what are known as gauge field theories, namely, quantum electrodynamics, was entitled Bjorken and Drell, Relativistic Quantum Fields. I’ve got my copy of Bjorken and Drell right here – it’s all marked up in the margins from those years ago.

For my doctoral thesis in theoretical physics, I worked on quantum chromodynamics, it’s also a gauge theory – field theory of the force by which quarks are held together to make nucleons. And at Oxford University’s department of theoretical physics, the external thesis advisor for my thesis was Sid Drell. I talked to Sid Drell earlier in this morning, and he can’t be here today, but that’s my thesis back in the days when they were bound.

When I visited the Stanford Linear Accelerator Center in subsequent years as a post-doc, I remember sitting on the porch of the rambling ranch house right here on the Stanford campus that Sid and Harriet Drell lived in. As post-docs tend to do, I would hang around their house at dinnertime hoping that Harriet would invite me in to dinner, which she usually did. And sometimes their daughter Persis would be there, who is now, of course, the dean of engineering here at Stanford.


A few years later, Sid was assisting the assembly of a team of scientists for the U.S. Congress on a topic that preoccupied Cold War Washington at the time: how to base the ten-warhead MX intercontinental ballistic missile so that it could not be destroyed in a first strike by 3,000 equivalent megatons of Soviet throw-weight atop their SS-18 missile. He recommended that I join that team temporarily. Sid Drell was an inspiration to all those who worked in those years to control the danger of nuclear weapons. And this – for me – was the beginning of my involvement in national security affairs.

At about that time, I got to meet the then-undersecretary of defense in charge of technology and procurement for the Department of Defense. He impressed me with how lucid and logical he was, and how well he applied technical thinking to national security problems. That undersecretary was of course William Perry, who is also present here today, and who later became deputy secretary of defense and finally secretary of defense in a progression that I have followed some 30 years later. Bill has been a major figure in my life, including standing in for my father at my wedding.

So I thank both Sid and Bill Perry, and many, many other colleagues here at Stanford…old friends at CISAC, at the Freeman Spogli Institute, at the Hoover Institution, and in the engineering faculty. I especially thank everyone for their warm welcome to me as a visitor here earlier this year. Not quite two months into it, on a fateful Monday afternoon in November, though, duty called. And I found myself nominated by President Obama to be secretary of defense.

When I became secretary, I made three commitments. The first is to the troops and to their families – to safeguard them, to ensure that they’re treated with dignity and respect, and above all to ensure that when they’re sent into harm’s way, it’s done with the utmost care. The second commitment is to President Obama – to offer him my best strategic advice as he faces a complex world, to ensure at the same time that he receives candid military advice, and finally that his decisions are carried out with DoD’s expected excellence. And my third commitment is to the future – to stay ahead of a changing world, to stay competitive, to stay aware of new generations and attract them to our mission of serving the country, and to stay abreast of technology…all this the topic of my comments today.

Over the years, I’ve seen lots of products developed here in Silicon Valley and throughout the tech community to enable boundless transformation, progress, opportunity and prosperity…across all sectors of our economy and society – commerce, health care, education, transportation, and national defense among many others. And it’s made many things easier, cheaper, and safer.

But in recent years, it’s become clear that these same advances and technologies also present a degree of risk to the businesses, governments, militaries, and individual people who rely on them every day…making it easier, cheaper, and safer to threaten them.
The same Internet that enables Wikipedia also allows terrorists to learn how to build a bomb. And the same technologies we use to target cruise missiles and jam enemy air defenses can be used against our own forces – and they’re now available to the highest bidder. Whether it’s the cloud, infrared cameras, or the GPS signals that provide navigation for ride-sharing apps, but also for aircraft carriers and our smart bombs – our reliance on technology has led to real vulnerabilities that our adversaries are eager to exploit.

And this brings me to my question for today: how do we mitigate that risk – the risk that comes with such technology while simultaneously unleashing its promise? How do we protect not just the freedom the Internet affords and the new opportunities to advance human welfare that technology enables, but also our country, our future, our children, our people?

And the key, in my mind, is to ensure an alignment between a defense that leverages our strengths – like our robust and independent business and academic communities – and that reflects our nation’s values and longstanding traditions…and a defense that is effective in a changing world.

How to align all that, and how we achieve that alignment isn’t new. We find the alignment in open partnership…by working together.

Indeed, history shows that we’ve succeeded in finding solutions to these kinds of tough questions when our commercial, civil, and government sectors worked together as partners. And today, we must…and can…do the same.

Looking out over the last 75 years, we’ve had a long history of partnership. Sometimes the bonds between the academy, industry, and defense were particularly close…like during World War II, when the Manhattan Project and the MIT Radiation Laboratory and others brought together the brightest minds, and the best of industry cranked out the ships, planes, and tanks – at what are now astonishing to us numbers. And another was during the Cold War, when a cross-section of military, academic, and private-sector experts paved the way to a future of precision-guided munitions, battle networks, and stealth. At times, we also eyed each other warily – like when Bobby Inman faced off against Martin Hellman and Whit Diffie over public-key encryption and commercialization; or during the controversy over the Clipper ship – chip – Clipper chip, excuse me, in the 1990s; and, more recently, after the actions of Edward Snowden.

Through successes and strains, our ties have broadly endured…but I believe we must renew the bonds of trust and rebuild the bridge between the Pentagon and Silicon Valley.

One reason to do so is that we share many of the same underlying objectives and values. As our government has demonstrated in recent trade negotiations, diplomacy, and decisions on net neutrality, we are strong proponents of a free and open Internet, and strong supporters of protecting intellectual property rights.

But we also need to work together because we’re living in the same world, with the same basic trends and the same basic threats.

The first of these trends is the evolutions we’re seeing in technology – that you all know very well about.

But second, there’s been an evolution for us of where technology comes from. When I began my career, most technology of consequence originated in the United States, and much of that was sponsored by the government. Now much more technology is commercial, and the technology base is global.

Globalization and commercialization have, in turn, led to more competition, which is good, because it leads to more innovative thinking. That’s driven a third trend, which is that the competition for talent has become much more aggressive – and I’ll have more to say about that later, because that matters a lot to me as secretary of defense.

These trends are contributing to a growing problem we think about every day in DoD: the fact that threats to our security and our military’s technological superiority are proliferating and diversifying. This is happening in terms of conventional weaponry and technologies, and in the cyber domain. You may think that some of this should just be left up to DoD, but these challenges should concern us all.

Let me step back. During the Cold War, Bill Perry drove a so-called “offset strategy” that harnessed American technology to radically change warfare through precision-guided munitions, network-centric forces, and stealth aircraft. It came to life during the 1991 Gulf War – when the world watched, stunned, at what the American military might had achieved. But the world has since had a quarter century to figure out how to counter these capabilities.

So now we’re seeing high-end military technologies long possessed by only the most advanced foes find their way into arsenals of both non-state actors and previously much less-capable militaries. And nations like Russia and China have been pursuing long-term and comprehensive military modernization programs to close the technology gap with the United States…particularly through capabilities designed to thwart our traditional advantages of power projection and freedom of movement. They’re developing and fielding new and advanced aircraft, submarines, and ballistic, cruise, anti-ship, and anti-air missiles that are both longer-range and more accurate. And they’ve been working on new counter-space, cyber, electronic warfare, undersea, and air attack capabilities that challenge our own. And as I’ll explain more in a moment, we’re of course innovating to stay ahead of these threats…but they’re very real.

And meanwhile, as tech companies see every day, the cyber threat against U.S. interests is increasing in severity and sophistication. While the North Korean cyberattack on Sony was the most destructive on a U.S. entity so far, this threat affects us all. And it comes from state and non-state actors alike. Just as Russia and China have advanced cyber capabilities and strategies ranging from stealthy network penetration to intellectual property theft, criminal and terrorist networks are also increasing their cyber operations. Low-cost and global proliferation of malware have lowered barriers to entry and made it easier for smaller malicious actors to strike in cyberspace. We’re also seeing blended state-and-non-state threats in cyber…which complicates potential responses for us and for others.

And this is a serious business. This is a serious matter. And it requires our collaboration. But in addition to dangers, there are also really great opportunities to be seized through a new level of partnership between the Pentagon and Silicon Valley – opportunities that we can only realize together.

Consider the historic role that DoD and government investments have played in helping spur ground-up technology innovation – both in this Valley, and on this campus. Some examples are well known. Vint Cerf ‘fathered’ the Internet while a Stanford assistant professor and also a researcher at DARPA. GPS – I don’t know whether Jim Spilker is here – likewise began as a defense-driven project, as did, in an earlier era, jet engines and communications satellites. And even today, Stanford continues to be among the top university recipients of federal R&D spending.

But other examples we hear less about. Work on Google’s search algorithm was funded by a grant from the NSF, National Science Foundation. And most technologies used throughout Silicon Valley – including many that Apple brilliantly integrated into the iPhone – can be traced back to government or DoD research and expenditures. The developers of multi-touch worked together through a fellowship funded by the National Science Foundation and the CIA. iOS’s Siri grew out of not only decades of DARPA-driven research on artificial intelligence and voice recognition, but also a specific DARPA project funded through SRI to help develop a virtual assistant for military personnel. And Google’s self-driving cars grew out of the DARPA Grand Challenge.

Now, obviously none of this diminishes the genius, the hard work, and the sacrifices by innovators here at Stanford, or in Mountain View, or Boston, or elsewhere. The government helped ignite the spark, but this was the place that nurtured the flame that created incredible applications. I mention this because it speaks to a partnership that has long existed between America’s technology sector and its government and defense institutions…a relationship that can continue in a way that benefits us both.
All these facts – both the challenges and the opportunities – lead me to a clear conclusion. Renewing, strengthening our partnership is the only way we can do this.
Now, it won’t always be easy. We’ve had tensions before, and we will likely have them again. We shouldn’t diminish that. But those who work in the tech community are no strangers to intense grappling with ideas. And the same is true for those of us who work in the Pentagon. And, because we have different missions and different perspectives, sometimes we’re going to disagree.

But I think that’s okay. Because being able to address tensions through our partnership is much better than not speaking at all. And there can be great ideas that come out of candid conversation.

And this of course leads us to a new question – what would this renewed partnership look like? And what’s the best way to re-wire the Pentagon for a partnership?

As secretary of defense, I believe that we in the Pentagon – to stay ahead – need to change and to change we need to be open, as I say, we have to think outside of our five-sided box. So I want to spend the rest of these remarks talking about two areas where I believe our partnership is most vital – innovation more broadly and cybersecurity particularly. And I want to be open with you about our plans for both.
Let me start with innovation.

It’s no secret that DoD is coming out of fighting two wars – two long wars – for more than 10 years. While we were focused on solving the problems we faced during those wars, we lost sight, in some ways, of the bigger picture about the impact and proliferation of technology around the world.

Now, this isn’t to say that DoD has completely ceded R&D funding and innovative thinking to everyone else – we still make up half of federal research and development, which is about $72 billion dollars this year. These are resources that help build the world’s most advanced fighters and bombers, develop new phased arrays for radar, and produce the satellites, missiles, and ships that let us strike terrorists in the Middle East and underwrite stability in the Asia-Pacific. And unlike our R&D investments during the past 14 years of war – like when we needed thousands of Mine-Resistant, Ambush-Protected vehicles, or MRAPs, to protect our troops from roadside bombs – the investments we’re making today are preparing us to face the types of high-end threats that I described earlier.

