As prepared

  • It’s my distinct pleasure to be here today. Thank you State Minister Seki and Dan for your gracious remarks.
  • This is my first trip overseas since assuming the role of Principal Deputy Assistant Secretary of the East Asian and Pacific Affairs Bureau, and I must say it’s been a great experience so far.
  • But that’s not the only reason why I came out to Japan. This training reflects the ironclad Japan-U.S. Alliance as well as demonstrates Japan’s leadership in the region by hosting participants from so many southeastern partners—this is one of the reasons why I am here today.
  • I want to share with you that cyber and digital economy policy issues are a high priority for the United States, and we take a whole-of-government approach to these issues.
  • This includes everything from cooperating with allies in building the cybersecurity capacity of partner nations to promoting the free flow of data that underpins the digital economy.
  • It also includes engaging with industry on a number of issues, such as standards and regulations for emerging technologies, and the protection of industrial control systems.
  • We are building a coordinated cyber and digital economy policy so that we all can reap the many benefits of a digitalized economy, and to promote an environment that enables innovation, while keeping cyberspace secure for all stakeholders.
  • That’s because technology and innovation are important drivers of modern economies, and it is estimated that 75 percent of the benefits derived from Information and Communications Technologies (ICTs) go to non-ICT businesses.
  • In a sense, all companies are “technology companies.” This is a point that many of you know well, being operators or administrators for largely “physical” outputs such as energy or manufacturing.

 

Threats

  • So why is this a high priority for us, and why should it be a high priority for all of us?
  • Well, as you may have heard, our leaders at every level from Assistant Secretary David Stilwell all the way up to President Trump have emphasized how the threat environment has changed and continues to change.
  • Therefore, it’s imperative that we adapt our response in-kind by working closely together to mitigate cybersecurity threats.
  • Cyber-enabled threats have proliferated as our systems have become increasingly interconnected.
  • As we roll out 5G networks and billions of devices come online under the Internet of Things, the so-called “attack surface” will increase exponentially.
  • These threats range from state-sponsored attempts to target major critical infrastructure to the use of ransomware by cybercriminals to extort a single individual or hold hostage sensitive information.
  • Cyber attacks also result in the theft of massive amounts of intellectual property (IP) and personally identifiable information (PII).
  • Earlier this year, the U.S. intelligence community released a report which laid it out clearly that:
  • ‘Our adversaries and strategic competitors will increasingly use cyber capabilities – including cyber espionage, attack, and influence – to seek political, economic, and military advantage over the United States and its allies and partners.’
  • At present, China and Russia pose the greatest espionage and cyberattack threats, but we anticipate that all our adversaries and strategic competitors will increasingly build and integrate cyber espionage, attack, and influence capabilities into their efforts to influence U.S. policies and advance their own national security interests.
  • Malicious state actors in cyberspace have launched cyber-attacks, such as WannaCry and NotPetya – costing billions of dollars in damage and effecting a wide range of systems.
  • Our challenge – as a government and a society – is to confront these risks while upholding the important benefits that come from an open, interoperable, secure, and reliable cyberspace—A cyberspace that fosters efficiency, innovation, communication, and economic prosperity, while respecting privacy and guarding against disruption, fraud, and theft.
  • The United States and other countries recognize that cyber policy affects not just network security, but also national security and human rights.
  • It also affects economic growth, and ultimately foreign policy.
  • It is becoming increasingly clear that all important national interests are impacted by cyber policy.
  • Therefore, diplomatic engagement and international cooperation are critical.

 

Open, Interoperable, Reliable and Secure Cyberspace

  • We believe that the key element in a sound national cyber strategy is to advance an open, interoperable, reliable and secure cyberspace that benefits and promotes ours and our allies’ interests and values.
  • The same principles that apply every day in the physical world of our democracies should apply online, too.
  • This is critical because we believe that cyberspace offers opportunities for freedom of expression, information sharing, commerce across borders, and improving people’s lives and standards of living.
  • Our policies must be carefully crafted to heighten cybersecurity and protect privacy without creating barriers to innovation and emerging technologies or undermining individual liberties.
  • The United States supports a free and open model for the Internet, driven by a transparent, bottom-up, consensus-driven process, which enable governments, the private sector, civil society, academia, and the technical community to participate on an equal footing.
  • As we strive to enhance the resilience of the global cyber ecosystem, we take capacity building seriously.
  • We provide support to our partners to increase their access to, use of, and ability to fully benefit from the Internet and other elements of cyberspace.
  • It benefits all of us to better understand the cyber threat landscape and to develop the expertise from top to bottom to combat these threats.

