tv Cyber Talks Conference Remarks by Dan Coats National Intelligence Director CSPAN October 18, 2018 8:00pm-8:18pm EDT
c-span. watch the debates from key house and senate races. make c-span your primary source for campaign 2018. coming up tonight on c-span2, government officials discuss cybersecurity ahead of the 2018 midterm elections. then at 8:30 we'll take you to missoula, montana, where president trump is campaigning for u.s. senate candidate matt rosendale. ...
always rushing at the end of your remarks? because after hurry up and finish? i said in the house somebody has a gavel the time has expired but that doesn't happen in the senate. so i said i must we rushing thinking i will be called off. and said in a very short period of time you two like your fellow colleagues are so enamored they still have to drag you off the floor. [laughter] so i will try to avoid that to be dragged off the platform by being somewhat concise if i could.
we have spent a great deal of time with the issues of cyberand cyberthreats. and the top priorities. and then to elevate cybersecurity as the top threat in this new era of extraordinary change and technology with some of the downsides of cyber. we are looking at a time when the growing number of people are interconnected by devices that provide information that guides daily activities. and as we look around at the
attentions and also happen to have advanced or rapidly maturing cybercapabilities. and in each of these countries cyberoperations is a low-cost tool to advance the national interest and with financial and human capital to have a return of initial cost and aside from the geopolitical impact the economic consequences are profound a malicious cyberintegrity cost
the united states economy between $57,000,000,109,000,000,000 and just the fact they have to look at a range tells you we don't really have a total of what is happening in the cost of what is happening relative to cybermalicious activity. it is also easy to see how the weaponization of cybertools and the relative lack of global guard rules significantly increases with enormous strategic consequences. to witness this first in recent years were the effects of the ransom where attack which spread around the world to the point of affecting emergency care in the united kingdom and then if you look
at russia's malware which the administration called the most destructive and costly cyberattack to date that crippled the ukraine before hitting businesses on a worldwide basis and a sense one - - aside from the malware attack with those different types of activity through cyberdomain adversaries are conducting persuasive influence efforts to undermine the democratic values this foreign directed efforts manifest in a different way but the goal is the same and let me give you a couple of examples. we continue to see fake online persona is permitted for use on government social media platforms to amplify hot button issues. this is often conducted in a
coordinated effort using rhetoric or through misinformation the rhetoric might include providing descriptions of race or religion or sexual orientation or information crucial to us organizations but the intent is to provoke and distract and for those who read the content also attempted to shake public opinion to mislead or blatantly false advertising through these news outlets the purpose of this approach is to target certain segments of the population in the effort to influence specific state and federal officials. this all effort can also be combined with the least information to negatively or
specifically elected officials because that official holds policy in the foreign adversaries interest. the end goal of all of this effort is to increase pressure to build leverage in order to improve and negotiate a position while those in effort to remove that official from office. the bottom line is that these efforts are real and they are continuing and we should all be opposed to them because they exploit the constitutional values the very pillars of democracy. most notably an effort to turn us against the other. so all that we know the question comes what are we doing to counter these activities?
i am pleased to start my remarks that this administration has made significant progress to address the threat. the president recently signed the first new cybersecurity in 15 years a document that reflects a commitment to the american people to protect and defend our interest through aggressive and defensive measures. a critical component of the strategy is authorizing the department of defense to play an essential role in the execution of this new cyberstrategy. in addition the intelligence of law enforcement communities to share information and awareness of the threat that we face in the cyberdomain we are pushing more information
out to state and local and private entities. we stepped up our efforts after adversaries whose actions are a strain and to continue the law enforcement community stepping up to the effort to attribute responsibility and prosecute cybercriminals. as a national security communit community, we recognize our responsibility to the american people and see to the best extent that we possibly can but this doesn't stop with the federal government. we also need the private sector and media outlets to take greater responsibility because the national interest
that demands a response from government and private sector recently we have seen many prominent technology companies take ownership of the threat by foreign adversaries and just last night announcing they remove more than 550 pages and 250 accounts that attempted to draw leaders attention and drive web traffic to additional sites and debate click consumers and twitter announced it is shutting down almost 4000 accounts attributed to the kremlin and almost a hundred accounts attributed to iranian actors. all this is a good thing and we hope these private-sector actions will continue. we must agree and must not
allow foreign adversaries the ability to use indigenous and privately produced technologies to divide us as a nation. beyond the positive actions that these companies have recently taken, we would welcome greater partnerships in the technology sector. we recognize our intelligence warnings and assessments will be most useful if we can incorporate insights from the private sector about what they are detecting also. we have distinct advantages in the united states as many us firms are able to see and analyze huge slices of data to discern malicious activity. one of my cyberexperts describe this as a sports analogy if this were a ballgame it is a game that we invented we are playing on her own field. us produced equipment with
thousands of spectators private sector as well as government watching the field from the bleachers. so we have the advantages if we can work together, public and private and in doing so we need to explore ways to make the collaboration beneficial to establish a two-way street that is a value for both sides. to be successful in this effor effort, we need to adhere to three principals. first, it must be scalable and erode competitiveness or user confidence and it must be operationally secure. so our goal is situational awareness of malicious cyberactivity. nevertheless there is a critique for someone in the technology sector that the
government is too intrusive even when we are seeking cooperation on national security matters some companies are reluctant to partner with us because they believe we are working too closely with the us government. nevertheless some of these very same companies turn right around to pursue access and production opportunities in china so let's be clear. if you are us company that believes you shall limit your partnership with us government on national security than perhaps you should think about think of our national security interest to secure business opportunities in a country like china the private sector and the state are the same. so the basis of the message that i would like to leave with you and in part on you is
that we all need to do our part to protect our democratic system as messy as it may seem so what can us businesses do to strengthen cybersecurity? allow me to suggest several measures that we believe can help secure our cybersecurity. first, be aware of supply-chain threats and understand cyberthreats to your supply chain are an insidious problem that can jeopardize the integrity of your products. second, designate a chief risk officer to oversee a companywide security effort to determine what matters most to protect the crown jewels. third, practice security hygiene by using the latest it systems including updated security features.
for insider programs announced to enhance awareness of threats of former employees to create a culture of awareness in your organization and finall finally, continuously review your security posture. this is what we have to do in the intelligence community and what we believe it is necessary to secure our product and these provisions also need to be incorporated in each business to be successful to deal with this problem. the intelligence community practices what we preach and these are the steps we have taken. i may have passed my time limit so to our colleagues in the private sector, know that
you are part of our national security and we cannot successfully deal with this issue unless you can be a partner with us. know that your efforts to fortify your cybersecurity defenses will strengthen our collective security. and know that you have a willing partner in the federal government and in the intelligence community. back in world war ii a statement was issued and i have it framed in my office that says uncle sam needs you. that applies today as it did back then at a very critical time in our nation's history i want to leave here by saying uncle sam needs you. we cannot do this job successfully if we cannot work together. we realize that the basic