Some of these R&D funds – $12 billion dollars’ worth – support the breakthrough science and technology research done at universities and companies and DoD labs across the tech community. For example, a number of folks here at Stanford have worked with DARPA, our advanced research projects agency, which you all know. In the past three years, DARPA has partnered with nearly 50 different public- and private-sector research entities in Silicon Valley – that’s just one agency. These relationships are really valuable to us, and I intend to continue to nurture them.

Come June, we’ll see this in action, when the finals take place for the DARPA Robotics Challenge in Southern California. This event will showcase how work on smaller sensors, pattern recognition technology, big data analysis, and autonomous systems with human decision support, could combine into a rescue robot – that’s the challenge – a rescue robot that navigates a disaster-stricken area with the same speed and efficiency that you or I would…but without putting anyone at risk.

Another example is how we’re looking beyond GPS. While DoD will of course continue to support the GPS satellites, which we engineer and launch – because of all the commercial applications as well as military applications – we also need to find alternatives for military use that are more resilient and less vulnerable. We’ll do that in part by advancing microelectromechanical systems technology for small inertial navigation units, small accurate accelerometers, and precision clocks – all on a chip. Today this technology is in our smartphones – that’s how they know they’re being rotated – and we’re pushing it to be far more precise. We’ll push, for example, the performance envelope in timing and navigation technology by harnessing Nobel Prize-winning physics research that uses lasers to cool atoms. Stanford has been a tremendous force in this area, with one group of researchers creating a company we work with, AOSense, to make practical cold-atom systems. The result would be a GPS of things – akin to the Internet of things – where objects, including our military systems, keep track of their position, orientation, and time from the moment they are created with no need for updates from satellites.

But to stay competitive and to stay ahead of threats, DoD must do even more. And that starts with our people, who are our most important asset – both in Silicon Valley and in the military. Who they are, and where they are, matters tremendously in affecting our ability to innovate. And that’s the rationale behind some initial steps I’m taking starting today.
First of all, it’s important that we at the Pentagon find new ways to help bring in new people with the talent and expertise we need, and who want to contribute to our mission as part of the force of the future, even if only for a time…or a project. We’re establishing a DoD branch of the U.S. Digital Service, the outgrowth of the tech team that helped rescue healthcare.gov, for example, to help solve some of our most intractable IT and data problems in DoD. And in fact, we have our very first team there – a ‘sprint team’ already in the Pentagon working on transferring electronic health records from DoD to the Veteran’s Administration – a bigger problem than you might imagine. And they’ll work on classified projects as well. And if you want to be a part of the U.S. Digital Service, you can, and it’s a wonderful opportunity to try out public service – try out applying your skills to national defense and maybe you’ll end up like I did after Sid Drell got me to give it a try. But that’s what we’re trying to do – ask people to give us a try, join us for a while – even if for just a time. Make a contribution. Feel what it’s like to be a part of something that’s bigger than yourself. And it really matters.

The reason that Silicon Valley is so successful is that it has the right people in it but there’s proximity as well – there’s an ecosystem out here. Everyone’s in the same general area, which not only helps forge relationships, but also helps spread new ideas. And that geographic proximity, coupled with strong links between academia and industry, has made this entire region a nexus for innovation.

So I am also creating something that we call the Defense Innovative Unit Experimental [Defense Innovation Unit X]…first-of-its-kind unit for us, staffed by some of our best active-duty and military personnel, plus key people from the Reserves who live here who are some our best technical talent. Some of you are reservists – and we appreciate that. They’ll strengthen existing relationships and build new ones; help scout for new technologies; and help function as a local interface for the department. Down the road, they could help startups find new work to do with DoD.

Third, we’re going to open a door in the other direction – from our best government technologies to industry and then back. For example, we currently have a Secretary of Defense Corporate Fellows Program that sends about 15 of our people a year out to commercial companies like Oracle, Cisco, FedEx, and others. Right now we don’t effectively harness what they’ve learned when they come back.

So we’re going to expand that fellows program into a two-year gig – one year in a company, and one year in a part of DoD with comparable business practices. That way we have a better chance to bring the private-sector’s best practices back into the department. These are just some of the examples of how we need to drill holes in the wall that I think exists and has built up over the years between the Department of Defense and the commercial and scientific sector. Let people come back and forth and try it out – that’s the only way to do it. People want choices these days, and they want mobility. They don’t want to get stuck on one side of the wall or the other.

We also have to think about investing in the most promising emerging technologies, as well as our people. While DoD has sought to continuously improve our acquisition processes over the past five years – and I’m proud to have been a part of that effort at the beginning of the Obama Administration – there are still areas where we can and must do better.

One concern I’ve heard about is the worry that the government will insist on taking intellectual property, and then reveal proprietary information to the public and to competitors. Let me assure you that we understand and appreciate industry’s right to intellectual property. And DoD has a long history of successfully protecting companies’ proprietary information, and we respect the fact that IP is often the most important and valuable asset a company holds, and that businesses cannot be forced to sell their IP to the government. We understand all that. We need the creativity and innovation that comes from start-ups and small businesses, and we know that part of doing business with them involves protecting their intellectual property.

This is particularly important because start-ups are the leading edge of commercial innovation, and right now, DoD researchers have many effective ways to transition promising – sorry, do not have enough effective ways to transition technologies that they come up with to application. And we need to fix that, too. I don’t want us to lose out on an innovative idea or capability we need because the Pentagon bureaucracy was too slow to fund something, or we weren’t amenable to working with startups, as we should be.

So, borrowing on the success of the Intelligence Community’s partnership with the independent, nonprofit startup-backer In-Q-Tel, which many of us have had involvement with, I’m going to propose – I have proposed and they’ve accepted a pilot project with In-Q-Tel to provide innovative solutions to our most challenging problems. We’ll make investments with In-Q-Tel in order to leverage their existing proven relationships, and apply their approach to DoD. As some of you know, In-Q-Tel has been working with Silicon Valley for over 15 years, and continues to provide other parts of the U.S. government with access to the start-up world. In order to regain our competiveness, we have to expand our ways of investing in identifying and implementing new technologies and capabilities – and this approach may help us yield a long-term advantage.

And commercial technology – I should say – is not a panacea, nor will it ever be…we can’t get everything from outside, and we need some special technologies for our own special missions. Stealth is one example: we need aircraft to look as tiny as sparrows on radar, but nobody else needs aircraft in the commercial world that do that. Similarly, the Mach 5-plus hypersonic scramjet we tested on the X-51 a couple years ago is technology we need for a new dimension in warfighting – it’s not something the commercial sector needs.

But there are many areas where the potential in leveraging commercially-driven technology is so huge, that we have to embrace it going forward.

We want to partner with businesses on everything from autonomy to robotics to biomedical engineering; from power, energy, and propulsion to distributed systems, data science, and the Internet of things. Because if we’re going to leverage these technologies to defend our country and help make a better world, the Department of Defense cannot do everything in all these areas alone. We have to work with those outside.
And the same is true, finally, with cybersecurity – we’re going to have to work together on this one.

While we in DoD are an attractive target, the cyber threat is one we all face…as institutions, and as individuals. Networks nationwide are scanned millions of times a day. And as we’ve seen cyber attackers bombard the public websites of banks, make off with customer data from retailers, try to access critical infrastructure networks, and steal research and intellectual property from universities and businesses alike…so too have individual citizens been compelled to guard against identity theft.

This is one of the world’s most complex challenges today, which is why the Department of Defense has three missions in the cyber domain. The first is defending our own networks and weapons, because they’re critical to what we do every day…and they’re no good if they’ve been hacked. Second, we help defend the nation against cyberattacks from abroad – especially if they would cause loss of life, property destruction, or significant foreign policy and economic consequences. And our third mission is to provide offensive cyber options that, if directed by the President, can augment our other military systems.

In some ways, what we’re doing about this threat is similar to what we do about more conventional threats. We like to deter malicious action before it happens, and we like to be able to defend against incoming attacks – as well as pinpoint where an attack came from. We’ve gotten better at that because of strong partnerships across the government, and because of private-sector security researchers like FireEye, Crowdstrike, HP – when they out a group of malicious cyber attackers, we take notice and share that information.

Still, adversaries should know that our preference for deterrence and our defensive posture don’t diminish our willingness to use cyber options if necessary. And when we do take action – defensive or otherwise, conventionally or in cyberspace – we operate under rules of engagement that comply with international and domestic law.

This approach reflects two goals. First, keeping the Internet open, secure, and prosperous. And second, assuring that we continue to respect – and protect – the freedoms of expression, association, and privacy that reflect who we are as a nation.

Let me repeat that second goal: We must continue to respect, and protect, the freedoms of expression, association, and privacy that reflect who we are as a nation.

To do this right, we again have to work together. And as a military, we have to embrace openness. Today dozens of militaries are developing cyber forces, and because stability depends on avoiding miscalculation that could lead to escalation, militaries must talk to each other and understand each other’s abilities. And DoD must do its part to shed more light on cyber capabilities that have previously been developed in the shadows.

So today, for example, I want to disclose a recent instance that helps illustrate the cyber threat we face today and what to do about it. It’s never been publically reported, and it shows how rapidly DoD can detect, attribute, and expel an intruder from our military networks – in this case, unclassified ones.

Earlier this year, the sensors that guard DoD’s unclassified networks detected Russian hackers accessing one of our networks. They’d discovered an old vulnerability in one of our legacy networks that hadn’t been patched.
While it’s worrisome they achieved some unauthorized access to our unclassified network, we quickly identified the compromise, and had a team of incident responders hunting down the intruders within 24 hours. After learning valuable information about their tactics, we analyzed their network activity, associated it with Russia, and then quickly kicked them off the network, in a way that minimized their chances of returning.

This episode illustrates a step in the right direction. Like a lot of CEOs across the country, my primary goal in my enterprise is defending our networks because we, too, are a network-centric organization, but I still worry about what we don’t know. Because this was only one attack that we found.

One way we’re responding to that is by being more transparent, to raise awareness in both the public and the private sector. Indeed, shining a bright light on such intrusions can eventually benefit us all – businesses and governments alike.

More broadly, President Obama has said that we will respond to cyber-attacks in a manner and at a time and place of our choosing using appropriate instruments of U.S. power. DoD has spent a lot of time figuring out how to help do so while also holding true to our nation’s enduring interests, traditions, and values. And we’ve developed a new cyber strategy that details what our cyber missions are and when we will take certain actions and why.

This new strategy – our first since 2011 – is to help guide development of DoD’s cyber forces, and it’s also a reflection of DoD being more open than before. We’re making it available to the public today – both online, and by the way, at the back of this room. And I’d like to tell you a little bit about it.

Like everything we do, our cyber strategy starts with our people – its first strategic goal is building and training our Cyber Mission Forces. These are talented individuals who hunt down intruders, red-team our networks, and perform the forensics that help keep our systems secure. And their skill and knowledge makes them much more valuable than the technology they use. We’re just beginning to build and to imagine this cyber force in DoD.

Another goal is to be better prepared to defend DoD information networks, secure our data, and mitigate cyber risks to military missions. We do this in part through deterrence by denial, in line with today’s best-in-class cybersecurity practices – building a single security architecture that’s both more easily defendable, and able to adapt and evolve to mitigate both current and future cyber threats. This to replace the hundreds of networks – separate networks – that we now operate in the Department of Defense. We have to strengthen our network defense command and control to synchronize across thousands of these disparate networks, and conduct exercises in resiliency…so that if a cyberattack degrades our usual capabilities, we can still mobilize, deploy, and operate our forces in other domains – air, land, and sea – despite the attack. And we’re also taking action – just this week I directed that we consolidate all of over IT services in DoD and throughout the Washington capital region – consolidate all of them, which will not only help improve our overall cybersecurity, but also save millions of dollars we can better spend elsewhere.

