Thank you for your kindness and thank you for keeping score of my visits.
It is great to be at NIST. And I thank you all. I apologize for my lateness. It’s great to have the opportunity to be back here at NIST, and to have a chance to join you as we discuss this urgent priority.
Now, I understand that many of you all are gathered from – what, 20 different departments throughout our federal government? Are there private sector people in the audience as well? So – and you all do contract work with these departments, am I to understand? Yes? No? Maybe? Sometimes?
Well, let’s get down to the real important question. How many of you votedMaryland– (Laughter.) Let’s not beat around the bush.
But getting back on schedule, by golly. It’s great to be with you all. I have to confess, I’m somewhat intimidated. I know that each of you understands a lot more about this topic than I do. But I am entrusted to be the generalist in the family that’s supposed to know a little bit about many different topics and have sort of a 30,000 foot view, so that maybe in my brief service I can help us kind of scope out a roadmap for increasing and improving and building upon our leadership in certain key areas.
And certainly, cybersecurity is one of them. You know, I grew up inMontgomeryCounty, in a small, little log cabin not far from here. (Laughter.)
And I went toGonzagaHigh Schooldown in theDistrict of Columbia. And one of the important lessons I learned there was Arnold Toynbee’s theory of the progress of man. Of course, we know thatArnoldactually meant of men and women, whether in society or as individuals, we progress in response to adversity.
And we certainly have plenty of adversity facing us in this realm of cybersecurity. We have all become so dependent on this new super highway of information that permeates every aspect of our lives. And we take a lot of these things for granted. But the adversity is great and our country needs to get up for this greatness.
And recently, the University System of Maryland came back with the Cybersecurity Task Force recommendations from its 2011 report.
I wanted to share with you at the outset the five recommendations that they made. One was that we conduct a comprehensive and scientific survey of government and industry workforce and skill needs in the area of cybersecurity.
Two is that we enhance and extend educational offerings, including cybersecurity forces, certificates and degrees in cybersecurity and specialization in cybersecurity.
Three is that we leverage partnerships between educational institutions and public and private sectors.
Four is to strengthen research and support innovation and technology transfer in cybersecurity.
And five was that we expand a career pipeline and create clear pathways for community college students to pursue four-year degrees in a variety of cyber-related fields at institutions across the University System of Maryland.
Well, as you can gather from all of those recommendations, everything that we hope to do in the realm of cyber depends on our will, on our willingness, on our capability and our capacity to forge the consensus necessary to invest in the skills of our people. You can’t move forward without them. There’s no sort of work-around that will get you to where we need to be in cybersecurity, if we don’t educate more of our citizens and educate them in better ways.
I was last year at NIST when we – actually, I’m reminded that we launched our CyberMaryland initiative here in January of 2010. NIST is a tremendous asset in our State and we remain hopeful that with the leadership ofAmerica’s Cyber Senator, Barbara A. Mikulski – the A stands for Always on the job – that we will be able to locate the National Cybersecurity Center of Excellence right here at NIST.
When we get this done, the center can serve as a hub for connecting private sector business and innovation with federal research and, therefore, strengthening our security while paving the road for greater job creation. And that is also our most urgent priority, I think you’d have to agree, as a nation right now, is job creation.
Some of the jobs that were here for the last 20 or 30 years might not ever be coming back. But there are some jobs that we’ve never seen before in areas like cybersecurity that offer a tremendous amount of opportunity, if only we had the courage to seize it.
One of the great ironies of our times, as that lesson from Toynbee suggests, is that the very immensity of the challenges in this field, the real asymmetrical threats that we face in areas like cybersecurity, are also the very things that are driving the demand, that are driving the innovation in states like Maryland, where our economy is recognized as an Innovation Economy,… an economy that depends, in great degree, on the talents and the skill levels of our people.
Last year I had occasion to visit a small cybersecurity business inBaltimoreCitycalled CyberPoint International, only probably about 20 employees when I visited them. They are going to be creating 100 new jobs inMarylandin the short-term future.
