It’s a pleasure to join you all, and I’m glad to share the virtual stage today with such a distinguished panel of public servants and other experts. The focus of this event, increased US-EU cyber collaboration, is also very exciting. Momentum is growing every day, and as we deepen international cooperation in cyber policy, we enhance the security, safety, and stability of cyberspace for all.
I’m very happy to offer my congratulations to Romania on the establishment of the European Cybersecurity Industrial, Technology and Research Competence Centre. Romania has been a bold and brave voice in the advancement of international cyber policy. Cyber and Digital Affairs has been a pillar of our decade-long bilateral Strategic Partnership, and Romania has been a steadfast partner in disrupting malign networks. Romania is thus an excellent choice for the center’s placement, and I am glad to see Romania’s hard work in supporting responsible state behavior in cyberspace recognized in this way.
I would like to briefly address the important role diplomacy and international cooperation play in defending a stable, reliable, interoperable internet for everyone across the globe. Just last week we heard President Biden tell the Munich Security Conference, “We must shape the rules that will govern the advance of technologies and the norms of behavior in cyberspace…so they are used to lift people up, not used to pin them down.” How to accomplish what President Biden laid out is the work we are doing now; work that will take on an increased prominence in the years to come and require continued, close Transatlantic coordination.
When it comes to cyber issues, I cannot overstate the importance of building our cooperative efforts on a firm foundation of international cyber policy, including a widely accepted understanding of what constitutes responsible state behavior in cyberspace and shared approaches to hold states accountable when they do not act responsibly.
For over a decade, we have worked with the international community to design and promote a framework for responsible state behavior in cyberspace, with tremendous success. Romania has played an important role in this work as a member of the current UN Group of Governmental Experts or GGE. The framework we are advancing together has three key elements:
- First, it affirms that existing international law applies to state behavior in cyberspace;
- Second, it calls on all states to adhere to certain voluntary norms of behavior in cyberspace during peacetime;
- And third, it calls for the development and implementation of practical confidence-building measures to reduce the risk of conflict in cyberspace.
Together, the elements of this framework build trust, enhance transparency, and decrease the risk of conflict. They provide a strong foundation for U.S.-EU cyber cooperation moving forward.
I know that the organizations here understand this – Romania has been a steadfast partner in the UN GGE, and the EU shares our priorities of boosting cyber diplomacy, enhancing cyber resilience, and reinforcing cyber defense.
Even a strong framework based on voluntary norms and international law cannot enforce itself, however. Besides our work to enhance network defense and build common understanding of the framework, we must also work together to create clear, transparent, and meaningful consequences for malicious actors in cyberspace.
In 2019, the United States, Romania, and 26 other nations signed a joint statement affirming their willingness to work together hold states accountable for their actions in cyberspace. As that statement put it, “There must be consequences for bad behavior in cyberspace.” The State Department is working to ensure that a broad group of countries stands willing and able to impose those consequences.
Romania and the EU are among those joining together with the United States to call out specific actions of malign actors. We applaud the work of the EU on its cyber toolbox and on issuing its first two cyber sanctions. This is a good start, and an area for continued collaborative effort.
Research and coordination, the role of the new Cyber Center of Competence, can help support an overall strategy to maintain an internet that is open, interoperable, reliable, and secure. To do so most effectively, we believe it must support the framework of responsible state behavior in cyberspace and must encourage EU member countries to adopt similar strategies at home.
So, I thank you again for inviting me to share the United States’ perspective and our optimism for transatlantic cooperation on cyber issues. Thank you as well to the EU and Romania for your work to advance the framework of responsible state behavior and to hold countries accountable for malicious cyber activity. I look forward to hearing your perspectives on the path forward for the Cyber Center and U.S.-EU cyber collaboration. With that, I’ll conclude and yield the floor to Dr. Kenneth Geers of the Atlantic Council who will moderate the rest of the discussion.