Cybersecurity, Innovation and the Internet Economy

The Internet has undergone astounding growth, by nearly any measure, in recent years. The number of Internet users increased from roughly 360 million in 2000 to nearly two billion at the end of 2010. The number of hosts connected to the Internet increased from fewer than 30 million at the beginning of 1998 to nearly 770 million in mid-2010. According to industry estimates, this global network helps facilitate $10 trillion in online transactions every single year. As Commerce Secretary, I am proud to work with the American companies that have led the way at every stage of the Internet revolution, from web browsing and e-commerce technology to search and social networking. Along the way, the United States government has supported the private sector in creating the foundation for the Internet’s success. After establishing the computer network that became the Internet, the government opened the door for commercialization of the Internet in the early 1990s. In the late 1990s, the government’s promotion of an open and public approach to Internet policy helped ensure the Internet could grow organically and that companies could innovate freely. More recently, we have promoted the rollout of broadband facilities and new wireless connections in unserved and underserved parts of the country. Today, the Internet is again at a crossroads. Protecting security of consumers, businesses and the Internet infrastructure has never been more difficult. Cyber attacks on Internet commerce, vital business sectors and government agencies have grown exponentially. Some estimates suggest that, in the first quarter of this year, security experts were seeing almost 67,000 new malware threats on the Internet every day. This means more than 45 new viruses, worms, spyware and other threats were being created every minute – more than double the number from January 2009. As these threats grow, security policy, technology and procedures need to evolve even faster to stay ahead of the threats. Addressing these issues in a way that protects the tremendous economic and social value of the Internet, without stifling innovation, requires a fresh look at Internet policy. For this reason, in April 2010, I launched an Internet Policy Task Force (IPTF), which brings together the technical, policy, trade, and legal expertise of the entire Department. The following report – or green paper – recommends consideration of a new framework for addressing internet security issues for companies outside the orbit of critical infrastructure or key resources. While securing energy, financial, health and other resources remain vital, the future of the innovation and the economy will depend on the success of Internet companies and ensuring that these companies are trusted and secure is essential. This is the area of our focus. The report recommends that the U.S. government and stakeholders come together to promote security standards to address emerging issues. It also proposes that the government continue to support both innovations in security and on the Internet more broadly. We believe this framework will both improve security at home and around the world so that Internet services can continue to provide a vital connection for trade and commerce, civic participation, and social interaction around the globe. The report completes just the first phase of this inquiry. For the undertaking to succeed in producing effective U.S. cybersecurity policies across all sectors of the Internet economy, we will need your ongoing participation and contributions