On behalf of the U.S. Government, I am pleased to welcome you to this reception along with our co-host, Ambassador Luz Elena Baños Rivas of Mexico.
At the outset, I want to thank Allison August Treppel and the cybersecurity team at the Secretariat of the Inter-American Committee against Terrorism (CICTE) for providing this space and for all of their work to make our engagements this week possible.
The regional consultation taking place today and tomorrow at the Organization of American States directly supports upcoming discussions at the United Nations Group of Governmental Experts (GGE) on cyber issues. Additionally, I see it as an important part of an extended dialogue that UN member states will have over the next two years on international security issues in cyberspace.
The stakes are high. We are seeking to deepen consensus on responsible State behavior to prevent cyberspace from becoming a source of instability and conflict. If we succeed, we can help safeguard the benefits of the Internet – a global platform for innovation and engagement – for generations to come. If we fail, we are likely to experience more disruptive cyber attacks and greater insecurity that will threaten trust in the Internet as we know it today.
Role of the OAS
The OAS has a proud history of helping to improve cybersecurity and strengthen cyber stability in the region.
The OAS was the first regional organization in the world to take up cybersecurity issues back in 2002.
Since 2004, with support from the United States and other member states, CICTE, through its Cybersecurity Program, has worked with member states to build national cybersecurity capabilities as a part of its efforts to implement the Comprehensive Inter-American Strategy to Combat Threats to Cybersecurity.
These efforts yielded significant results:
National Computer Security Incident Response Teams (CSIRTs) increased from 4 to 21 since 2004;
Eleven (11) countries, including many represented here today, have adopted national cybersecurity strategies;
A hemispheric network (i.e., CSIRTAmericas.org) now exists to facilitate communication, information and knowledge sharing between national CSIRTs in the region; and
Specialized technical trainings have been provided to thousands of government officials and other cybersecurity stakeholders in the region.
And in recent years, with leadership from our Chilean, Colombian, and Mexican colleagues, the OAS is among the first regional organizations to implement the recommendations of past UN Group of Governmental Experts (GGE) reports by putting in place cyber confidence building measures aimed at transparency and reducing the risk of conflict stemming from a cyber-incident.
It’s also important to recognize the leadership role that one of our member states – Brazil – has played in chairing both the 2014-2015 GGE as well as the upcoming one. We very much look forward to working with Ambassador Patriota in the next few years in the GGE.
Our work to date in the Americas region supports global efforts to promote responsible State behavior in cyberspace. And we all have a strong national security interest in ensuring that this important cooperation and work continues and succeeds.
As cyber capabilities become cheaper and easier to acquire, more States are establishing offensive cyber programs. States must use these capabilities responsibly – whether they are in our region or not – because, in our interconnected world, all of us can be affected in unintended ways.
Because of the interests at stake, we encourage every state here today to take an active role in these discussions – including, in particular, the Open-Ended Working Group (OEWG) that will kick off at the United Nations next month.
Goals for Upcoming UN Discussions
The United States would like to see both the GGE and the OEWG processes operate in a complementary manner and achieve successful outcomes.
Fundamentally, we must seek to build upon and universalize adherence to the framework of responsible State behavior in cyberspace that the 2010, 2013, and 2015 GGE reports recommended, and that the UN General Assembly has said all states should follow. This framework includes three elements:
Affirmation that existing international law applies to state behavior in cyberspace;
Adherence to certain non-binding norms of responsible state behavior in cyberspace during peacetime; and
The development and implementation of practical cyber confidence-building measures.
Our hope is that the upcoming discussions in the UN can help to broaden awareness of this framework and produce practical guidance to States on how to implement it.
A key element of this will need to be capacity building.
We need to continue working together to help States build capacity to apply the framework. And in our increasingly interconnected world where one country’s cyber vulnerabilities can affect global stability, the ultimate success of this global effort will necessarily depend on the ability of individual countries to effectively protect their networks.
We hope, through both processes, to emphasize the importance and role of capacity building in promoting peace and security in cyberspace.
Deterrence
Finally, while we continue to work in the UN towards international consensus around responsible State behavior in cyberspace, we must remain clear-eyed about the fact that some States will simply choose not to abide by this consensus.
Indeed, the experience of recent years shows that if we want to see stability in cyberspace, we, as responsible States, must do more to hold other States accountable when they engage in significant disruptive, destructive, or otherwise destabilizing malicious cyber activity.
We are encouraged to see a growing number of governments beginning to work in concert to condemn malicious cyber activity. From WannaCry to NotPetya to the APT10 cloud hopper attacks, more and more countries are attributing cyber attacks or issuing statements of support to those states that do attribute such attacks. But we need to do more to show that there is accountability for bad behavior in cyberspace.
To that end, our National Cyber Strategy calls for greater cooperation among like-minded, responsible States through the formation of a Cyber Deterrence Initiative. We welcome the opportunity to continue discussing this effort within the region.
Conclusion
In conclusion, I want to thank you for honoring us with your presence here this evening.
We have a lot of work to do together in the coming years, but fortunately, our region has a strong record of success to build upon.
I wish you all a fruitful and productive day tomorrow.