And it’s stories like the story of CyberPoint that we need more of, and that our country needs, that our State needs and the next generation needs.
It is not a Democratic or a Republican opinion, but rather an economic and an historic fact that a modern economy, in order to create jobs, requires modern investments. And if we make the right choices and the right investments, companies like CyberPoint will show us our potential and can create more and more opportunities and more jobs.
Today I want to share with you a few of the choices the Governor has to choose, right? And I’m the generalist known as the Governor. And I wanted to share with you some of the choices in investments that we are making as a State in order to lead on cybersecurity.
We have done great things as a State in the last couple of decades, largely around assets that were already here, like NIH and Johns Hopkins, to be one of the top states for life science and biotech.
The other part of the wishbone offense, of the Innovation Economy that keeps you here inMaryland, I actually believe are the choices that we make where cybersecurity is concerned. And I think putting those two together, we have a lot to be hopeful about on the horizon.
So let me jump in here. I think you’ve got to practice what you preach, so let me talk a little bit about this corporation, this shared platform of ours known as our State Government.
STRENGTHENING MARYLAND’S CYBER SECURITY
Our efforts to create jobs in cybersecurity are only as strong as our ability to protect and make more resilient our own networks. I have visited some. I’ve been to theNATOCenterfor Excellence, I have heard the stories that Estonian public officials shared with me about how their country’s banking system, their government and other networks were shut down by a cyber attack.
InMaryland, we created a Commission on Cybersecurity Innovation and Excellence, which now brings together leaders from the public and the private sectors.
We were selected by the Multi-State Information Sharing andAnalysisCenterto pilot an expanded cyber threat detection initiative. The Center analyzes logs of computer activity to search for patterns which might indicate that there is a present threat.
We are now partnering with the Maryland Air National Guard, with its 59 personnel with the expertise on these issues, to assess our own cyber vulnerabilities across our State Government.
We have established well-defined best practices and policies for all State agencies, based on the high standards already set by NIST.
We have connected all State Chief Information Officers on an Information Technology Advisory Council – communication, coordination, cooperation, unnatural acts between non-consenting adults. We’ve forced them all to get together and talk about how they do what they do and what they need to improve upon, and to do better in the area of cybersecurity is part of that group’s portfolio.
Our State’s Office of Legislative Audits now conducts agency-wide audits of computer and data security, given the tremendous amount of sensitive identification information with which your State Government is entrusted.
Last month, we held for the very first time a cabinet-level security tabletop exercise to prepare for a cyber attack. There were probably about 160 of us in that room and I was there for the full couple of hours for that exercise at Anne Arundel Community College.
Let me move on and talk a little bit aboutMarylandassets.
There is an adage in business that says that you should only compete when you have a competitive advantage. And when it comes to this emerging sector of growth of cybersecurity,Marylandhas a whole host of competitive advantages, so many of them represented by the men and women seated in this room today.
And I would argue that there is no State better positioned than Maryland in terms of not only the skills of our people, not only of our assets, but also our geography, to lead the nation’s defense against cyber crime, cyber intrusions, cyber thefts and cyber attacks.
At present, we rank fourth among the fifty states in our concentration of technology jobs. There are more than a quarter of a million Marylanders working in our technology sector, and more than 60,000 who work in computer systems design.
And we estimate that through our cyber initiatives we can create between 24,000 to 28,000 new cyber sector jobs right here inMarylandin the not-too-distant future.
We are home to great federal assets like NIST, the Intelligence Advanced Research Projects Activity, the Joint Cyber Command, National Security Administration, Aberdeen Proving Ground, to name a few.
Our colleges and universities receive more than $100 million in federal cybersecurity research dollars. I believe that’s annually. And 13 of our colleges and universities’ cybersecurity programs have earned the highest ranking for excellence from NSA and the Federal Department of Homeland Security.