Of course, as I’ve said, we know that working together in the cyber domain is essential. And that’s why one of the primary aspects of our strategy is working with partners – in the private sector, across our government, and around the world. And the strategy speaks to this as well.

Because American businesses own, operate, and see approximately ninety percent of our national networks, the private sector must be a key partner. The U.S. government has a unique suite of cyber tools and capabilities, but we need the private sector to take its own steps to protect its data and networks. We want to help where we can, but if companies themselves don’t invest, our country’s collective cyber posture is weakened and our ability to augment that protection is limited.

To build our vital cyber force, we’re going to need to use new ways to attract talent through new private-sector exchange programs that let people from outside contribute to our mission and then return here to the Valley or to stay, as I did. And to ensure that our people have the right tools to execute their missions, we’re going to be increasing our fundamental research and development – this is an exception in these times of budget constraints – increase our fundamental research and development with both established and emerging private-sector partners in cyber…so that together, we can create cyber capabilities that not only help DoD, but can also spin off into the wider U.S. marketplace.

And last to ensure our cyber operations are appropriate and effective, we’re going to work more closely with our law enforcement partners at the FBI, with Homeland Security, and elsewhere. There are clear lines of authority in our government about who can work where, so as adversaries jump from foreign to U.S. networks, we need our coordination with our government to operate seamlessly. And I’m determined that the Department of Defense be a cooperative partner with law enforcement and with homeland security.

We’ve already started practicing with them – just a couple of weeks ago, we had an exercise that we did with our FBI counterparts on how to do exactly what I said – and we’re going to be exercising much more going forward. It’s important that we work together and that we all behave in a way that is lawful and appropriate.

Now, as secretary of defense, my mission is to make sure our military can defend our country – make a better world. But this is a mission that all of us who love freedom and opportunity and want a better for our children and our grandchildren share with us. We’re our best when we have the best partners. Knowing how we’ve worked together in the past, and how critical your work is to our country, strengthening this partnership is very important to me.

We have a unique opportunity to build bridges and rebuild bridges and renew trust. That’s why I’m visiting some other companies here this afternoon, and meeting with a group of tech leaders tomorrow. I want to learn how, in the years to come, a new level of partnership can lead to great things.

That’s what’s possible through partnership. And whether it’s helping safeguard the Internet or helping save lives, working together for the greater good is bigger than who we are as individuals – bigger than who we are as companies.
It’s an imperative we face…an opportunity we share…and it’s the only way to make a better world – together.

Thank you.

(APPLAUSE)

Q: Well, Secretary Carter, thank you for those remarks. Welcome back to Stanford. As is the tradition of the Drell lecture, the first question is always from Sid Drell. As you know, the doctors ordered him to stay home today, but Sid was undeterred. He watched you on livestream, and he emailed me a question. (Laughter.) And since Sid was on your doctoral dissertation committee, you know he's going to start you off with a hard one. Here's what Sid writes.

I'm very pleased with the new initiative being released today and a commitment prioritizing the importance of cyber. It's a subject that is critical to the country's national security and protection of our civilian economy. With regards to this new plan, can you share with the audience how as secretary of defense, you plan to direct the complex undertaking the array of intelligence agencies, DIA, NSA, et cetera, have ahead of them, and how you plan to ensure there is coordination and cooperation on the technical level so that they don't repeat each other's work?

SEC. CARTER: Good -- good -- good question as you'd expect from Sid.

By the way, I talked to Sid on my way here, who after 30 seconds of mutual greetings, launched into another interest of his, the indefatigable Sid Drell, but he is under the weather, as is Harriet, and I -- but it's an honor to give a lecture in his name.

He is pointing to something that is endemic not only in DOD but across the government, which is the inability of people, bureaucratically-minded people, to work together on common things.

This is something that bedevils him. He was explaining it to me in the car on the way. And that's what I was alluding to when I talked about Homeland Security and the FBI. We can't have that.

We cannot have a situation where we in DOD are contending with the FBI, contending with Homeland Security, or whether within my domain, DIA, NSA, and CIA, which is obviously not mine, is outside, aren't working together.

I have no tolerance for that at all. And I've told my colleagues, starting with FBI and Homeland Security, that I have told my people no -- no turf contention. I want people working together.

I'll give you an example. Bill Perry, when Bill was the boss of the Pentagon and I worked there, it was traditional for the State Department and the Defense Department to fight with one another. If George Schultz were here, he would remember that also.

And Bill told us, "I don't want you doing that. I'm not going to listen to any of your arguments about how you're not getting along with" what was then Warren Christopher's State Department.

So I don't allow it. I'm not going to allow it as secretary of defense. And within the department, it's the same thing. We have NRO, we have DIA, CIA. People are bureaucratic in Washington, and they want to -- they want to protect what they're doing so that they continue to have the people and the resources they want. And it's -- it's intolerable in today's world because we don't have enough good people to build walls between them. We've got to share them and use them together.

So I am -- I know exactly the examples he's talking about, and it has to start with leadership at the top. It has to start with me. And I'm not tolerating it.

Q: Let's talk a little bit more about people.

You mentioned in your remarks the importance of developing the cyber workforce of the future, both in and out of uniform. How do you reconcile the tension between what is termed the hacker mindset that many people think is necessary for success, and the military's culture that's more rule oriented and structured?

SEC. CARTER: Yeah, that's a good question. It is like a clash of cultures. And I think about that a lot because it's also a clash of generations. And you know, I'm in the position now of needing to attract to military service a generation of people who grew up entirely in the Internet age, whose memories of 9/11 are either faded or dim or non-existent, and attract them to the mission of national security and national defense.

The only way to do that is to make us as open and flexible as their private sector counterparts are. So that's why I talked about those three initiatives in the personnel area. I'm trying out ways to change the way we bring people in. Give them a try. People don't like to be tied down. Kids don't want to get into something that they're going to be in for their entire lives. They want to move in and out. That's why I'm looking for the cyber force about being able to move people laterally into the military rather than having to come up through the ranks because of their level of expertise.

These are revolutionary things, but we have to do them. We can't have industrial age institutional and human resources thinking in an age when people, they want choice, they want flexibility, they want movement, they want mobility, and we have to be part of that, or we're not going to be a part of the generation that will make us successful in the future.

So that's -- that is the theme of what I am trying to do, both in the uniformed side, with our new recruits, and recruiting new kids into the military, and with our civilians and the people who work in the defense industry. What's going to make it exciting? The mission is compelling: creating a better world and a safer world. The mission is compelling. But we've got to make the environment less dreary.

Q: You talked about a whole of nation approach, and yet as you know, there is deep and lingering distrust. What do you think are the best next steps that DOD and others in the U.S. government can take to really restore that trust?

SEC. CARTER: Well, I think that people -- our companies and our people need to be convinced that everything we do in the cyber domain is lawful and appropriate and necessary. And I think the Snowden revelations indicated that we had a difference of view between what we were doing and what people understood us to be doing.

So we've made some adjustments in that, and I think we'll continue to be more open and adjust, but I also have to say that I have never encountered an example. When we do surveillance, we're doing it to counter terrorism, to counter military action, to counter trafficking and other things that are heinous. We do not do it to collect people's private information for the information's sake.

But I understand that we need to be open and that we need to adjust what we're doing in such a way that it's accepted. I -- unfortunately a lot of what we're doing has to remain secret, but that's why all three branches of government are involved. You know, Congress knows about all these things. They approve all these things. They're all done lawfully within the courts. So, we can change the way we do that, but that is the appropriate way to do it, with all three branches of our government involved.

But I think there's no other way than by being open and by being willing to adjust the way we do things. I also think that there is a certain amount of protectionism going on around the world being used against U.S. companies in the wake of the Snowden incidents, which is nothing else but protectionism in the guise of concern about U.S. surveillance.

But we will continue to be open and to adjust.

Q: Let's talk a little bit more about DOD's mission in cyberspace. You said one of the critical missions, one of the three missions, is to defend the nation against attacks, and the term has been used, of significant consequence.

Help us understand what that means. At the low end of the threshold, what is an act that would have an impact that would trigger DOD involvement?

SEC. CARTER: Something that threatens significant loss of life, destruction of property, lasting economic damage to people. Those are -- is the kind of thing as in any use of -- of force against Americans or American interests where the president would determine what the response ought to be on the basis of its proportionality and its effectiveness, and it won't be any different in cyber than it will in any other domain, and by the way, the response might not occur in cyberspace, but might recur -- might occur in a different way.

So, for our role as defense is as I said, first and foremost to defend our own networks. But on occasion, we may be called upon to help defend other parts of the society, and that's our mission also, and we'll do so.

Q: But of course, as you know, if we could imagine Hollywood screenwriters writing a script of a cyber attack, nobody would ever believe the attack on Sony.

So how do you think about setting a -- a clear set of criteria for defining acts of significant consequence when we see unprecedented types of attacks today?

SEC. CARTER: Well, you're asking again about what would be an act of significant consequence, and I think that that's something that is going to -- a determination that's going to be made case by case, depending upon danger or potential danger to life and property in -- in the United States.

And we'll make that determination if and when it occurs on a case by case basis. In the Sony attack case, first the president did make that determination and did direct action which wasn't in cyberspace.

Q: How, if at all, did the Sony attack change your thinking about cyber threats and what we need to do?

SEC. CARTER: I think that's particular nature of that attack was involving as it did a deliberate attempt to impede freedom of expression in the United States. That was the North Korean declared objective. It was particularly objectionable.

Now, it turns out we were able to deal with that over time, and as I said, take actions in response to it, but it -- what it tells me is that the cyber route is now available even to countries as generally limited in terms of technology and economy as North Korea.

Q: So, I want to make sure we have time for our audience questions and our questions from Twitter, but before we turn to that, let me bring it home a little bit.

You're the secretary of defense, but you're also a long-time scholar and teacher. And we have many Stanford students in the audience here today. What would you say to them about what their role can be not only in cybersecurity, but in national security policy more broadly, and what role can universities like Stanford play?

SEC. CARTER: Well, it's a great question because I -- I -- this is one of the things I'm most intent upon as secretary of defense is to give people a chance to feel the experience of contributing to something that's bigger than themselves and that matters so much, which is the security of our country and the security of our world and making a better world for our children.

This is something you can't take for granted.

And I sometimes feel that the safer we are, the less people appreciate what it is that keeps them safe. So, I know I can't get people to join us by preaching at them about that, but I can get them to join us by giving them avenues to try, avenues to give it a try, give it a sample. That's why I'm so intent upon increasing the permeability of the wall between the government and young people in the private sector and the way that this -- generations in the future are going to think about their careers. And we need to adjust the way the government behaves so that they can fit into that.

Some of them will come in and go out and come in and go out, as many of us have done. And some will come in and stay. But we need to make that more permeable, otherwise we're not consistent with the way people are thinking about their careers these days, particularly scientific and technical people.

They want to move. They want to be challenged. They want to have mobility. They want things to be exciting.

If we don't provide that in the field of national security, we're not going to continue to have what we now have, which is the finest fighting force the world has ever known.

Q: So let's take the opportunity now to turn to our audience questions from all of you and our online Twitter questions.

