 cybersecurity coordinator at the White House. And in that role, what I do is I lead the United States government's development of national cybersecurity strategy and policy, and I oversee the implementation of those policies on behalf of the President. Today, what I'd like to do is provide an overview of some of the US government's current thinking on cybersecurity, including our priorities and some areas of potential challenge and opportunities. And focus a little bit towards the end on how the United States and Europe can work together to improve our collective security in cyberspace. And then I'll look forward to the discussion after that. I'd like to highlight, starting with some of the trends that from our perspective are the most concerning about all the threats that we face in cyberspace, whether you're talking about cyber crime, the theft of intellectual property, or the threats to our critical infrastructure. First, the threat that we face is becoming broader. And by that I mean we keep hooking more and more stuff up to the internet. And so the surface area that we need to protect is growing both larger and more diverse with every day. So now it's not just your desktop that's a problem or even your mobile phone, but your car and your coffee maker and your thermostat are now a threat vector. Second, the threat is becoming more sophisticated. Malware is getting harder and harder to detect. I'm sure all of your spam folders are still full of the emails from the Prince of Nigeria who would like your help, but that's not really how spearfishing is done anymore. It's almost to the point where a human cannot detect it. And that malware does more very different kinds of things. And it's also becoming easier at the same time to use. The people who develop malware are now helpfully putting in dialogue boxes and drop-down menus. You don't even have to be a coder to use malware anymore. And third, the threat is becoming more dangerous. Malicious actors are showing an increased willingness to be more destructive in their activities, as we witnessed earlier in 2012 against Saudi Aramco and then the South Korean banks earlier this year. And so these threats are a particularly troubling trend and they're becoming much more normal. It's becoming a new normal of persistent intrusions, violations of privacy, theft of business information and degradation and denial of internet-enabled services. As we think about the threats in cyberspace, I'd like to bring up one other thing that very strongly influences how we organize ourselves to deal with these threats. Traditionally, the argument is that cyberspace has no borders. And I would argue that this argument is actually incomplete. There are borders and boundaries everywhere in cyberspace. Now, they don't follow physical boundaries. They don't follow geography and they don't follow the political boundaries of the world but the boundaries are there, routers, firewalls. What cyberspace actually lacks is an interior. It's a nodal network. And then that means that everybody on that network effectively lives at the edge of the network. And if everybody lives at the edge of the network, then that has a profound effect on actually how we have to go about doing security. And it means that security is not something that you can assign, a mission, or responsibility that you can assign to any one group or organization. It means it becomes a shared responsibility that everybody has to play a role in. So how do we improve our collective security and a new normal of this daily intrusions? Well, if you're hoping that I was going to show up with all the answers, perhaps maybe like a typical American, I am not, I'm gonna afraid I'm going to have to disappoint you on that score. What I can do is highlight some of the principles that we're trying to follow and some of the activities that we're undertaking right now and then I'll be happy to, you know, discuss these more during the question and answer period. I'd say they're top five principles that we have to use in developing our response. The first one of which is compromises are inevitable. So plan for them. And living with this new normal, we have to just assume that our networks are penetrated. We are not going to be able to keep out all of the bad guys. And that means that you have to prepare for that fact, organize yourself for that fact, test and run your backup plans, assume that bad things are going to happen and prepare accordingly. Second, information must be shared rapidly and frequently. Cybersecurity is a shared challenge and the international community has a shared responsibility to collaborate. So that means that you must be collaborating between governments, between government and industry and between companies. Teamwork is a requirement. In my speeches back home, I often say cybersecurity is a team sport. And what I mean by that is that reference to what I was talking about earlier, that no single entity has all of the competencies necessary to address the cyber threat. So everyone from law enforcement to civil society to governments and Homeland Security forces all have a role to play in this space. This is true in the United States and I believe it to be true internationally. Fourth, network defense first. The risk of misattribution, miscalculation and escalation in cyberspace is very real. So as a government, we have to consider all of that as we can take into account the formal policy aspects of any of our decisions. As a result, that means that we're going to drive towards taking network defense activities first and work hard to make those solutions effective before we use other means to combat malicious activity. And finally, protecting privacy and civil liberties. The United States