Now, keep in mind, we’re a State that only has eight Congressional districts. Those 13 centers of excellence, as verified by NSA, that’s more than any other State in theUnion. It’s more thanTexas, it’s more thanCaliforniaand it’s more than Illinois.
So we are home literally to thousands of companies emerging, established and wishing to expand, who are working at the cutting edge of cybersecurity. And with the highest percentage of PhDs, engineers and scientists per capita, our State also has what Education Week Magazine has said for three years in a row areAmerica’s number one best statewide system of public schools.
So we have one ofAmerica’s most highly-educated workforces and it’s because of the inputs. You know, there are good and bad consequences for the good and bad decisions that we make as a people. And when we make good decisions, like investing in education, like making college more affordable, we reap the benefits of that, in terms of the job opportunities that we’re able to bring to our State and fill in our State.
No doubt these are, and continue to be, very, very difficult times. We all would like to be looking at the recession falling further and further behind in our rearview mirror. But sometimes the most important thing to do in any endeavor is to beat the system. And we are persistent here inMarylandin creating jobs, with the belief that the most important job we create is the next one.
So far this year, since the start of the year, we have created 14,700 jobs. Our unemployment rate is 20 percent less than the national rate. The U.S. Chamber of Commerce ranks us in the top five in terms of growth potential. Ernst & Young says we have the 12th lowest tax burden on new investment for business. Forbes named us one of the top 14 states for doing business. The Kauffman Foundation says we’re one of the top three states best positioned to win in the new economy. And all three bond rating agencies affirmed that we are one of only eight states that have a Triple A Bond Rating.
I say all of that not so much to encourage those of you that live inVirginiastill to move across to Montgomery, but I say that just to underscore the strengths that we bring to this fight and this important national imperative.
And the work that you’ve been talking about for these last few days is so very important in all of that, in advancing cybersecurity education inMaryland.
ADVANCING CYBER SECURITY EDUCATION IN MARYLAND
We are well-positioned to create more jobs in cybersecurity and other innovation sectors. The question is whether we will fill those jobs with kids that come out ofMarylandschools. The question is whether and how quickly we can move the great ideas from the labs and into commercialization, to get them into the economic vein and lifeblood of our economy.
These things will only be possible if we recognize that imperative, that truth, that to create jobs a modern economy requires modern investments.
We’re not going to meet this big challenge or other big challenges simply by cutting, simply by dismantling our federal government, our State Government, or our local governments. Not when our global competitors are investing more and upping their own skills and the education of their own networks, if you will, and workforces. Investing more in their own infrastructure, investing more and taking larger shares of global markets.
We have to be willing to choose to work together and to come together to make the investments necessary. Especially in this area, the perimeter we defend changes every day and it changes rapidly. So we need the partnership of business, labor and higher education all working together in order to prepare our citizens not only for work on the cutting edge of this changing sector, but simply to stay at pace, keep pace, with where that edge is in this fast, fast moving field.
You know, it’s been said that an immune system is strong not because it outnumbers the bad bugs; it’s strong because it’s better coordinated and more resilient than the bad bugs.
Now, this sort of mindset, though, is something relatively new for us Westerners, and by that I mean the hemisphere, not the other side of theMississippi. Because for 400 years, we’ve been kind of in reductionist mode, right? If we specialize, we’ll be successful.
But where cybersecurity is concerned, it really takes that more Eastern mind approach to recognize the whole. The yin and the yang of the relationships, between the relationships, the connections between the connections. And the government can’t do it by itself, nor can the private sector do it by itself, nor can simply our education apparatus, however excellent it is.
We really have to work as a system, as a whole, in order to meet these challenges and make them our opportunities.
So to give you a few examples of how we’re proceeding inMaryland– this wasn’t designed to be a David Letterman Top Ten list, so we’re not going to do a drumroll at the end. But just in case you were wondering when he’s going to stop talking, I’ve got 10 points I want to make. (Laughter.)