And to do that, we have Jenny Mayfield who's director of media relations at the Hoover Institution.

Q: Thank you Amy, and it's an honor to have you here, Mr. Secretary.

Lots of great questions from the Stanford community. Too bad we can't get through all of them.

Starting here with a question from the audience, how can the military compete with the private sector for recruitment and retention of cyber expertise?

SEC. CARTER: Well, it's a very good question. Gets back to what I was saying before.

First of all, you have to realize we are in competition. It's not like the old days. And so we have to make ourselves an exciting and flexible and rewarding place to work. We're never going to be able to pay the way the private sector does, but the mission is compelling.

And when we get people -- young people in, and they get a taste of how exciting it is and how deeply important it is to be a part of security, I'm confident that the mission by itself will do the trick. Our job is to have a personnel system that is permeable enough that people give it a try and at least spend part of their lives contributing to national defense, even if they don't spend all of their lives.

And it's changing those two things: how you can get in, and how you can get in and out that is going to make us more compatible with today's --- the way people see their careers today. They don't want to join Ford Motor Company, and they don't want to join a government agency. They want to have flexibility and mobility. We need to offer that if we're going to be competitive.

Q: Here's another one from the audience. Could you discuss the experience of switching from an academic career to a political position?

SEC. CARTER: Good question and I want to amend the question if I may slightly to say that the secretary of defense is by a tradition that I hope always continues, not a political position in the usual sense. And I think that's important. I'm not a political person by nature. I'm honored to have the position. I think it's to the country's credit that they would have somebody who was with my background serve them in this capacity.

The -- how do you get back and forth between academia and the government? For me, it was my scientific knowledge. That's what got me into it. I was able to, through Sid Drell, give it a chance. And when I did, I found out two things. First of all, these were really important problems I was working on, and second of all, I could make a difference because of my technical background. That's how I started.

Of course, now I'm doing other things and it's a different kind of policy and managerial job, but I had the sensation of working on something that was really important and knowing I was making a big difference to it. Those are the two ingredients for anybody to throw themselves all in to something. I was given that opportunity and as I said before, I want to give it to others in generations ahead.

Q: This is one actually from Twitter. What's in it for Silicon Valley? Why enter DOD's acquisition system?

SEC. CARTER: Well, I hope you don't have to enter DOD's acquisition system -- (Laughter.) -- in order to make that -- for starters, I don't want to have to do -- have to do that. But why work with us?

We have really exciting problems that we work on and that we challenge people for. So, we have some of the most exciting problems you -- that you can have in technology, and they're consequential. They matter. They have to do with our protection and our security and creating a world in which people can live their lives and dream their dreams and have their children and give them a better future.

And those two things, technical excitement and a sense of mission, that's why I think folks will want to work with us.

Our job is not to make it a big acquisitions system that they have to join, but something that's much more user friendly and that they can come into and go out of more flexibly. That's our job.

But I'm convinced that the excitement of the technology challenges we have and the gravity of the mission, those are things are very compelling to everybody.

Q: Shifting gears a little bit, this is from the audience.

Newly admitted students to Stanford were four years old on 9/11. It's history, not experience.

Can you talk a little bit about the terrorist threat, and how serious it is compared to other threats?

SEC. CARTER: Yeah, well the start of that is really important, because we in the Department of Defense have enjoyed an environment for the last few years of having an extra augmentation of people of quality entering our ranks in the wake of 9/11 because it was a indication to them of how important it was to have security against terrorism.

Also the slowdown in the economy helped us as well, sadly. It's not a reason you want to have, but it was better for labor markets in terms of us being able to attract and recruit good people.

For those who don't remember 9/11, I think you have to put yourself in the shoes. Unfortunately, we are intent upon protecting our own country and our own people and our own interests, so I do not want to us to have other examples that are as inspirational as 9/11. We work hard every day. Believe me, there are people out there who want to do that and worse every day. I think the only thing you can do is point to other places in the world where people their age have nothing like the opportunities that they have.

And many of our young people are very internationally aware. And it doesn't take something here at home as much to have them understand what terrorism is like than maybe it did 15 years ago. But I do worry that the better a job we do, the more we're taken for granted.

Q: Can I follow up on that?

I'd like to get your sense of the threat environment more broadly. Director of National Intelligence Jim Clapper has said most complex threat environment he's confronted in his 51 years in the intelligence business.

As you look at the array of threats and we see a lot of them today, whether it's the rise of China or challenges, the rise of China, terrorism, cybersecurity, events in the Middle East, what is the -- what are the most important threats that concern you?

SEC. CARTER: The -- it is a kaleidoscopic many things going on. And so you have -- if you -- so the strategy requires a sense of perspective, which is the ability to look at all the world and all of those problems and decide how we're going to apply our resources to them.

And that's what we try to do and so it's not possible to say that one is more important than the other. And the country in our position, we have to take all of them seriously.

We don't have infinite resources, so we have to parcel our resources out among those different challenges, but we don't have the luxury in the United States to ignore any part of the world. They're all important to us. At the same time, you have to begin with our interests and protecting our people, and that's the home base for our strategy.

We're not going to be able to address every problem in the world. We're not going to be able to bring order to every country in the world. And the touchstone is our security. And that's the touchstone of our strategy.

Q: This one's regarding the Iran nuclear negotiation. How concerned are you about what looks to be very different, some would say contradictory statements from Iranian leaders and U.S. officials about what was agreed to in the draft? And what would you say a good deal looks like?

SEC. CARTER: Well, a good deal, those of you who don't follow this, this is an expression I think coined by President Obama, who said he'd rather -- he wants a good deal, and he'll take no deal rather than a bad deal. And I think that's the right attitude to have. I think we've got a couple more months for Secretary Kerry and Secretary Moniz -- many of you know Ernie Moniz -- who are conducting these negotiations to see if they can close the gap, real or perceived, between where they left it a few weeks ago, and an agreement that would be a good deal.

We'll just have to see what happens over the next couple of months.

Q: I think we have time for one last question.

Q: Okay, here's another one from the audience.

Climate change is one of the biggest challenges facing mankind. What is the Department of Defense doing to mitigate its climate footprint?

SEC. CARTER: We are doing things like most enterprises are to cut back on wasteful use of energy and carbon emissions. Everybody is doing that. There's an economic reason for us to do that as well as a climate reason, but I think the questioner's getting at something broader, which is climate change does affect our strategic outlook in certain parts of the world.

It's particularly true in the Arctic where there's contention already, and we're adjusting to that to changes in weather patterns, water distribution, and so forth. All these things have the potential to change the -- alter the climate patterns that have determined human settlement over centuries. Those patterns are changing. That's going to cause its own level of disruption and adjustment required, and I think people who are worried about the state of the world and the stability of the world have to pay attention to that. And we do that too, as well as our -- playing our role, which is modest, in prevention.

Q: Well, because you answered that question a little more quickly than I thought you would, we have time for a couple more, so we'll keep you as long as we can -- (Laughter.) -- as long as we can.

Q: Let's see. Okay, this one's from Twitter.

Will these cyber attackers become kinetic targets or remain a law enforcement problem?

SEC. CARTER: Yeah, insiders. The -- this is an important point the questioner is raising, as any of you who works on cybersecurity know and as the Edward Snowden incident illustrates, the insider threat is in many, many circumstances a more dangerous one than outsider threats, people that are hacking their way into a network.

And it's a security problem, and because of the consequences, obviously, it's a crime to do so. But what we've done in response both to Snowden and to other kinds of incidents like that, but we're still not where we need to be, is to do -- take the steps on the network that keep track of what people are doing, that detect suspicious patterns of behavior, that prevent exfiltration of data in large quantities or in suspicious categories and so forth.

You cannot be sure that you do not have in tens of thousands of people, an aberrant individual.

And so you have to make sure that the networks are configured in such a way that insider threats are protected against as strongly as outsider threats are. Obviously, when you find a transgressor, that becomes a law enforcement issue, but it's too late by that time. So I don't want to get to the point. I want to get -- I want to have our networks where that kind of behavior is simply not possible. There isn't possible for much earlier detection than we've had in some of these cases. Very important.

Q: This is a question about China's rise. So, you've recently said that TPP is as important to you as a new aircraft carrier, describe the Asia-Pacific trade agreement as an urgent priority, and called the Asia-Pacific the defining region for our nation's future.

This question's twofold. What do we have to do to get -- excuse me, what do we have to do to get the right deal with China's rise, and how can we keep from getting distracted by the Middle East and Europe?

SEC. CARTER: A lot of questions in there. (Laughter.) All -- all good.

I mean, fundamentally, the Asia-Pacific region is important to our future because that's where half of humanity resides, half of global economic activity resides. We're a Pacific power. That's why so much of our future lies there. And the region isn't in the headlines a lot. The Middle East is.

You say, how can you avoid being distracted? That's where you have to keep your sense of perspective, in what's important, and the Asia-Pacific is centrally important. It has been peace -- enjoyed general peace and stability for seven decades now. And in that environment, first Japan rose and prospered, then South Korea rose and prospered. Taiwan, Southeast Asia, and today, and China and India. And that's been good.

But it has occurred in a region where that has no security structure, no NATO, where the wounds of World War II are still not healed, and what has kept that peace and stability has been more than any other factor, the pivotal role of American military power and influence. That, for seven decades.

And that's been good for everyone there. It's been a good system. And in a nutshell, what we call our rebalance within our strategy is a determination to keep that going.

Now, with respect to China, I am not one of these people who believes that it is inevitable or even likely, and it's certainly not desirable that there be a atmosphere of contention between the United States and China. And so we -- but you know, history requires shaping. It's not going to happen all by itself.

And so I believe that as China and India rise, that's a good thing we welcome that, but we need to keep the American presence in the Asia-Pacific, because it's a reassurance to many there, and it's a signal to all that it would be terrible to ruin a good thing. And they've had peace and prosperity for 70 years.

And I was indicating that trade, which is part of this TPP, I was trying to illustrate the fact that it's the entirety of U.S. influence, and the values we bring which are ones of open commerce and open borders to trade, that's the system that we would like to continue to have in the Asia-Pacific. It's one that we were instrumental in creating many decades ago.

And that's why I think that element of our influence is as important as our military element, and that's what I was trying to -- that's what I was illustrating by using that analogy.

I think TPP, we'll see. I hope -- certainly hope will become a reality in coming months. It's an incredibly important thing. And the alternative is really undesirable. The alternative is a carving up of markets and lots of special bilateral deals. That's no way to run a 21st century economy, and I think most countries understand that. Most people in most countries understand that. I think we're going to avoid that. But it's -- it's -- we're going to have to close those negotiations and get started.

Q: We have regrettably come to the end of our time, but before we let Secretary Carter go, I have a little gift that I want to present.

So you have talked a lot about the importance of building bridges between Washington and Silicon Valley. Washington, a place of suits and uniforms. Stanford and Silicon Valley, a place of hoodies. So we wanted to make sure that you were properly attired to achieve mission success. (Laughter.)

SEC. CARTER: Hey. Thank you. (Applause.) That was wonderful. Thank you. (Applause.) That's great.





http://www.defense.gov/transcripts/transcript.aspx?source=GovDelivery&transcriptid=5621







Remarks by Secretary Carter at the Drell Lecture Cemex Auditorium, Stanford Graduate School of Business, Stanford, California

Presenter: Defense Secretary Ash Carter
April 23, 2015

SECRETARY OF DEFENSE ASH CARTER: Thank you, President Hennessey, for that wonderful introduction. And thanks to all of the colleagues – many colleagues and friends here at Stanford for the opportunity to be with you today. It’s a special privilege for me to give the Sidney Drell Lecture, and I need to tell you why.

