Remarks as delivered by The Honorable Dan Coats Director of National Intelligence - Billington Cybersecurity Summit

Remarks as delivered by The Honorable Dan Coats Director of National Intelligence - Billington Cybersecurity Summit

Thursday, 14 September 2017 17:50


Remarks as delivered by

The Honorable Dan Coats

Director of National Intelligence


Billington Cybersecurity Summit


Wednesday, September 13, 2017

Washington Convention Center – Washington, DC

Tom Billington, thank you very much for your introduction, and for organizing this meeting. Looking out at the crowd, it is clear that there are a lot of good people here engaged on this subject. And I appreciate the invitation to come and kick off what I think is going to be, and hopefully is going to be, a very productive and informative session for you here.

When I first retired from—thought I was retiring from— public service after a number of years at the end of last year, I thought that going forward the only thing I’d have to worry about was whether or not the Chicago Cubs starting rotation would get us back in the World Series, and Andrew Luck—quarterback of the Indianapolis Colts—was healthy enough to get them into the NFL playoffs. Both of those are problematic at this particular point in time, but I thought that’s what my worries would be as a retired public servant.

But since the President asked me to postpone that retirement and serve as his Director of National Intelligence, what keeps me up at night now is the wide diversity of threats that we have from all across the world, including the ever-expanding list of cyber threats.

It is clear that cybersecurity has become one of, if not the most important priorities for the Director of National Intelligence and Intelligence Community. So I eagerly accepted your invitation to come talk to you today about how the Intelligence Community views this threat and to offer some ideas about how we think we can bolster our nation’s cybersecurity.

And I am also pleased that Tonya Ugoretz, the director of our Cyber Threat Intelligence Integration Center—CTIIC—I walked into a world of acronyms, and I have to carry a dictionary to understand what is being said around the table. And that dictionary has a lot of pages in it. So it’s a new culture for me. But Tonya brings a lot of experience to this.

And you’re also going to hear from Admiral McConnell and Rick Ledgett, people that I greatly admire. Admiral McConnell was my predecessor as DNI, whom I looked to as a model for how to run an organization. And Rick Ledgett has been with our Intelligence Community for many years. Both of these people are experts on the subject, and there will be important presentations coming from both of them.

Every morning, I begin my day by reading the latest intelligence reports and assessments on the threats about what is happening around the globe. Now if you are a pessimist, this is the best thing you can do in the morning. If you’re an optimist, you hit the snooze button because the news that comes across the transom every morning is not good.

We’ve seen the diversity of threats multiply to the extent that those who have been in the business for their whole careers have said they have never experienced the multitude of threats that we face now in terms of what is happening around the globe.

By mid-morning—and I’ll go straight from here to the West Wing—I join the President in the Oval Office for his daily intelligence briefing. We discuss these threats, and the President—who frankly I can tell you is a consummate consumer of intelligence and our meetings almost always go past the allotted time as the President continues to ask questions, informing himself of the events, raising very important questions in terms of how we should move forward with our policy on the basis of the intelligence that comes across the transom.

Among the many issues that we discuss on a daily basis, cyber threats have risen to almost the top for a couple reasons:


First, our adversaries are becoming more assertive, more capable, and more adept at using cyberspace to threaten our interests. And the number of adversaries is growing as nation states, terrorist groups, criminal organizations, and others continue to develop cyber capabilities.


Second, the potential impact of these cyber threats is amplified by our growing interconnectedness. The advancing integration of technology—such as artificial intelligence and the internet of things—into both our critical infrastructure and our daily lives yes adds convenience but also significant risk.


Thankfully, we have not experienced yet a catastrophic cyber attack, but I think everyone in this room is fully aware of the ever-growing threat to our security.


I’m sure, if I asked a few of you here about the prospect of a “Cyber 9/11,” it would spark a VERY lively debate about the feasibility and likelihood of such an attack. We’d get into timelines and most likely perpetrators and targets—and it would be a very robust discussion.  


We know we are under attack by cyber operations exploiting numerous vulnerabilities and targets. And I’d like to discuss four key concerns from that assessment.

First, I am concerned about cyber operations targeting elements of our critical infrastructure. There has lately been focus on the electric grid, but there are also many other defined critical infrastructure vulnerabilities that we are aware of and need defenses for.  It doesn’t take much effort to imagine the consequences of an attack that knocks out power in Boston in February, or power in Phoenix in July.


Secondly, our adversaries—pursuing scientific, technical, and business information—continue to hack into the corporate networks of the US defense industry and technology firms. Such intrusions, even if intended for theft and espionage, could inadvertently cause serious, if not catastrophic, damage. Or an adversary looking for small-scale destructive cyber action against the US could miscalculate.


A third concern is cyber-enabled operations as a means to change or falsify electronic data or information to compromise its integrity. And doing so would undermine the public trust.


And fourth, adversaries use the Internet as an "echo chamber" in which information, ideas, or beliefs get amplified or reinforced through repetition. Their efforts seek to undermine our faith in our institutions, or advance violence in the name of identity.