By far, the most important single investment we make together is in the people in our State and the investments we make in public education. It is now 50 percent of what we do as a State in K-12 and college. We have made the largest investments each and every year, even through this recession, that we have ever made as a State in K-12 education.
And on the capital side, we’re investing a record amount in school construction, even in the face of huge budgetary challenges and cuts. We have done all this while cutting $6.8 billion out of the other things that we do in government. So, investments in education.
Number two, inMarylandwe’ve chosen to make college education more affordable, rather than more expensive. In other states, they are balancing their budgets, in part, by increasing education by double-digit amounts every year. Instead, we went four years in a row – the only public university system in the country to do so – four years in a row without a penny’s increase in college tuition.
Number three, with federal dollars from the Obama administration, we are building the cyber infrastructure that will allow our kids to compete and win in this changing global economy. And that will connect more of our small businesses to opportunities in this global economy.
We will be the first state to be as networked through broadband as we are at the conclusion of this process, thanks to a $115 million competitive grant from the Obama administration. And that’s also going to be a tremendous help in our law enforcement sites and our ability to protect our people.
Number four, we’re putting a statewide priority on reinvigorating education in the STEM disciplines – science, technology, engineering and math. Today, in math, American students rank 24th out of the 34 OECD countries. A decade ago we ranked 15th. Similarly, today our students rank 16th in science. A decade ago we ranked 12th.
Thirty years ago, when I graduated from high school, our country ranked number one in high school graduation rates among global competitors. Today, we’ve slipped to 11th. Thirty years ago, we ranked number one on college completion, today we’ve slipped to number twelve.
You’re all aware of these trend lines, and I think you’re all aware – or you wouldn’t have given the time to be here these last few days – that these trends are reversible. It’s not what those other countries are doing to us, it’s what we are not doing for ourselves.
To truly reinvigorate STEM education, government needs the help of so many of the groups represented in this room. And so we are connecting a STEM Innovation Network at the same time that we’re revamping our curriculum. We are connecting a STEM Innovation Network with leaders from business, K-12, higher ed, non-profits and government.
The Innovation Network is doing a lot of new things, like putting curricula, lesson plans, webinars, tutorials and classroom-ready experiments online so teachers across our State can access them.
And the other thing that this STEM Innovation Network does is it offers mentoring from industry professionals, pairing them up with teachers in the places where the businesses or the institutions or employment centers are located.
It keeps a running roster of volunteers from business, government and higher ed who are available to visit classrooms, talk directly to the boys and girls, get their minds focused and thinking on what they might do after school.
A couple further examples of things we’re doing on STEM … we’re partnering with Project Lead the Way, a national non-profit that has developed a high school STEM curriculum, now being in used in 14 of our 24 school systems.
And our Education Department is developing a new statewide STEM curriculum, as I mentioned, based on Common Core Standards that will be benchmarked internationally, with the goal of aligning K-12 curricula with the needs of higher education and, therefore, industry. So we don’t have these huge cliffs, or maybe I should call them giant steps, that our kids can’t get over as they move from one section, one part, of their educational career to another.
So how are we doing? So far we’ve increased by – these are some measurable results – so far we’ve increased by 23 percent the number of AP exams our students in high school are taking in the STEM disciplines. We have increased the number of STEM graduates from State colleges by 10 percent. We have more than doubled the number of teachers certified in the STEM disciplines.
Now, none of those things should knock you off your socks at any one increment, but if you keep doing that over time, putting one foot in front of the other, soon you’ll look over your shoulder and be surprised at what a huge difference and how much progress has been made.
Number five. The “T” in STEM is technology. And I truly believe a large piece of this puzzle is what we used to call vocational education in the old days, and came to get a bad name. “You pigeon-holed my child by putting him in a vocational class.” So we call it CTE, I think most places do now, Career Technology Education.