I began my career – as John Hennessey indicated – in elementary particle physics, and the classic textbook in relativistic quantum field theory, which described the first of what are known as gauge field theories, namely, quantum electrodynamics, was entitled Bjorken and Drell, Relativistic Quantum Fields. I’ve got my copy of Bjorken and Drell right here – it’s all marked up in the margins from those years ago.

For my doctoral thesis in theoretical physics, I worked on quantum chromodynamics, it’s also a gauge theory – field theory of the force by which quarks are held together to make nucleons. And at Oxford University’s department of theoretical physics, the external thesis advisor for my thesis was Sid Drell. I talked to Sid Drell earlier in this morning, and he can’t be here today, but that’s my thesis back in the days when they were bound.

When I visited the Stanford Linear Accelerator Center in subsequent years as a post-doc, I remember sitting on the porch of the rambling ranch house right here on the Stanford campus that Sid and Harriet Drell lived in. As post-docs tend to do, I would hang around their house at dinnertime hoping that Harriet would invite me in to dinner, which she usually did. And sometimes their daughter Persis would be there, who is now, of course, the dean of engineering here at Stanford.

A few years later, Sid was assisting the assembly of a team of scientists for the U.S. Congress on a topic that preoccupied Cold War Washington at the time: how to base the ten-warhead MX intercontinental ballistic missile so that it could not be destroyed in a first strike by 3,000 equivalent megatons of Soviet throw-weight atop their SS-18 missile. He recommended that I join that team temporarily. Sid Drell was an inspiration to all those who worked in those years to control the danger of nuclear weapons. And this – for me – was the beginning of my involvement in national security affairs.

At about that time, I got to meet the then-undersecretary of defense in charge of technology and procurement for the Department of Defense. He impressed me with how lucid and logical he was, and how well he applied technical thinking to national security problems. That undersecretary was of course William Perry, who is also present here today, and who later became deputy secretary of defense and finally secretary of defense in a progression that I have followed some 30 years later. Bill has been a major figure in my life, including standing in for my father at my wedding.

So I thank both Sid and Bill Perry, and many, many other colleagues here at Stanford…old friends at CISAC, at the Freeman Spogli Institute, at the Hoover Institution, and in the engineering faculty. I especially thank everyone for their warm welcome to me as a visitor here earlier this year. Not quite two months into it, on a fateful Monday afternoon in November, though, duty called. And I found myself nominated by President Obama to be secretary of defense.

When I became secretary, I made three commitments. The first is to the troops and to their families – to safeguard them, to ensure that they’re treated with dignity and respect, and above all to ensure that when they’re sent into harm’s way, it’s done with the utmost care. The second commitment is to President Obama – to offer him my best strategic advice as he faces a complex world, to ensure at the same time that he receives candid military advice, and finally that his decisions are carried out with DoD’s expected excellence. And my third commitment is to the future – to stay ahead of a changing world, to stay competitive, to stay aware of new generations and attract them to our mission of serving the country, and to stay abreast of technology…all this the topic of my comments today.

Over the years, I’ve seen lots of products developed here in Silicon Valley and throughout the tech community to enable boundless transformation, progress, opportunity and prosperity…across all sectors of our economy and society – commerce, health care, education, transportation, and national defense among many others. And it’s made many things easier, cheaper, and safer.

But in recent years, it’s become clear that these same advances and technologies also present a degree of risk to the businesses, governments, militaries, and individual people who rely on them every day…making it easier, cheaper, and safer to threaten them.
The same Internet that enables Wikipedia also allows terrorists to learn how to build a bomb. And the same technologies we use to target cruise missiles and jam enemy air defenses can be used against our own forces – and they’re now available to the highest bidder. Whether it’s the cloud, infrared cameras, or the GPS signals that provide navigation for ride-sharing apps, but also for aircraft carriers and our smart bombs – our reliance on technology has led to real vulnerabilities that our adversaries are eager to exploit.

And this brings me to my question for today: how do we mitigate that risk – the risk that comes with such technology while simultaneously unleashing its promise? How do we protect not just the freedom the Internet affords and the new opportunities to advance human welfare that technology enables, but also our country, our future, our children, our people?

And the key, in my mind, is to ensure an alignment between a defense that leverages our strengths – like our robust and independent business and academic communities – and that reflects our nation’s values and longstanding traditions…and a defense that is effective in a changing world.

How to align all that, and how we achieve that alignment isn’t new. We find the alignment in open partnership…by working together.

Indeed, history shows that we’ve succeeded in finding solutions to these kinds of tough questions when our commercial, civil, and government sectors worked together as partners. And today, we must…and can…do the same.

Looking out over the last 75 years, we’ve had a long history of partnership. Sometimes the bonds between the academy, industry, and defense were particularly close…like during World War II, when the Manhattan Project and the MIT Radiation Laboratory and others brought together the brightest minds, and the best of industry cranked out the ships, planes, and tanks – at what are now astonishing to us numbers. And another was during the Cold War, when a cross-section of military, academic, and private-sector experts paved the way to a future of precision-guided munitions, battle networks, and stealth. At times, we also eyed each other warily – like when Bobby Inman faced off against Martin Hellman and Whit Diffie over public-key encryption and commercialization; or during the controversy over the Clipper ship – chip – Clipper chip, excuse me, in the 1990s; and, more recently, after the actions of Edward Snowden.

Through successes and strains, our ties have broadly endured…but I believe we must renew the bonds of trust and rebuild the bridge between the Pentagon and Silicon Valley.

One reason to do so is that we share many of the same underlying objectives and values. As our government has demonstrated in recent trade negotiations, diplomacy, and decisions on net neutrality, we are strong proponents of a free and open Internet, and strong supporters of protecting intellectual property rights.

But we also need to work together because we’re living in the same world, with the same basic trends and the same basic threats.

The first of these trends is the evolutions we’re seeing in technology – that you all know very well about.

But second, there’s been an evolution for us of where technology comes from. When I began my career, most technology of consequence originated in the United States, and much of that was sponsored by the government. Now much more technology is commercial, and the technology base is global.

Globalization and commercialization have, in turn, led to more competition, which is good, because it leads to more innovative thinking. That’s driven a third trend, which is that the competition for talent has become much more aggressive – and I’ll have more to say about that later, because that matters a lot to me as secretary of defense.

These trends are contributing to a growing problem we think about every day in DoD: the fact that threats to our security and our military’s technological superiority are proliferating and diversifying. This is happening in terms of conventional weaponry and technologies, and in the cyber domain. You may think that some of this should just be left up to DoD, but these challenges should concern us all.

Let me step back. During the Cold War, Bill Perry drove a so-called “offset strategy” that harnessed American technology to radically change warfare through precision-guided munitions, network-centric forces, and stealth aircraft. It came to life during the 1991 Gulf War – when the world watched, stunned, at what the American military might had achieved. But the world has since had a quarter century to figure out how to counter these capabilities.

So now we’re seeing high-end military technologies long possessed by only the most advanced foes find their way into arsenals of both non-state actors and previously much less-capable militaries. And nations like Russia and China have been pursuing long-term and comprehensive military modernization programs to close the technology gap with the United States…particularly through capabilities designed to thwart our traditional advantages of power projection and freedom of movement. They’re developing and fielding new and advanced aircraft, submarines, and ballistic, cruise, anti-ship, and anti-air missiles that are both longer-range and more accurate. And they’ve been working on new counter-space, cyber, electronic warfare, undersea, and air attack capabilities that challenge our own. And as I’ll explain more in a moment, we’re of course innovating to stay ahead of these threats…but they’re very real.

And meanwhile, as tech companies see every day, the cyber threat against U.S. interests is increasing in severity and sophistication. While the North Korean cyberattack on Sony was the most destructive on a U.S. entity so far, this threat affects us all. And it comes from state and non-state actors alike. Just as Russia and China have advanced cyber capabilities and strategies ranging from stealthy network penetration to intellectual property theft, criminal and terrorist networks are also increasing their cyber operations. Low-cost and global proliferation of malware have lowered barriers to entry and made it easier for smaller malicious actors to strike in cyberspace. We’re also seeing blended state-and-non-state threats in cyber…which complicates potential responses for us and for others.

And this is a serious business. This is a serious matter. And it requires our collaboration. But in addition to dangers, there are also really great opportunities to be seized through a new level of partnership between the Pentagon and Silicon Valley – opportunities that we can only realize together.

Consider the historic role that DoD and government investments have played in helping spur ground-up technology innovation – both in this Valley, and on this campus. Some examples are well known. Vint Cerf ‘fathered’ the Internet while a Stanford assistant professor and also a researcher at DARPA. GPS – I don’t know whether Jim Spilker is here – likewise began as a defense-driven project, as did, in an earlier era, jet engines and communications satellites. And even today, Stanford continues to be among the top university recipients of federal R&D spending.

But other examples we hear less about. Work on Google’s search algorithm was funded by a grant from the NSF, National Science Foundation. And most technologies used throughout Silicon Valley – including many that Apple brilliantly integrated into the iPhone – can be traced back to government or DoD research and expenditures. The developers of multi-touch worked together through a fellowship funded by the National Science Foundation and the CIA. iOS’s Siri grew out of not only decades of DARPA-driven research on artificial intelligence and voice recognition, but also a specific DARPA project funded through SRI to help develop a virtual assistant for military personnel. And Google’s self-driving cars grew out of the DARPA Grand Challenge.

Now, obviously none of this diminishes the genius, the hard work, and the sacrifices by innovators here at Stanford, or in Mountain View, or Boston, or elsewhere. The government helped ignite the spark, but this was the place that nurtured the flame that created incredible applications. I mention this because it speaks to a partnership that has long existed between America’s technology sector and its government and defense institutions…a relationship that can continue in a way that benefits us both.
All these facts – both the challenges and the opportunities – lead me to a clear conclusion. Renewing, strengthening our partnership is the only way we can do this.
Now, it won’t always be easy. We’ve had tensions before, and we will likely have them again. We shouldn’t diminish that. But those who work in the tech community are no strangers to intense grappling with ideas. And the same is true for those of us who work in the Pentagon. And, because we have different missions and different perspectives, sometimes we’re going to disagree.

But I think that’s okay. Because being able to address tensions through our partnership is much better than not speaking at all. And there can be great ideas that come out of candid conversation.

And this of course leads us to a new question – what would this renewed partnership look like? And what’s the best way to re-wire the Pentagon for a partnership?

As secretary of defense, I believe that we in the Pentagon – to stay ahead – need to change and to change we need to be open, as I say, we have to think outside of our five-sided box. So I want to spend the rest of these remarks talking about two areas where I believe our partnership is most vital – innovation more broadly and cybersecurity particularly. And I want to be open with you about our plans for both.
Let me start with innovation.

It’s no secret that DoD is coming out of fighting two wars – two long wars – for more than 10 years. While we were focused on solving the problems we faced during those wars, we lost sight, in some ways, of the bigger picture about the impact and proliferation of technology around the world.

Now, this isn’t to say that DoD has completely ceded R&D funding and innovative thinking to everyone else – we still make up half of federal research and development, which is about $72 billion dollars this year. These are resources that help build the world’s most advanced fighters and bombers, develop new phased arrays for radar, and produce the satellites, missiles, and ships that let us strike terrorists in the Middle East and underwrite stability in the Asia-Pacific. And unlike our R&D investments during the past 14 years of war – like when we needed thousands of Mine-Resistant, Ambush-Protected vehicles, or MRAPs, to protect our troops from roadside bombs – the investments we’re making today are preparing us to face the types of high-end threats that I described earlier.

