Today I am going to talk to you about cybersecurity and the roles of industry, governments, and PPPs or public-private partnerships.

And specifically I'm going to talk about a paper that industry released yesterday called "Moving Forward Together: Recommended Industry and Government Approaches for the Continued Growth and Security of Cyberspace." This is really an unprecedented paper that we released as part of the conference with the business software alliance, Digital Europe, the industry technology industry council, the Japan electronics and information technology industries association, and the Korea Internet corporations association association that looks at the specific roles and responsibilities that both industry and government share in securing cyberspace. In addition, we had at our launch event yesterday the governments of the United States, the United Kingdom, Korea, and Hungary all there to speak on behalf of governments and their appreciation for this paper that we've put forward. So I would encourage those of you who haven't read it to download it. There will be a Web site at the end that you can go to to access it. But it's a very short paper, but it gives a good overview, I think, of the responses for collaboration and coordination for both industry and government. Here we go. All right. Let me go back one. Here we go. Okay. So in particular, the paper covers the contributions to the growth and the benefits of cyberspace that both industry and government make. In particular, it covers economic expansion and development -- and this is the growth that's really linked to the digital economy and how it's contingent on the policies that enable governments, businesses, and the public to access and adopt technologies and services. It also focuses on social and cultural benefits of cyberspace, providing children, for example, in developing countries with access to educational tools or access to the information technology services to establish microbusinesses. On the cybersecurity front, which is what this panel is about, the benefits, of course, are far reaching, and those risks, however, must be managed, and I am going to talk about that more later. The paper also covers international security. These are the risks and Ben fets from cyberspace that are shared across the global user community and that cooperation among global players is truly paramount. The fifth area, of course, is cybercrime and that the innovation and criminal activity that we are seeing today and the distributed nature of bad actors can really make enforcement quite challenging for governments around the globe. And the sixth area, of course, is capacity building, which is a major focus of not only the conference here but of all of the preworkshops that were held around the world, and focusing on the legal, technical, and policy aspects and the

numerous examples that are in place. And as you can imagine, those six years, of course, are the six areas that are covered at the conference, so we have good linkage there. So there really is -- I don't think I need to tell all of you -- an imperative for cybersecurity collaboration across industry and government. Usually when I give these kinds of talks, I start out with two or three slides about the threat environment, and as Jane indicated in her opening remarks, I don't think I really needed to do that for this audience at all. We're all here for the same reason. But this imper tivz for collaboration amongst industry and government I am not sure if it is recognized by all that are in the room. So I thought it was important to talk about the aspects of the global ICTs infrastructure and how it is mostly owned and operated by private industry. In addition, private sector develops the majority of the technologies that comprise and secure that infrastructure. And just to give you a sense of the scale, the ICT sector contributes more than $2.8 trillion in U.S. dollars in global output for IT industries, and that was a 2010 figure. I would venture to say it's quite higher today. The sector also contributes 6% of the global GDP as well as 20% of total employment in OECD countries are connected to jobs in the ICT sector. So the economic perspective, when you think about cybersecurity to the global economy, is quite significant. In addition, the cybercrime challenge, of course, is not something that we can solve by any single company or government. Thus the need for significant collaboration. And that cooperative approach will actually enable our collective defense and security. So just to continue with this -- and I'll run through this quickly -- this notion of public-private partnership, cybersecurity really is a shared responsibility, and this is something I think sometimes gets thrown around as a platitude, but it does really hold true that everyone, from governments to businesses to citizens, has to play their part in securing our systems. Public, private, and civil society also all need to be informed of the security threat environment and the things they can do to protect themselves by one another. This also applies to policy, technology, and operations, as well as infrastructure and robust policy mechanisms. So let me talk briefly now about cybersecurity roles, the risk reduction and resiliency component that my colleague Yurie spoke about a moment ago. As we talk about in the paper, industry plays several significant roles. One is that we, as I mentioned, build and maintain the security of technologies and services. We also need to coordinate on incident response and vulnerability management. We need to actively participate in public-private partnerships and also to play our role in raising awareness and education.