Forty-twoMarylandhigh schools now offer an IT curriculum that was designed in partnership with the Tech Council of Maryland and businesses like Cisco, Lockheed Martin, Northrop Grumman, IBM, and Oracle. These companies are also offering mentorship and internship opportunities to our students.
And over the last four years we have been able to more than double student enrollment in these IT courses. So our kids are hungry, they want to do it, if we make it available to them.
In the next two school years, we’re slated to bring 10 more schools online. And while other states have similar initiatives,Marylandis the first which offers a cybersecurity component to that course of study. Again, building off some of those recommendations made in the report, creating the pathways.
Six. Beyond high schools, we’re investing through our Maryland Higher Education Commission in grants to community colleges and four-year colleges to develop cybersecurity curricula as well.
Seven. We’re partnered with our University System to launch theMarylandCybersecurityCenter, or MC Squared, housing experts from business and higher education. Students participate in the center’s research, gaining real world experience that will ultimately help them land cybersecurity jobs.
Number eight. Thanks again to our greatest cybersecurity asset, Cyber Senator Barbara Mikulski,Marylandsecured one of two federal grants for State cybersecurity training. Through an initiative called Pathways to Cybersecurity Careers, we are partnering with Anne Arundel, Howard and Carroll counties, their community colleges, as well as with the City ofBaltimore, to train 1,000 Marylanders. And so far we’ve enrolled 680 and many of them are people who are currently without employment, but soon will find it.
Number nine. The circular connection between business and the public sector, we’ve also added a special committee on cybersecurity to the Governor’s Workforce Investment Board, the GWIB.
And number ten, through the University of Maryland University College, the largest public online university in the nation – did you know that? We are providing trainings in cybersecurity to employees currently working in the field. UMUC has either negotiated or is currently negotiating agreements with 40 of the 50 top firms in the cyber sector.
So those are some of the things that we have been doing to advance our leadership in cybersecurity and, in particular, preparing our workforce for the skills that they need to do these very, very important jobs. In other words, to set the table for greater job creation in a sector that is addressing threats and creating opportunities every single day.
You know, I recently saw a fellow Marylander, Tom Friedman, speak at the National Governor’s Association out inUtah. And I’ll leave you with this last thought.
After a succinct outline of the elements of economic growth that have made this public/private partnership known as the United States of America one of the greatest opportunity-expanding engines in the history of the world, he concluded by saying – he said that, you know, the debate in Washington, where we’ve watched over these last few months, is really beneath us as a people, this notion of, hey, I’m going to cut a trillion. I’ll match your trillion and I’ll raise you by another trillion. Well, I’ll match your trillion and I’ll raise you by another trillion.
That sort of cut, cut, cut, cut – you know, who can be the fastest and quickest at dismantling that common platform of ours that allows us to create a better future for our kids.
He concluded that, you know, “We need to cut, and we need to raise, and we need to reinvest, because the country we need to rediscover is our own.”
And that is certainly so very, very true in this emerging sector. To move forward we must create jobs and to do that we need to stop cuttingAmerica, we need to stop cutting our children’s future. And we need to start rebuildingAmerica, we need to re-equip our children, we need to return to the urgent work of building up the future that our children will share.
That’s what your work has been about these last three days and that’s what this sector gives us an opportunity, like few in our nation, to be able to do.
We are a great people and greatness is something, though, that must be achieved in every generation. The future is not a gift, it’s not a lottery ticket, it is something that we must work to achieve.
Look around this hall. I mean, look at the diversity of people that are represented here. You won’t find a state that’s better equipped – for all of the reasons I mentioned, but also for one more. And that is that in our State, we have the understanding, the belief, the faith if you will, that we are all in this together, that our diversity makes us strong and that our ability to look at new challenges and see them as new opportunities depends on our ability to see the whole. Not ourselves in isolation or separation, but to be able to see ourselves not as a crowd, but as a community, a community that’s putting one foot in front of the other, making the choices necessary to seize the day.
Thank you all very, very much for your patience.