The Pentagon chief expressed his concerns after conferring with other government officials and members of the commercial technology industry during a meeting of the President’s National Security Telecommunications Advisory Committee. The confab took place at Intel’s corporate headquarters in Santa Clara, California, in the heart of Silicon Valley.
“Companies aren’t buying enough” encryption and other cyber defenses, Carter said during a joint press conference with Commerce Secretary Penny Pritzker and Homeland Security Secretary Jeh Johnson. “You can have all the innovative companies in the world, but if nobody is buying their products that’s going to be a problem.”
The Defense Department plans to spend $35 billion over the next five years on cyber capabilities. While the Pentagon represents “a big market” for cybersecurity firms, private sector demand is smaller than it should be, Carter said.
“Globally, the market for cybersecurity that should exist doesn’t yet exist,” he said.
Pritzker noted that the vast majority of critical digital infrastructure in the United States is owned and operated by the private sector. High-profile hacks against the financial and entertainment sectors by Iran and North Korea are just some examples of the threats posed by malicious actors, she noted.
“Today our entire economy rests on the back of the digital infrastructure,” she said. “So it’s extremely important that we have strong encryption.”
Johnson voiced support for more private sector investment in encryption technology, while also expressing concern that it could potentially thwart law enforcement.
The controversy surrounding government efforts to circumvent commercial encryption capabilities continues to simmer in the wake of the FBI’s aborted effort to force Apple to help officials break into a password-protected iPhone used by one of the suspected San Bernardino shooters.
“With strong encryption it becomes harder to detect criminal activity,” including communications related to criminal activity, Johnson said. “I think we’re all interested in finding the right solution that accommodates both strong encryption and enables us to track crime and to track potential terrorist plots. … A lot of us are working very hard on this issue and I think that it is something that is solvable in a cooperative way” with industry.
“These are capabilities that others have, and therefore one has to assume … that people can use cyber tools against our networks … including the networks that our military depends upon,” he said. “We’re not using anything that is unique or distinctive. And therein lies a lesson: we all have to have good cyber defenses as well.”