Some of these R&D funds – $12 billion dollars’ worth – support the breakthrough science and technology research done at universities and companies and DoD labs across the tech community. For example, a number of folks here at Stanford have worked with DARPA, our advanced research projects agency, which you all know. In the past three years, DARPA has partnered with nearly 50 different public- and private-sector research entities in Silicon Valley – that’s just one agency. These relationships are really valuable to us, and I intend to continue to nurture them.

Come June, we’ll see this in action, when the finals take place for the DARPA Robotics Challenge in Southern California. This event will showcase how work on smaller sensors, pattern recognition technology, big data analysis, and autonomous systems with human decision support, could combine into a rescue robot – that’s the challenge – a rescue robot that navigates a disaster-stricken area with the same speed and efficiency that you or I would…but without putting anyone at risk.

Another example is how we’re looking beyond GPS. While DoD will of course continue to support the GPS satellites, which we engineer and launch – because of all the commercial applications as well as military applications – we also need to find alternatives for military use that are more resilient and less vulnerable. We’ll do that in part by advancing microelectromechanical systems technology for small inertial navigation units, small accurate accelerometers, and precision clocks – all on a chip. Today this technology is in our smartphones – that’s how they know they’re being rotated – and we’re pushing it to be far more precise. We’ll push, for example, the performance envelope in timing and navigation technology by harnessing Nobel Prize-winning physics research that uses lasers to cool atoms. Stanford has been a tremendous force in this area, with one group of researchers creating a company we work with, AOSense, to make practical cold-atom systems. The result would be a GPS of things – akin to the Internet of things – where objects, including our military systems, keep track of their position, orientation, and time from the moment they are created with no need for updates from satellites.

But to stay competitive and to stay ahead of threats, DoD must do even more. And that starts with our people, who are our most important asset – both in Silicon Valley and in the military. Who they are, and where they are, matters tremendously in affecting our ability to innovate. And that’s the rationale behind some initial steps I’m taking starting today.
First of all, it’s important that we at the Pentagon find new ways to help bring in new people with the talent and expertise we need, and who want to contribute to our mission as part of the force of the future, even if only for a time…or a project. We’re establishing a DoD branch of the U.S. Digital Service, the outgrowth of the tech team that helped rescue healthcare.gov, for example, to help solve some of our most intractable IT and data problems in DoD. And in fact, we have our very first team there – a ‘sprint team’ already in the Pentagon working on transferring electronic health records from DoD to the Veteran’s Administration – a bigger problem than you might imagine. And they’ll work on classified projects as well. And if you want to be a part of the U.S. Digital Service, you can, and it’s a wonderful opportunity to try out public service – try out applying your skills to national defense and maybe you’ll end up like I did after Sid Drell got me to give it a try. But that’s what we’re trying to do – ask people to give us a try, join us for a while – even if for just a time. Make a contribution. Feel what it’s like to be a part of something that’s bigger than yourself. And it really matters.

The reason that Silicon Valley is so successful is that it has the right people in it but there’s proximity as well – there’s an ecosystem out here. Everyone’s in the same general area, which not only helps forge relationships, but also helps spread new ideas. And that geographic proximity, coupled with strong links between academia and industry, has made this entire region a nexus for innovation.

So I am also creating something that we call the Defense Innovative Unit Experimental [Defense Innovation Unit X]…first-of-its-kind unit for us, staffed by some of our best active-duty and military personnel, plus key people from the Reserves who live here who are some our best technical talent. Some of you are reservists – and we appreciate that. They’ll strengthen existing relationships and build new ones; help scout for new technologies; and help function as a local interface for the department. Down the road, they could help startups find new work to do with DoD.

Third, we’re going to open a door in the other direction – from our best government technologies to industry and then back. For example, we currently have a Secretary of Defense Corporate Fellows Program that sends about 15 of our people a year out to commercial companies like Oracle, Cisco, FedEx, and others. Right now we don’t effectively harness what they’ve learned when they come back.

So we’re going to expand that fellows program into a two-year gig – one year in a company, and one year in a part of DoD with comparable business practices. That way we have a better chance to bring the private-sector’s best practices back into the department. These are just some of the examples of how we need to drill holes in the wall that I think exists and has built up over the years between the Department of Defense and the commercial and scientific sector. Let people come back and forth and try it out – that’s the only way to do it. People want choices these days, and they want mobility. They don’t want to get stuck on one side of the wall or the other.

We also have to think about investing in the most promising emerging technologies, as well as our people. While DoD has sought to continuously improve our acquisition processes over the past five years – and I’m proud to have been a part of that effort at the beginning of the Obama Administration – there are still areas where we can and must do better.

One concern I’ve heard about is the worry that the government will insist on taking intellectual property, and then reveal proprietary information to the public and to competitors. Let me assure you that we understand and appreciate industry’s right to intellectual property. And DoD has a long history of successfully protecting companies’ proprietary information, and we respect the fact that IP is often the most important and valuable asset a company holds, and that businesses cannot be forced to sell their IP to the government. We understand all that. We need the creativity and innovation that comes from start-ups and small businesses, and we know that part of doing business with them involves protecting their intellectual property.

This is particularly important because start-ups are the leading edge of commercial innovation, and right now, DoD researchers have many effective ways to transition promising – sorry, do not have enough effective ways to transition technologies that they come up with to application. And we need to fix that, too. I don’t want us to lose out on an innovative idea or capability we need because the Pentagon bureaucracy was too slow to fund something, or we weren’t amenable to working with startups, as we should be.

So, borrowing on the success of the Intelligence Community’s partnership with the independent, nonprofit startup-backer In-Q-Tel, which many of us have had involvement with, I’m going to propose – I have proposed and they’ve accepted a pilot project with In-Q-Tel to provide innovative solutions to our most challenging problems. We’ll make investments with In-Q-Tel in order to leverage their existing proven relationships, and apply their approach to DoD. As some of you know, In-Q-Tel has been working with Silicon Valley for over 15 years, and continues to provide other parts of the U.S. government with access to the start-up world. In order to regain our competiveness, we have to expand our ways of investing in identifying and implementing new technologies and capabilities – and this approach may help us yield a long-term advantage.

And commercial technology – I should say – is not a panacea, nor will it ever be…we can’t get everything from outside, and we need some special technologies for our own special missions. Stealth is one example: we need aircraft to look as tiny as sparrows on radar, but nobody else needs aircraft in the commercial world that do that. Similarly, the Mach 5-plus hypersonic scramjet we tested on the X-51 a couple years ago is technology we need for a new dimension in warfighting – it’s not something the commercial sector needs.

But there are many areas where the potential in leveraging commercially-driven technology is so huge, that we have to embrace it going forward.

We want to partner with businesses on everything from autonomy to robotics to biomedical engineering; from power, energy, and propulsion to distributed systems, data science, and the Internet of things. Because if we’re going to leverage these technologies to defend our country and help make a better world, the Department of Defense cannot do everything in all these areas alone. We have to work with those outside.
And the same is true, finally, with cybersecurity – we’re going to have to work together on this one.

While we in DoD are an attractive target, the cyber threat is one we all face…as institutions, and as individuals. Networks nationwide are scanned millions of times a day. And as we’ve seen cyber attackers bombard the public websites of banks, make off with customer data from retailers, try to access critical infrastructure networks, and steal research and intellectual property from universities and businesses alike…so too have individual citizens been compelled to guard against identity theft.

This is one of the world’s most complex challenges today, which is why the Department of Defense has three missions in the cyber domain. The first is defending our own networks and weapons, because they’re critical to what we do every day…and they’re no good if they’ve been hacked. Second, we help defend the nation against cyberattacks from abroad – especially if they would cause loss of life, property destruction, or significant foreign policy and economic consequences. And our third mission is to provide offensive cyber options that, if directed by the President, can augment our other military systems.

In some ways, what we’re doing about this threat is similar to what we do about more conventional threats. We like to deter malicious action before it happens, and we like to be able to defend against incoming attacks – as well as pinpoint where an attack came from. We’ve gotten better at that because of strong partnerships across the government, and because of private-sector security researchers like FireEye, Crowdstrike, HP – when they out a group of malicious cyber attackers, we take notice and share that information.

Still, adversaries should know that our preference for deterrence and our defensive posture don’t diminish our willingness to use cyber options if necessary. And when we do take action – defensive or otherwise, conventionally or in cyberspace – we operate under rules of engagement that comply with international and domestic law.

This approach reflects two goals. First, keeping the Internet open, secure, and prosperous. And second, assuring that we continue to respect – and protect – the freedoms of expression, association, and privacy that reflect who we are as a nation.

Let me repeat that second goal: We must continue to respect, and protect, the freedoms of expression, association, and privacy that reflect who we are as a nation.

To do this right, we again have to work together. And as a military, we have to embrace openness. Today dozens of militaries are developing cyber forces, and because stability depends on avoiding miscalculation that could lead to escalation, militaries must talk to each other and understand each other’s abilities. And DoD must do its part to shed more light on cyber capabilities that have previously been developed in the shadows.

So today, for example, I want to disclose a recent instance that helps illustrate the cyber threat we face today and what to do about it. It’s never been publically reported, and it shows how rapidly DoD can detect, attribute, and expel an intruder from our military networks – in this case, unclassified ones.

Earlier this year, the sensors that guard DoD’s unclassified networks detected Russian hackers accessing one of our networks. They’d discovered an old vulnerability in one of our legacy networks that hadn’t been patched.
While it’s worrisome they achieved some unauthorized access to our unclassified network, we quickly identified the compromise, and had a team of incident responders hunting down the intruders within 24 hours. After learning valuable information about their tactics, we analyzed their network activity, associated it with Russia, and then quickly kicked them off the network, in a way that minimized their chances of returning.

This episode illustrates a step in the right direction. Like a lot of CEOs across the country, my primary goal in my enterprise is defending our networks because we, too, are a network-centric organization, but I still worry about what we don’t know. Because this was only one attack that we found.

One way we’re responding to that is by being more transparent, to raise awareness in both the public and the private sector. Indeed, shining a bright light on such intrusions can eventually benefit us all – businesses and governments alike.

More broadly, President Obama has said that we will respond to cyber-attacks in a manner and at a time and place of our choosing using appropriate instruments of U.S. power. DoD has spent a lot of time figuring out how to help do so while also holding true to our nation’s enduring interests, traditions, and values. And we’ve developed a new cyber strategy that details what our cyber missions are and when we will take certain actions and why.

This new strategy – our first since 2011 – is to help guide development of DoD’s cyber forces, and it’s also a reflection of DoD being more open than before. We’re making it available to the public today – both online, and by the way, at the back of this room. And I’d like to tell you a little bit about it.

Like everything we do, our cyber strategy starts with our people – its first strategic goal is building and training our Cyber Mission Forces. These are talented individuals who hunt down intruders, red-team our networks, and perform the forensics that help keep our systems secure. And their skill and knowledge makes them much more valuable than the technology they use. We’re just beginning to build and to imagine this cyber force in DoD.

