Cyberspace touches practically everything and everyone. It provides a plat\ue004orm \ue004or innovation and prosperity and the means to improve general wel\ue004are around the globe. But with the broad reach o\ue004 a loose and lightly regulated digital in\ue004rastructure, great risks threaten nations, private enterprises, and individual rights. The government has a responsibility to address these strategic vulnerabilities to ensure that the United States and its citizens, together with the larger community o\ue004 nations, can realize the \ue004ull potential o\ue004 the in\ue004ormation technology revolution.

The architecture o\ue004 the Nation\u2019s digital in\ue004rastructure, based largely upon the Internet, is not secure or resilient. Without major advances in the security o\ue004 these systems or signi\ue003cant change in how they are constructed or operated, it is doubt\ue004ul that the United States can protect itsel\ue004 \ue004rom the growing threat o\ue004 cybercrime and state-sponsored intrusions and operations. Our digital in\ue004rastructure has already su\ue002ered intrusions that have allowed criminals to steal hundreds o\ue004 millions o\ue004 dollars and nation-states and other entities to steal intellectual property and sensitive military in\ue004ormation. Other intrusions threaten to damage portions o\ue004 our critical in\ue004rastructure. These and other risks have the potential to undermine the Nation\u2019s con\ue003dence in the in\ue004ormation systems that underlie our economic and national security interests.

The Federal government is not organized to address this growing problem e\ue002ectively now or in the \ue004uture. Responsibilities \ue004or cybersecurity are distributed across a wide array o\ue004 \ue004ederal departments and agencies, many with overlapping authorities, and none with su\ue001cient decision authority to direct actions that deal with o\ue004ten conficting issues in a consistent way. The government needs to integrate competing interests to derive a holistic vision and plan to address the cybersecurity\u00ad related issues con\ue004ronting the United States. The Nation needs to develop the policies, processes, people, and technology required to mitigate cybersecurity-related risks.

In\ue004ormation and communications networks are largely owned and operated by the private sector, both nationally and internationally. Thus, addressing network security issues requires a public- private partnership as well as international cooperation and norms. The United States needs a comprehensive \ue004ramework to ensure coordinated response and recovery by the government, the private sector, and our allies to a signi\ue003cant incident or threat.

The United States needs to conduct a national dialogue on cybersecurity to develop more public awareness o\ue004 the threat and risks and to ensure an integrated approach toward the Nation\u2019s need \ue004or security and the national commitment to privacy rights and civil liberties guaranteed by the Constitution and law.

Research on new approaches to achieving security and resiliency in in\ue004ormation and communica\u00ad tions in\ue004rastructures is insu\ue001cient. The government needs to increase investment in research that will help address cybersecurity vulnerabilities while also meeting our economic needs and national security requirements.