(Archived Content)
FROM THE OFFICE OF PUBLIC AFFAIRS
js-1881
and the
Financial Services Sector Coordinating Council
Las Vegas, Nevada
We are engaged in a two front war to protect our nation's critical infrastructure. One front is physical, with the focus on protecting people, property, plants, and equipment. The other front is cyber, and our efforts center on protecting systems and data.
The enemies we face on both fronts share some common characteristics. These enemies are hidden, adaptable and opportunistic. They strike from behind, with disguise. And while one enemy is dedicated to killing, the other enemy can launch attacks that significantly disrupt operations and throw business into chaos.
The challenge we face today is how best to protect ourselves from both physical and cyber attacks. Protecting our critical infrastructure is a must win battle in the mission to defeat terrorism.
Terrorists are plotting to destroy our property, our people -- ultimately our way of life. Terrorists hate liberty. They hate free hearts and free minds. They curse the very notion of democracy.
The United States is not alone as a target of this evil. Terrorists put the world on edge, striking in Bali, Jakarta, Istanbul, Nairobi, and Baghdad. The time and place of attacks are selected strategically. Terrorists choose places where they can kill and injure the most, such as hotels, night clubs, embassies, and office buildings. The strike on March 11 of this year in Madrid, and the belief that these attacks influenced the outcome of the elections in Spain, serve as encouragement for the killers.
Today they continue to plot against targets that demonstrate America's leadership and targets that are symbolic of the American way of life. So we must remain vigilant as the Republican National Convention closes tonight in New York; as Washington hosts the IMF meetings; as we elect and inaugurate our President; and as we observe traditional holidays such as Thanksgiving, Hanukah and Christmas.
The threat on the cyber front is real, too. It is no longer limited to the rebellious teenager who wants to hack in to someone's data base just for a thrill. This threat has evolved into cyber terrorism. The attackers are criminals who make a living by stealing credit card numbers and account information, mobsters who use the Internet to expand their illegal businesses, jihadists who use cyber attacks to advance their cause, and nation states that explore how to attack their enemies. Cyber terrorism is now a business that has both a marketplace and liquidity. Right now, any person with access to the web can purchase stolen credit card numbers or acquire the tools to unleash the next virus on enterprise systems. And this global threat knows no geographic boundaries.
To confront these threats, we must mount a powerful, coordinated defense: a partnership between the public and private sectors to minimize disruptions in the event of an attack and to quickly restore our way of life, which is the ultimate in defiance against terrorism.
As President Bush has stated, protection is a shared responsibility…requiring close cooperation between government and the private sector at all levels.
The President has articulated an effective plan to protect our country. Our government reorganized to implement this plan, beginning with the creation of the Department of Homeland Security which is responsible for coordinating protective efforts. The President identified lead agencies for vital, at-risk sectors. The Department of Treasury is the lead agency for the banking and finance sector, and my office is responsible for discharging this obligation for the Department.
Our strategy is built on two pillars – a public sector pillar comprised of the federal and state financial regulators, and a private sector pillar that includes an organization of the leading financial industry trade associations and institutions. Communication between these government and business channels is the cornerstone of our strategy. Generating accurate and timely information about threats to our physical and cyber infrastructure and then sharing that information are essential outcomes of this communication.
At the Department of Treasury, we develop and implement policies that enhance the resilience of the economy, minimize economic damage and speed economic recovery from a terrorist attack, and promote the protection of our critical financial infrastructure. Our process is to first identify the systemically critical infrastructures, assess vulnerabilities within those infrastructures, remediate the vulnerabilities, and measure the results.
Four principles guided our actions in the aftermath of September 11 and they continue to guide our actions today. These principles form the bedrock of our collaboration with the financial sector.
As I outline these principles, it is important to note that the financial sector is already resilient. The sector has been a target for criminals since its very beginnings. And while we have a strong regulatory regime in place that ensures the safety and soundness of financial institutions, I believe that protecting critical infrastructure is really a risk management problem, and that there is no one size fits all solution to be achieved through additional regulation.
The first principle is the protection of people. People, not buildings or computers, produce financial services. And it is people who benefit from financial services.
We depend on people - tellers, technicians, loan officers - to operate the financial system and to see the system through during times of stress. Indeed, it was the commitment of these professionals to their institutions, customers, and colleagues that helped the financial system recover from the September 11 attacks.
Just as we depend on people to operate the financial system, people around the globe depend on the U.S. financial system to stay up and running. This leads to our second principle: maintaining confidence. We rely on financial services to process our paychecks, buy groceries, purchase a house, finance our children's education, or save for retirement. We must ensure that consumers trust in the financial system. And this in turn produces confidence.
Rock-solid confidence in the ability of financial institutions to clear checks, execute transactions, and satisfy insurance obligations despite disruptions assures our citizens and the world that America is a good place in which to invest.
The third principle is to ensure that the financial system remains accessible and helps keep America open for business. When a disaster occurs, investors rely on markets to price the impact of the disruption on assets. The longer markets are closed, the longer investors must go without knowing the effects of the disaster. This uncertainty can itself be harmful to the economy, compounding the impact of any disruption. An ability to re-open financial institutions quickly helps eliminate uncertainty, enabling us to dull the pain of an attack and speed recovery.
Fourth, we encourage decentralized decision-making and swift, responsible action by the private sector. In general, financial institutions should engage in problem-solving and make appropriate decisions without waiting for guidance from Washington. After all, it is the private sector that owns and operates the majority of the financial systems, and therefore knows best how to mend these systems after a disruption.
As government and private industry share more and better information, financial institutions become better prepared to estimate the risks they bear and better equipped to effectively reduce the probability of a disruption through strategic investments.
Furthermore, as more institutions enhance security and reliability, the incentive increases for competitors to invest in innovative solutions as well. This cascading effect delivers an efficient and effective means of encouraging optimal investment in corporate resilience. In some firms, it may shift critical infrastructure protection from a corporate liability to an asset and competitive differentiator. Finally, an industry that responsibly protects itself reduces the need for the government to impose costly, inflexible, and potentially ineffective regulation.
Fortunately, the banking and finance sector is building on an already resilient foundation. Financial institutions have been targets of criminals since the first bank was charted in the U.S. in 1781. Since 1985, more than 60 percent of the terrorist attacks worldwide have targeted a financial institution. The sector dedicates significant resources to protect the assets of customers and ensure the safety of employees who work in these institutions. Over the past few years, we have seen striking examples of this resilience. The U.S. economy endured under the pressure of an economic recession, the terrorist attacks of September 11, corporate governance scandals, and the power outage of last August. Recently, we witnessed the sector respond effectively when the threat level was elevated. The institutions that were targeted experienced no disruptions. And the bold spirit of employees was inspiring as they showed up for work that Monday morning in defiance of potential attackers. This is the same resolve of the American people who are determined to protect our way of life, and it's yet another example of why we are winning this two-front war on terror.
Four principles - protecting people, maintaining confidence, ensuring access to financial institutions, and promoting de-centralized decision-making and responsibility - shape our policies to enhance the resilience of the U.S. economy.
Together, we have made excellent progress in a short time, and we continue to get stronger each day. Still, we have much work ahead.
In closing, Winston Churchill's words more than a half-century ago remain an appropriate description of our position today. Churchill said, We are not at the beginning, and we are not at the end, but we may be at the end of the beginning.
Thank you.
-30-