Another goal is to be better prepared to defend DoD information networks, secure our data, and mitigate cyber risks to military missions. We do this in part through deterrence by denial, in line with today’s best-in-class cybersecurity practices – building a single security architecture that’s both more easily defendable, and able to adapt and evolve to mitigate both current and future cyber threats. This to replace the hundreds of networks – separate networks – that we now operate in the Department of Defense. We have to strengthen our network defense command and control to synchronize across thousands of these disparate networks, and conduct exercises in resiliency…so that if a cyberattack degrades our usual capabilities, we can still mobilize, deploy, and operate our forces in other domains – air, land, and sea – despite the attack. And we’re also taking action – just this week I directed that we consolidate all of over IT services in DoD and throughout the Washington capital region – consolidate all of them, which will not only help improve our overall cybersecurity, but also save millions of dollars we can better spend elsewhere.

Of course, as I’ve said, we know that working together in the cyber domain is essential. And that’s why one of the primary aspects of our strategy is working with partners – in the private sector, across our government, and around the world. And the strategy speaks to this as well.

Because American businesses own, operate, and see approximately ninety percent of our national networks, the private sector must be a key partner. The U.S. government has a unique suite of cyber tools and capabilities, but we need the private sector to take its own steps to protect its data and networks. We want to help where we can, but if companies themselves don’t invest, our country’s collective cyber posture is weakened and our ability to augment that protection is limited.

To build our vital cyber force, we’re going to need to use new ways to attract talent through new private-sector exchange programs that let people from outside contribute to our mission and then return here to the Valley or to stay, as I did. And to ensure that our people have the right tools to execute their missions, we’re going to be increasing our fundamental research and development – this is an exception in these times of budget constraints – increase our fundamental research and development with both established and emerging private-sector partners in cyber…so that together, we can create cyber capabilities that not only help DoD, but can also spin off into the wider U.S. marketplace.

And last to ensure our cyber operations are appropriate and effective, we’re going to work more closely with our law enforcement partners at the FBI, with Homeland Security, and elsewhere. There are clear lines of authority in our government about who can work where, so as adversaries jump from foreign to U.S. networks, we need our coordination with our government to operate seamlessly. And I’m determined that the Department of Defense be a cooperative partner with law enforcement and with homeland security.

We’ve already started practicing with them – just a couple of weeks ago, we had an exercise that we did with our FBI counterparts on how to do exactly what I said – and we’re going to be exercising much more going forward. It’s important that we work together and that we all behave in a way that is lawful and appropriate.

Now, as secretary of defense, my mission is to make sure our military can defend our country – make a better world. But this is a mission that all of us who love freedom and opportunity and want a better for our children and our grandchildren share with us. We’re our best when we have the best partners. Knowing how we’ve worked together in the past, and how critical your work is to our country, strengthening this partnership is very important to me.

We have a unique opportunity to build bridges and rebuild bridges and renew trust. That’s why I’m visiting some other companies here this afternoon, and meeting with a group of tech leaders tomorrow. I want to learn how, in the years to come, a new level of partnership can lead to great things.

That’s what’s possible through partnership. And whether it’s helping safeguard the Internet or helping save lives, working together for the greater good is bigger than who we are as individuals – bigger than who we are as companies.
It’s an imperative we face…an opportunity we share…and it’s the only way to make a better world – together.

Thank you.

(APPLAUSE)

Q: Well, Secretary Carter, thank you for those remarks. Welcome back to Stanford. As is the tradition of the Drell lecture, the first question is always from Sid Drell. As you know, the doctors ordered him to stay home today, but Sid was undeterred. He watched you on livestream, and he emailed me a question. (Laughter.) And since Sid was on your doctoral dissertation committee, you know he's going to start you off with a hard one. Here's what Sid writes.

I'm very pleased with the new initiative being released today and a commitment prioritizing the importance of cyber. It's a subject that is critical to the country's national security and protection of our civilian economy. With regards to this new plan, can you share with the audience how as secretary of defense, you plan to direct the complex undertaking the array of intelligence agencies, DIA, NSA, et cetera, have ahead of them, and how you plan to ensure there is coordination and cooperation on the technical level so that they don't repeat each other's work?

SEC. CARTER: Good -- good -- good question as you'd expect from Sid.

By the way, I talked to Sid on my way here, who after 30 seconds of mutual greetings, launched into another interest of his, the indefatigable Sid Drell, but he is under the weather, as is Harriet, and I -- but it's an honor to give a lecture in his name.

He is pointing to something that is endemic not only in DOD but across the government, which is the inability of people, bureaucratically-minded people, to work together on common things.

This is something that bedevils him. He was explaining it to me in the car on the way. And that's what I was alluding to when I talked about Homeland Security and the FBI. We can't have that.

We cannot have a situation where we in DOD are contending with the FBI, contending with Homeland Security, or whether within my domain, DIA, NSA, and CIA, which is obviously not mine, is outside, aren't working together.

I have no tolerance for that at all. And I've told my colleagues, starting with FBI and Homeland Security, that I have told my people no -- no turf contention. I want people working together.

I'll give you an example. Bill Perry, when Bill was the boss of the Pentagon and I worked there, it was traditional for the State Department and the Defense Department to fight with one another. If George Schultz were here, he would remember that also.

And Bill told us, "I don't want you doing that. I'm not going to listen to any of your arguments about how you're not getting along with" what was then Warren Christopher's State Department.

So I don't allow it. I'm not going to allow it as secretary of defense. And within the department, it's the same thing. We have NRO, we have DIA, CIA. People are bureaucratic in Washington, and they want to -- they want to protect what they're doing so that they continue to have the people and the resources they want. And it's -- it's intolerable in today's world because we don't have enough good people to build walls between them. We've got to share them and use them together.

So I am -- I know exactly the examples he's talking about, and it has to start with leadership at the top. It has to start with me. And I'm not tolerating it.

Q: Let's talk a little bit more about people.

You mentioned in your remarks the importance of developing the cyber workforce of the future, both in and out of uniform. How do you reconcile the tension between what is termed the hacker mindset that many people think is necessary for success, and the military's culture that's more rule oriented and structured?

SEC. CARTER: Yeah, that's a good question. It is like a clash of cultures. And I think about that a lot because it's also a clash of generations. And you know, I'm in the position now of needing to attract to military service a generation of people who grew up entirely in the Internet age, whose memories of 9/11 are either faded or dim or non-existent, and attract them to the mission of national security and national defense.

The only way to do that is to make us as open and flexible as their private sector counterparts are. So that's why I talked about those three initiatives in the personnel area. I'm trying out ways to change the way we bring people in. Give them a try. People don't like to be tied down. Kids don't want to get into something that they're going to be in for their entire lives. They want to move in and out. That's why I'm looking for the cyber force about being able to move people laterally into the military rather than having to come up through the ranks because of their level of expertise.

These are revolutionary things, but we have to do them. We can't have industrial age institutional and human resources thinking in an age when people, they want choice, they want flexibility, they want movement, they want mobility, and we have to be part of that, or we're not going to be a part of the generation that will make us successful in the future.

So that's -- that is the theme of what I am trying to do, both in the uniformed side, with our new recruits, and recruiting new kids into the military, and with our civilians and the people who work in the defense industry. What's going to make it exciting? The mission is compelling: creating a better world and a safer world. The mission is compelling. But we've got to make the environment less dreary.

Q: You talked about a whole of nation approach, and yet as you know, there is deep and lingering distrust. What do you think are the best next steps that DOD and others in the U.S. government can take to really restore that trust?

SEC. CARTER: Well, I think that people -- our companies and our people need to be convinced that everything we do in the cyber domain is lawful and appropriate and necessary. And I think the Snowden revelations indicated that we had a difference of view between what we were doing and what people understood us to be doing.

So we've made some adjustments in that, and I think we'll continue to be more open and adjust, but I also have to say that I have never encountered an example. When we do surveillance, we're doing it to counter terrorism, to counter military action, to counter trafficking and other things that are heinous. We do not do it to collect people's private information for the information's sake.

But I understand that we need to be open and that we need to adjust what we're doing in such a way that it's accepted. I -- unfortunately a lot of what we're doing has to remain secret, but that's why all three branches of government are involved. You know, Congress knows about all these things. They approve all these things. They're all done lawfully within the courts. So, we can change the way we do that, but that is the appropriate way to do it, with all three branches of our government involved.

But I think there's no other way than by being open and by being willing to adjust the way we do things. I also think that there is a certain amount of protectionism going on around the world being used against U.S. companies in the wake of the Snowden incidents, which is nothing else but protectionism in the guise of concern about U.S. surveillance.

But we will continue to be open and to adjust.

Q: Let's talk a little bit more about DOD's mission in cyberspace. You said one of the critical missions, one of the three missions, is to defend the nation against attacks, and the term has been used, of significant consequence.

Help us understand what that means. At the low end of the threshold, what is an act that would have an impact that would trigger DOD involvement?

SEC. CARTER: Something that threatens significant loss of life, destruction of property, lasting economic damage to people. Those are -- is the kind of thing as in any use of -- of force against Americans or American interests where the president would determine what the response ought to be on the basis of its proportionality and its effectiveness, and it won't be any different in cyber than it will in any other domain, and by the way, the response might not occur in cyberspace, but might recur -- might occur in a different way.

So, for our role as defense is as I said, first and foremost to defend our own networks. But on occasion, we may be called upon to help defend other parts of the society, and that's our mission also, and we'll do so.

Q: But of course, as you know, if we could imagine Hollywood screenwriters writing a script of a cyber attack, nobody would ever believe the attack on Sony.

So how do you think about setting a -- a clear set of criteria for defining acts of significant consequence when we see unprecedented types of attacks today?

SEC. CARTER: Well, you're asking again about what would be an act of significant consequence, and I think that that's something that is going to -- a determination that's going to be made case by case, depending upon danger or potential danger to life and property in -- in the United States.

And we'll make that determination if and when it occurs on a case by case basis. In the Sony attack case, first the president did make that determination and did direct action which wasn't in cyberspace.

Q: How, if at all, did the Sony attack change your thinking about cyber threats and what we need to do?

SEC. CARTER: I think that's particular nature of that attack was involving as it did a deliberate attempt to impede freedom of expression in the United States. That was the North Korean declared objective. It was particularly objectionable.

Now, it turns out we were able to deal with that over time, and as I said, take actions in response to it, but it -- what it tells me is that the cyber route is now available even to countries as generally limited in terms of technology and economy as North Korea.

Q: So, I want to make sure we have time for our audience questions and our questions from Twitter, but before we turn to that, let me bring it home a little bit.

You're the secretary of defense, but you're also a long-time scholar and teacher. And we have many Stanford students in the audience here today. What would you say to them about what their role can be not only in cybersecurity, but in national security policy more broadly, and what role can universities like Stanford play?

SEC. CARTER: Well, it's a great question because I -- I -- this is one of the things I'm most intent upon as secretary of defense is to give people a chance to feel the experience of contributing to something that's bigger than themselves and that matters so much, which is the security of our country and the security of our world and making a better world for our children.

This is something you can't take for granted.

And I sometimes feel that the safer we are, the less people appreciate what it is that keeps them safe. So, I know I can't get people to join us by preaching at them about that, but I can get them to join us by giving them avenues to try, avenues to give it a try, give it a sample. That's why I'm so intent upon increasing the permeability of the wall between the government and young people in the private sector and the way that this -- generations in the future are going to think about their careers. And we need to adjust the way the government behaves so that they can fit into that.

Some of them will come in and go out and come in and go out, as many of us have done. And some will come in and stay. But we need to make that more permeable, otherwise we're not consistent with the way people are thinking about their careers these days, particularly scientific and technical people.