On the other hand, in order for us to be effective, we also need for governments to do their role. In developing and implementing policies and strategies that include industry and civil society in the deliberations. To encourage adoption of globally recognized and industry-led consensus standards and best practices. As well as to promote market-driven technology innovation and leverage existing cooperative incident response forums, again, leveraging those public-private partnerships. And lastly, to raise awareness and education about basic cyber hygiene for all citizens. So there's a number of examples, and I won't go into great detail, but there's significant examples today for great frameworks for public-private cooperation. These include policies, standards best practices and guidelines, cyber exercises, information sharing and incident response, Child Online Safety, education and awareness, and there are numerous models, as I said, in use today. And I mentioned just a few countries here, but there's an et cetera there because there are too many to list. But these take many shapes and forms. There are voluntary, regulatory, ad hoc, and bilateral. They also take the forms of different types of partnerships from business to business, government to government, government to business, and business to government. But at the root of all of this must be a foundation of mutual trust and respect that we all play our own role and that we have to share that responsibility. Now, many of these could be viewed as tactical means to achieve the policy and operational frameworks, but when you take them all together collectively, they really do comprise a rich field to learn from the study to learn from existing public-private partnerships, both the successes and, frankly, the failures, and there are some of these too. I want to close out by giving a couple of examples of what our company is doing here in Korea working with governments because I think it's helpful to give some specific examples. But most of the work we are doing is on information sharing, malware analysis, and on education training and skill-building to help build that next cadre of cybersecurity professionals. With Korea Internet and Security Agency, the Korea university graduate school of information security, the Korea information technology research institute, as well as the cyberterror response Center of the Korea national police agency, which I was pleased that we were able to sign an MOU with them yesterday to share more information and help on malware analysis to provide our global perspective. So just a few final points to close it out. Again, I don't think I need to say it, but I will anyways, that cybercrime and cyber attacks are increasingly sophisticated and damaging. Private sector plays an integral role in securing our cyber assets. And there are many frameworks for collaboration. There's no single best way, no silver

bullet, but there are many examples that can be learned from. And in order to be effective to manage risk and ensure resiliency, we really must use that comprehensive approach across the public and private partnerships to effectively counter threat, manage risk, protect infrastructure, and ensure resiliency. And as I promised, there's a couple of Web sites at the end. If you'd like to download the paper I talked about during the presentation, you can go to www.iti.org or to www.bsa.org, and you can pull it down yourselves. Thank you very much. (Applause) >> JANE LUTE: Thank you, Cheri. I think your presentation makes clear that while industry and certainly Symantec as an example is doing everything it can not only to raise awareness but to make the point that no single organization could do all that needs doing, I think also you've seen some consensus nods at this panel, as we've talked about what governments are doing, what regional organisations and approaches are doing, what the private sector is doing. There's still an awful lot that individual enterprises and users can do on their own behalf. At a minimum, I think we'd like to see this conference come away with a strong endorsement of what are those basic high-priority things that reduce our vulnerability by an excess of 80%. While we all agree there are no silver bullets, but Cheri, what I would like to ask you to think about as we go around -- and we have three more speakers before we get to the audience -- is who is going to make a difference in making us feel secure? Will the public and enterprises feel secure if there is a at this man tech or some other company that has that secret sauce, that magic formula, that silver bullet? Or will we all feel more secure if governments are the ones stepping in to handle the cybersecurity? It's interesting. None of us would get into an automobile or, more importantly, would put our children into an automobile that did not have seatbelts, yet we allow our children online and we get online every day without doing the basic proven techniques that keep us safe. So who is going to make the difference? Who is going to change the public mindset to take those four steps to begin to make us safer than we are today? Let me, in that case, turn to another representative of industry, John Suffolk, who is a Senior Vice President of Huawei, also a prominent player on the stage of cybersecurity. John. >> JOHN SUFFOLK: Thank you very much, Jane. Good afternoon distinguished guests, ladies and gentlemen. First of all, let me thank the host, Republic of Korea, for hosting this event and their kindness and generosity of spirit. I'd also like to thank Jane, our moderator, and our panelists for what I hope will be a very lively and informative set of questions, so please get your questions sent in.

In the interest of time because I know this is at the end of the day, I am not going to talk a great deal about how Huawei is building cybersecurity into its complete end-to-end set of processes or how we're trying to secure components from over a thousand suppliers around the world or the challenges of