>> We began then by coordinating and consolidating the department's cyber efforts under the leadership of our Deputy Under Secretary, Phil Reitinger. Now, Phil is moving aggressively to build, I think, one of the best cybersecurity teams anywhere, both with talent from within the federal government, but also with new authority to hire top professionals from the private sector, from outside the government. In fact, we may be trying to recruit some of you or your talent right now. But we need it, we need it. This is a huge public interest for our country. And we need the best brains that we can bring to bear on meeting the challenges. So in addition to consolidating within the department, single chain of command, we also have formed three important pieces of our cyber strategy that fulfills or goes toward meeting our mission. The first is the continued development of Einstein as a critical tool in protecting our federal civilian agencies. Now, as you know, the U.S. Computer Emergency Readiness Team, U.S. CERT, is where we consolidate our intrusion detection incident analysis and cyber response capabilities to protect these systems. In the past year, we've deployed the second phase of Einstein to 11 federal agencies. We will grow to 21 by the end of this year. And we have fully deployed Einstein 2 to the four management trusted internet protocol service providers. This deployment, in fact, is ahead of schedule, and it is allowing us to better identify malicious cyber activity and improve cybersecurity support across the federal government. So now we're testing the technology for the third phase of Einstein, an intrusion prevention system, which will provide the Department of Homeland Security with the ability to automatically detect malicious activity and disable attempted intrusions before harm it done to our critical networks and systems. Let me add a critical point here. Even as we are working in developing and deploying Einstein, Einstein 1, Einstein 2, now Einstein 3, we take very seriously the protection of privacy, civil rights and civil liberties. So in the cyber area, we have established an oversight and compliance officer in to work from the outset on the technologies that we are seeking to develop and to deploy. And key U.S. CERT personnel receive specific training on the protection of privacy and other civil liberties, as they relate to computer network security activities. So even as we move to prevention, detection of malicious activity, prevention, preemption, in a way, we want to do it in an atmosphere that respects those core privacy values as well. So that's one of the first major areas that we have undertaken activities in this past year. Second, we're developing the National Cyber Security Incident Response Plan, NCSIRP, which is being developed in full collaboration with the private sector. The NCSIRP will allow us to mount a national response to a significant cyber incident, a response where all aspects of our society would have an important role to play from the federal government, to state and local governments, to the private sector. Now, much of the government's side of such a response will be coordinated out of the new National Cybersecurity and Communications Integration Center, NCCIC. And we're looking forward to testing the plans that we are making with NCSIRP and NCCIC this fall, in September, when we will conduct the Cyber Storm III exercise, again, with full participation of the private sector. So that's a secondary. The third area I wanted to discuss is that we have made significant progress helping to secure the automated control systems that operate elements of our critical infrastructure. Now, private industry owns and operates the vast majority of the nation's critical infrastructure and cyber networks. So therefore, we've worked very closely with the private sector to conduct vulnerability assessments on six commonly used control systems, components and networks. We have then developed training manuals for workshops, for conferences and for other venues to educate the control systems community on the risk of control systems cyber attacks, as will as mitigation solutions. Now, since its inception, the Control Systems Security program has trained 14,000 plus professionals through both classroom and webbased instruction. And we now conduct monthly cybersecurity conference calls with the primary manufacturers of these control systems. So bringing all of this together, we establish the Industrial Control Systems Cyber Emergency Response Team, which is really a national resource to receive, to manage and to respond to incidents and vulnerabilities that affect our nation's control systems. And again, the nation's control systems are important for protecting and securing the nation's infrastructure. Goes right to the heart of the mission of the Department of Homeland Security.
==== Transcribed by Automatic Sync Technologies ====