firmly believes that cybersecurity and privacy are mutually reinforcing, not in competition. Done properly, cybersecurity enhances and protects privacy and civil liberties by strengthening the networks and systems that contain people's personal information. So we're putting these practices into, we're putting these principles into practice in a number of different ways, both domestically and internationally and I'll highlight just a few of them. First, we're working very hard to protect our critical infrastructure. One of the key threats we see is the growing threat to disruption or destruction of key critical infrastructure assets. So we're working very hard to strengthen the cybersecurity standards and best practices that our critical infrastructure sector follows. Earlier this year, the president issued an executive order that really drives at strengthening the US government's partnership with critical infrastructure owner and operators through information sharing, protection of privacy and civil liberties and developing a framework of cybersecurity best practices and standards. And this framework is really aimed at creating a structured way for companies to think about risk, for them to think about where their cybersecurity stance is right now and where they would like it to be in the future and then how to get from where they are to where they would like to be. This is not rocket science. It's not something wholly new or a major breakthrough but it is a good way for us to have a common lexicon and a common approach to thinking about protection of critical infrastructure. Right now that framework is in preliminary draft form and it's out for comment and we are actually inviting comment from not just US companies but from companies around the world and from governments around the world. In fact, anyone who wants to be constructive in their criticism and provide useful feedback we want to hear, we want to hear from you because I think only by really getting the collective experience and knowledge across the world will we actually develop something that can really be effective. Second, we're working to integrate cybersecurity as a core element of our foreign policy. As I mentioned earlier, it's a shared responsibility so that means that it's not just a domestic issue. So in particular, we're focused on trying to establish the norms of behavior in cyberspace. That is what we want to see states do and not do and other actors do and not do in cyberspace to ensure that it remains an open, interoperable, secure and reliable space. Of course, actions speak louder than words in that area so to promote the norms we want we are continuing to try to take steps to make them a reality such as working towards a norm that states are responsible for taking care of what emanates from their territory. Third, I would point out areas of internet governance. The United States remains steadfast in our support for an internet governance model that supports international trade and commerce, strengthens international security and fosters free expression and innovation. I think governments, the private sector and civil society all should have an important voice in the future of the internet. It's the path that we believe leads to economic growth and prosperity and it's time that we actually take steps to strengthen, not weaken that multi-stakeholder approach to the internet. Fourth, law enforcement cooperation. We believe that we must increase our ability to disrupt the malicious activities in cyberspace and that means deepening our law enforcement cooperation across the international community but particularly here in Europe with our European allies. In recent years, the United States and Europe have established the EU, US working group on cybersecurity and cybercrime and we've had some success in getting more countries to ratify the Council of Europe Convention on Cybercrime usually called the Budapest Convention. And finally, capacity building. While I've talked about what our efforts are, some of them in cyberspace, we're mindful that many countries are still working to develop the industries, technology and connectivity necessary for economic development in the 21st century. To bridge that gap, we are committed to connecting more people around the world to the digital future. Across the US government, we have established programs to help governments create cybersecurity policies and programs from the ground up. And these programs help address a number of needs such as developing the rule of law or drafting cybersecurity strategies or creating certs. Of course, we're only one country, even as big as we are and we don't have unlimited resources and therefore we're always looking to develop partners and allies in this effort to do capacity building. So I'd be remiss if I did not close out by emphasizing how important the United States considers our relationship with our key allies, particularly here in Europe and with Ireland in particular. The degree of connection and economic interaction between our countries is actually pretty staggering. And I think that it is, you have been and will continue to be a key ally in this effort to build a safer and more secure cyberspace and we want to deepen that partnership. Solving our cybersecurity challenges will not be easy and it will require persistence from all of us. But I think we have an opportunity now to put the foundation into place so that we can look back 10 years from now and think that we were the ones that helped really build out that framework to make cyberspace safer and more secure. Again, I'd like to thank the host of our conference for putting on such a wonderful event and I appreciate the opportunity to speak to you today. Thank you very much.