All of these types of cyber operations have the power to erode public trust and confidence in our information, services, and institutions.

So that’s what we face broadly in terms of cyber threats; but allow me now to turn now to the most likely culprits—a notorious list of adversaries responsible for such operations:


Russia has clearly assumed an ever more aggressive cyber posture by increasing cyber espionage operations, leaking data stolen from those operations.

China continues to conduct cyber espionage against the US Government, our allies, and US companies.


Iran and North Korea are improving their capabilities to launch disruptive or destructive cyber attacks to support their political objectives.


And non-state actors, notably terrorist groups like ISIS, are using the Internet to organize, recruit, spread propaganda, raise funds, collect intelligence, inspire action by disciples, and coordinate operations.


So the question becomes how can we better address these threats and keep our critical networks and our citizens safe?


I would suggest the first step is that we need to find better ways to work together.


In my role as DNI, I don’t have the authorities to dictate how other federal agencies employ their resources, or engage with the private sector, or secure their networks. But I do have the ability, working through the IC and the role that they play in supporting America’s efforts to address these threats. So, as DNI, I am making sure that the IC is doing everything we can to deliver actionable intelligence to our federal partners and those with responsibilities.


And we have learned that cyber intelligence can only be truly actionable when it is collaborative.


Government may have a competitive advantage in detecting malicious activity, and possibly in understanding an actor’s capabilities and intent...but this threat information—as important as it is—this information alone is not sufficient.


We need to combine threat information with insights on the vulnerability of a prospective target.


In other words, we must explain not only what we see and what it means, but also what could be done about it from a security perspective.


We often struggle to combine these parts because the information on vulnerability and the impact of it belongs to the owners and operators of the targeted network.


So, the first recommendation I want to make is that we must improve information sharing between the government and the private sector.


Only if we do this can we blend the needed information to both inform government decision-making and private sector that is dealing with cybersecurity issues.

Now the good news here is that these days the private sector is increasingly focusing on cyber intelligence and increasingly on understanding the need for interconnectedness and sharing information with each other.


The not so good news is that collaboration between the government and the private sector on cyber threat intelligence is growing unnecessarily complex because we each do it in different ways, for different purposes, and describe it differently.


In the Intelligence Community, we’ve learned that the application of a common approach and shared vocabulary can help more accurate and timely sharing of cyber information with policymakers and cyber experts.


This helps us build a picture of threat activity and assess the effectiveness of cyber security actions.


Our model and approach are not secret or proprietary. If you are curious and what to know what we’re doing, all you have to do is dial us up on the web at, and you will find how we approach this and how we model this effort. We are not saying our approach is perfect or a one size fits all solution, but the use of a common, structured, and hierarchical approach will help the government and the private sector communicate and share threat data.


My second recommendation is that in the long term, government and private industry need to work collaboratively to design future products with security in mind.

The array poorly secured devices that we increasingly attach to our networks now represent billions of potential Trojan horses that can be used to attack our networks.

Given the success of relatively unsophisticated attacks, we cannot afford to have new products enter the market with vulnerabilities to these known threats. This is especially true when many of these devices cannot be patched or upgraded.

Ideally, we should share the lessons we have learned from previous exploitations of these technologies and work together to identify and mitigate the future threats.

The Intelligence Community has a key role in identifying threats; those of you who are here today are among those who will have to help us mitigate the vulnerabilities. And the vulnerabilities must be addressed because ensuring that cyberspace remains secure is essential to our national security, prosperity, and increasingly to the conduct of our everyday lives.

So my call for you—in government, for those of you in government, and for those of you who represent the private sector—is to join the Intelligence Community in working to improve information sharing and expand collaboration on designing new products with robust cyber security protections.

Now I know that this is difficult work, and that collaboration isn’t always the top priority here in Washington, DC.

But we in the IC, and all of you in the larger cybersecurity community despite the difficulty of our jobs. What makes it tougher for the good men and women of the IC is that we are limited in what we can say or do to defend ourselves in the public realm, even when heated rhetoric dominates the news and stories are often taken out of context.

As Director of National Intelligence, I am able to speak for our community. I’ve found it troubling that many outside the current arena, including former officials, have criticized the IC’s recent record and expressed concerns about the IC’s capabilities with this President.

As I noted earlier on, I am in the Oval Office nearly every day, and I know for a fact that the President and his national security team appreciate the hard work of the Intelligence Community, our expertise, our relentless objectivity, and steadfast commitment to national security.

Our intelligence assessments on issues like the cyber threat inform nation security decision-making at the highest levels, and that is exactly how it is supposed to work.

So, my request: try to block the naysayers. Keep working diligently. And thank you all for your hard work on cyber security. It is my hope that today’s symposium will provoke fruitful discussions on how to combat the cyber threat.

Your advice and your input will be of great use to those of us in the IC that deal with these very significant challenges. Once again, let me thank you for the opportunity to speak to you this morning. My wishes for a full, complete, and informative session today, and I look forward to seeing you hopefully under bright sunshine at the British Embassy this evening.