They want to move. They want to be challenged. They want to have mobility. They want things to be exciting.

If we don't provide that in the field of national security, we're not going to continue to have what we now have, which is the finest fighting force the world has ever known.

Q: So let's take the opportunity now to turn to our audience questions from all of you and our online Twitter questions.

And to do that, we have Jenny Mayfield who's director of media relations at the Hoover Institution.

Q: Thank you Amy, and it's an honor to have you here, Mr. Secretary.

Lots of great questions from the Stanford community. Too bad we can't get through all of them.

Starting here with a question from the audience, how can the military compete with the private sector for recruitment and retention of cyber expertise?

SEC. CARTER: Well, it's a very good question. Gets back to what I was saying before.

First of all, you have to realize we are in competition. It's not like the old days. And so we have to make ourselves an exciting and flexible and rewarding place to work. We're never going to be able to pay the way the private sector does, but the mission is compelling.

And when we get people -- young people in, and they get a taste of how exciting it is and how deeply important it is to be a part of security, I'm confident that the mission by itself will do the trick. Our job is to have a personnel system that is permeable enough that people give it a try and at least spend part of their lives contributing to national defense, even if they don't spend all of their lives.

And it's changing those two things: how you can get in, and how you can get in and out that is going to make us more compatible with today's --- the way people see their careers today. They don't want to join Ford Motor Company, and they don't want to join a government agency. They want to have flexibility and mobility. We need to offer that if we're going to be competitive.

Q: Here's another one from the audience. Could you discuss the experience of switching from an academic career to a political position?

SEC. CARTER: Good question and I want to amend the question if I may slightly to say that the secretary of defense is by a tradition that I hope always continues, not a political position in the usual sense. And I think that's important. I'm not a political person by nature. I'm honored to have the position. I think it's to the country's credit that they would have somebody who was with my background serve them in this capacity.

The -- how do you get back and forth between academia and the government? For me, it was my scientific knowledge. That's what got me into it. I was able to, through Sid Drell, give it a chance. And when I did, I found out two things. First of all, these were really important problems I was working on, and second of all, I could make a difference because of my technical background. That's how I started.

Of course, now I'm doing other things and it's a different kind of policy and managerial job, but I had the sensation of working on something that was really important and knowing I was making a big difference to it. Those are the two ingredients for anybody to throw themselves all in to something. I was given that opportunity and as I said before, I want to give it to others in generations ahead.

Q: This is one actually from Twitter. What's in it for Silicon Valley? Why enter DOD's acquisition system?

SEC. CARTER: Well, I hope you don't have to enter DOD's acquisition system -- (Laughter.) -- in order to make that -- for starters, I don't want to have to do -- have to do that. But why work with us?

We have really exciting problems that we work on and that we challenge people for. So, we have some of the most exciting problems you -- that you can have in technology, and they're consequential. They matter. They have to do with our protection and our security and creating a world in which people can live their lives and dream their dreams and have their children and give them a better future.

And those two things, technical excitement and a sense of mission, that's why I think folks will want to work with us.

Our job is not to make it a big acquisitions system that they have to join, but something that's much more user friendly and that they can come into and go out of more flexibly. That's our job.

But I'm convinced that the excitement of the technology challenges we have and the gravity of the mission, those are things are very compelling to everybody.

Q: Shifting gears a little bit, this is from the audience.

Newly admitted students to Stanford were four years old on 9/11. It's history, not experience.

Can you talk a little bit about the terrorist threat, and how serious it is compared to other threats?

SEC. CARTER: Yeah, well the start of that is really important, because we in the Department of Defense have enjoyed an environment for the last few years of having an extra augmentation of people of quality entering our ranks in the wake of 9/11 because it was a indication to them of how important it was to have security against terrorism.

Also the slowdown in the economy helped us as well, sadly. It's not a reason you want to have, but it was better for labor markets in terms of us being able to attract and recruit good people.

For those who don't remember 9/11, I think you have to put yourself in the shoes. Unfortunately, we are intent upon protecting our own country and our own people and our own interests, so I do not want to us to have other examples that are as inspirational as 9/11. We work hard every day. Believe me, there are people out there who want to do that and worse every day. I think the only thing you can do is point to other places in the world where people their age have nothing like the opportunities that they have.

And many of our young people are very internationally aware. And it doesn't take something here at home as much to have them understand what terrorism is like than maybe it did 15 years ago. But I do worry that the better a job we do, the more we're taken for granted.

Q: Can I follow up on that?

I'd like to get your sense of the threat environment more broadly. Director of National Intelligence Jim Clapper has said most complex threat environment he's confronted in his 51 years in the intelligence business.

As you look at the array of threats and we see a lot of them today, whether it's the rise of China or challenges, the rise of China, terrorism, cybersecurity, events in the Middle East, what is the -- what are the most important threats that concern you?

SEC. CARTER: The -- it is a kaleidoscopic many things going on. And so you have -- if you -- so the strategy requires a sense of perspective, which is the ability to look at all the world and all of those problems and decide how we're going to apply our resources to them.

And that's what we try to do and so it's not possible to say that one is more important than the other. And the country in our position, we have to take all of them seriously.

We don't have infinite resources, so we have to parcel our resources out among those different challenges, but we don't have the luxury in the United States to ignore any part of the world. They're all important to us. At the same time, you have to begin with our interests and protecting our people, and that's the home base for our strategy.

We're not going to be able to address every problem in the world. We're not going to be able to bring order to every country in the world. And the touchstone is our security. And that's the touchstone of our strategy.

Q: This one's regarding the Iran nuclear negotiation. How concerned are you about what looks to be very different, some would say contradictory statements from Iranian leaders and U.S. officials about what was agreed to in the draft? And what would you say a good deal looks like?

SEC. CARTER: Well, a good deal, those of you who don't follow this, this is an expression I think coined by President Obama, who said he'd rather -- he wants a good deal, and he'll take no deal rather than a bad deal. And I think that's the right attitude to have. I think we've got a couple more months for Secretary Kerry and Secretary Moniz -- many of you know Ernie Moniz -- who are conducting these negotiations to see if they can close the gap, real or perceived, between where they left it a few weeks ago, and an agreement that would be a good deal.

We'll just have to see what happens over the next couple of months.

Q: I think we have time for one last question.

Q: Okay, here's another one from the audience.

Climate change is one of the biggest challenges facing mankind. What is the Department of Defense doing to mitigate its climate footprint?

SEC. CARTER: We are doing things like most enterprises are to cut back on wasteful use of energy and carbon emissions. Everybody is doing that. There's an economic reason for us to do that as well as a climate reason, but I think the questioner's getting at something broader, which is climate change does affect our strategic outlook in certain parts of the world.

It's particularly true in the Arctic where there's contention already, and we're adjusting to that to changes in weather patterns, water distribution, and so forth. All these things have the potential to change the -- alter the climate patterns that have determined human settlement over centuries. Those patterns are changing. That's going to cause its own level of disruption and adjustment required, and I think people who are worried about the state of the world and the stability of the world have to pay attention to that. And we do that too, as well as our -- playing our role, which is modest, in prevention.

Q: Well, because you answered that question a little more quickly than I thought you would, we have time for a couple more, so we'll keep you as long as we can -- (Laughter.) -- as long as we can.

Q: Let's see. Okay, this one's from Twitter.

Will these cyber attackers become kinetic targets or remain a law enforcement problem?

SEC. CARTER: Yeah, insiders. The -- this is an important point the questioner is raising, as any of you who works on cybersecurity know and as the Edward Snowden incident illustrates, the insider threat is in many, many circumstances a more dangerous one than outsider threats, people that are hacking their way into a network.

And it's a security problem, and because of the consequences, obviously, it's a crime to do so. But what we've done in response both to Snowden and to other kinds of incidents like that, but we're still not where we need to be, is to do -- take the steps on the network that keep track of what people are doing, that detect suspicious patterns of behavior, that prevent exfiltration of data in large quantities or in suspicious categories and so forth.

You cannot be sure that you do not have in tens of thousands of people, an aberrant individual.

And so you have to make sure that the networks are configured in such a way that insider threats are protected against as strongly as outsider threats are. Obviously, when you find a transgressor, that becomes a law enforcement issue, but it's too late by that time. So I don't want to get to the point. I want to get -- I want to have our networks where that kind of behavior is simply not possible. There isn't possible for much earlier detection than we've had in some of these cases. Very important.

Q: This is a question about China's rise. So, you've recently said that TPP is as important to you as a new aircraft carrier, describe the Asia-Pacific trade agreement as an urgent priority, and called the Asia-Pacific the defining region for our nation's future.

This question's twofold. What do we have to do to get -- excuse me, what do we have to do to get the right deal with China's rise, and how can we keep from getting distracted by the Middle East and Europe?

SEC. CARTER: A lot of questions in there. (Laughter.) All -- all good.

I mean, fundamentally, the Asia-Pacific region is important to our future because that's where half of humanity resides, half of global economic activity resides. We're a Pacific power. That's why so much of our future lies there. And the region isn't in the headlines a lot. The Middle East is.

You say, how can you avoid being distracted? That's where you have to keep your sense of perspective, in what's important, and the Asia-Pacific is centrally important. It has been peace -- enjoyed general peace and stability for seven decades now. And in that environment, first Japan rose and prospered, then South Korea rose and prospered. Taiwan, Southeast Asia, and today, and China and India. And that's been good.

But it has occurred in a region where that has no security structure, no NATO, where the wounds of World War II are still not healed, and what has kept that peace and stability has been more than any other factor, the pivotal role of American military power and influence. That, for seven decades.

And that's been good for everyone there. It's been a good system. And in a nutshell, what we call our rebalance within our strategy is a determination to keep that going.

Now, with respect to China, I am not one of these people who believes that it is inevitable or even likely, and it's certainly not desirable that there be a atmosphere of contention between the United States and China. And so we -- but you know, history requires shaping. It's not going to happen all by itself.

And so I believe that as China and India rise, that's a good thing we welcome that, but we need to keep the American presence in the Asia-Pacific, because it's a reassurance to many there, and it's a signal to all that it would be terrible to ruin a good thing. And they've had peace and prosperity for 70 years.

And I was indicating that trade, which is part of this TPP, I was trying to illustrate the fact that it's the entirety of U.S. influence, and the values we bring which are ones of open commerce and open borders to trade, that's the system that we would like to continue to have in the Asia-Pacific. It's one that we were instrumental in creating many decades ago.

And that's why I think that element of our influence is as important as our military element, and that's what I was trying to -- that's what I was illustrating by using that analogy.

I think TPP, we'll see. I hope -- certainly hope will become a reality in coming months. It's an incredibly important thing. And the alternative is really undesirable. The alternative is a carving up of markets and lots of special bilateral deals. That's no way to run a 21st century economy, and I think most countries understand that. Most people in most countries understand that. I think we're going to avoid that. But it's -- it's -- we're going to have to close those negotiations and get started.

Q: We have regrettably come to the end of our time, but before we let Secretary Carter go, I have a little gift that I want to present.

So you have talked a lot about the importance of building bridges between Washington and Silicon Valley. Washington, a place of suits and uniforms. Stanford and Silicon Valley, a place of hoodies. So we wanted to make sure that you were properly attired to achieve mission success. (Laughter.)

SEC. CARTER: Hey. Thank you. (Applause.) That was wonderful. Thank you. (Applause.) That's great.


http://www.defense.gov/transcripts/transcript.aspx?source=GovDelivery&transcriptid=5621

No comments:

Post a Comment