 

Our Economic Approach

  • Next, I want to talk about our approach, or more specifically our economic approach to the Indo-Pacific.
  • On July 30, 2018, at the Indo-Pacific Business Forum, hosted by the U.S. Chamber of Commerce in Washington DC, Secretary Pompeo announced a whole-of-government commitment to enhancing U.S. economic and commercial engagement in the Indo-Pacific.
  • Secretary Pompeo, with Principals from other U.S. government agencies, announced a “strategic down payment” to shape the Indo-Pacific’s economic future in the digital economy, infrastructure and energy.
  • The “Digital Connectivity and Cybersecurity Partnership” or “Digital Partnership” has four objectives:
    • Improve partner countries’ digital connectivity by increasing private-sector investments in ICT infrastructure;
    • Build technical capacity and promote pro-competition, multi-stakeholder approaches to internet governance;
    • Expand opportunities for U.S. ICT company investments in and exports to the Indo-Pacific region;
    • And build the capacity of partners to address regional and global cybersecurity threats.
  • I want to emphasize that our strategy is truly a ‘whole of government’ approach with many agencies involved.
  • Specifically in cybersecurity capacity building, these U.S. agencies work together with partners, such as Japan, to enhance the resilience of the global cyber ecosystem, including critical infrastructure and the industrial control systems which support it.
  • We all must improve our abilities to identify, detect, respond to, and recover from malicious cyber activity.

 

Cybersecurity Capacity Building

  • This brings us back to how cybersecurity is a key component to a prosperous digital economy.
  • And joint cybersecurity capacity building and training sessions, such as this event today, are the cornerstone of our cooperation to improve cyber resilience.
  • We are very pleased to work with Japan on this Industrial Control Systems Training. This collaboration began in 2016, when our Department of Homeland Security agreed to work with METI in building an Industrial Control Systems (ICS) curriculum.
  • The agreement included Japanese officials visiting Idaho National Lab (INL), INL personnel visiting Japan, a train the trainer workshop, course curriculum guidance, and eventually full ICS trainings.
  • In addition, we have offered and will continue to offer cybersecurity, digital economy, and cybercrime workshops for the benefit of many Indo-Pacific nations.
  • Regarding cybersecurity capacity building, nations must develop the capacity to act on cyber threat information and particularly indicators of compromise.
  • They must have effective national Cybersecurity Incident Response Teams in order to share threat information.
  • Beyond cybersecurity capacity building for the cyber workforce of today and tomorrow, it is critical that companies and governments ensure the secure design of their ICT systems.
  • The United States believes ICT networks and services play a critical role in the safety, security, and prosperity of our nations and are an attractive target for foreign adversaries and malicious cyber actors.
  • This is true of all ICT networks, but especially next generation 5G networks, due to the expanded “attack surface” I previously mentioned – those billions of devices, sensors, and systems – especially yours that control critical infrastructure sectors – that connect to 5G’s highly distributed, software-defined network.
  • That is why one of our key goals is to ensure the United States and our partners and allies maintain secure and reliable networks and ICT supply chains in order to reduce the risk of unauthorized access and malicious cyber activity.
  • So where do supply chain threats originate from?
  • Supply chain threats may arise from products produced, manufactured, assembled, or serviced by entities that are owned, directed, or subsidized by national governments or entities known to pose potential national security or intelligence threats.
  • We encourage countries to consider national security, including cybersecurity, as a key factor in the evaluation of all telecommunications infrastructure-related projects and service provision—ranging from tenders for public procurement contracts, to national security reviews of foreign investment transactions, to applications for telecommunications licenses, among others.
  • Countries should prioritize security in the context of telecoms-related procurement, project finance, foreign investment, and licensing from the outset, before potentially compromised networks are installed.
  • A high degree of diligence is also critical to mitigate cybersecurity threats throughout the entire lifecycle of installed infrastructure.
  • Given the transformational nature of 5G, internet of things, and artificial intelligence technologies; procurement and deployment decisions made now will have a generational impact on your security, economy, and society.
  • As such, countries should not rush to commit to any one system or vendor until they are able to compare available technologies and fully factor security into procurement decisions.
  • Keep in mind that vendors are pursuing contracts with terms that can be decades long, so don’t allow vendors to set your decision timeline for you.

 

Conclusion

  • I want to wrap up by emphasizing how through working together, based on our shared values, we can ensure that our vision for the Internet is promoted and protected, so our citizens and economies can reach their full potential. This goal is at the heart of our efforts for a free and open Indo-Pacific region, both now and in the future.
  • By working together, we can build likeminded coalitions of countries, of businesses, and across civil society.
  • Together, we can promote internet freedom and push back against those countries who view information itself as a threat.
  • This training is one way we are working together, so thank you to the Government of Japan for hosting this important training, and thank you to all of you for taking part today.

U.S. Department of State

The Lessons of 1989: Freedom and Our Future