January 26, 2016 – Former Ambassador Daniel B. Shapiro’s Address to the 3rd Annual CyberTech Conference and Exhibition

Good afternoon distinguished guests.

I’m pleased to be here today, and I’d like to take this opportunity to thank everyone who organized this conference and exhibition.  It is my honor to address the 3rd Annual CyberTech Conference and Exhibition, one of the world’s very largest cyber events.

I regret having to announce that our Deputy Secretary for Homeland Security, Alejandro Mayorkas could not be here today to speak due to the historic snowstorm that closed many of the airports in the Washington, D.C. area.  Our State Department Cyber Coordinator Chris Painter was also delayed, but should arrive later today. In my comments today, I hope to cover some of the areas that Deputy Secretary Mayorkas’ remarks would have addressed.

Before I begin my substantive remarks, let me address one other issue. Last night, another victim was murdered by a knife-wielding Palestinian terrorist. Another family was forced to mourn for a loved one taken cruelly from them. On behalf of my government, I condemn the murder of Shlomit Krigman, yehi zichra baruch, in Beit Horon, in the strongest possible terms. All efforts must be made to bring her killer to justice, and to prevent additional attacks, including countering the terrible incitement that can inspire them. I offer our deepest condolences to Shlomit’s family, and prayers for the recovery of the other victim wounded in the attack.

The U.S.-Israel relationship is a close alliance of two partners, bound by shared strategic interests and the common values of two democracies.  Our cooperation is extensive in many fields.  Perhaps the newest, and most exciting, is cyber, where the exchanges going on every day are simply unparalleled.

Together, we stand at the forefront of cyber innovation, technology, trade, and security.  The United States is the largest market for Israeli cybersecurity firms.  Our governments work together to strengthen our resistance to cyber attacks.  We continue to develop new tools to counter these malicious actions.  We cooperate in international fora to make the internet a freer and safer place.  And our private sectors are deeply intertwined—in Tel Aviv, New York, Palo Alto, and yes, Beersheva. Welcome to the robust American delegation here at Cybertech.

So I’d like to shift our attention to the present – and to the near future.  What are the most vital areas for collaboration between our countries? What are the most salient challenges that face us? Where do we go from here?

As Secretary of State John Kerry has said – freedom of expression on and access to the internet is a fundamental right.  As such, the United States has continued to pursue policies that ensure freedom of expression on the internet.  But the internet is also a means of communication – and the same technology that facilitates communication can also be exploited by those who seek to incite violence, glorify terrorism, or recruit individuals to malicious causes. We see this here in Israel, where the recent wave of brutal stabbing and vehicle terrorist attacks has been fueled, in part, by incitement on social media.  Similar phenomena have been observed elsewhere around the world.

Protecting internet speech while also limiting the harmful reach of incitement to violence and terror will not be easy. Freedom of expression is not a license to incite imminent violence.  The United States remains a partner committed to the security of Israel, and we remain fully engaged with our partners to combat incitement—wherever it occurs—while ensuring that everyone has the ability to access this fundamentally important tool that is the internet.

But cyber threats go far beyond incitement to terror.  Last month, President Obama signed legislation passed by our Congress designed to improve cybersecurity in the United States through enhanced sharing of information by the private sector regarding cyber threats.  At the same time that we are seeking a greater ability to cooperate with the private sector domestically, we are also in the process of a rigorous debate regarding the export of critical cyber technologies that can be used by malicious actors.

Cybersecurity is defined by rapid change.  Technology is evolving at a faster pace than ever before.  Our adversaries are also changing rapidly and are constantly developing new tools and attacks to compromise critical networks, steal data, and potentially damage our physical infrastructure.  In this environment it is essential for cybersecurity researchers and developers to share information rapidly across borders in the interest of creating the next security solution or combating an emerging risk.

But at the same time we must be vigilant that we are not allowing such technologies to fall into the hands of those seek to do us harm.  We hope to continue to consult with the Government of Israel as both our nations examine the government’s role in overseeing the export of sensitive cyber systems while ensuring we support a robust business environment that allows the private sector to thrive.

Criminal elements are still engaged in cybercrime because it pays off.  On the FBI’s Most Wanted List of cyber criminals, you’ll find bad actors responsible for consumer losses ranging from $350,000 to more than $100 million.  The most expensive computer virus in history, known as My Doom, is estimated to have caused more than $38 billion in financial damage.

A 2014 report from Intel Security and the Center for Strategic and International Studies noted that cybercrime costs the global economy up to $575 billion annually.

Malicious actors, as you know, don’t only target consumers or individuals – they also constitute threats at the highest governmental levels.

President Obama fully understands the threat of malicious cyber-enabled activities to the United States.  This is why he signed an Executive Order in April last year that authorizes the sanctioning of individuals determined to be responsible for or complicit in activities deemed a significant threat to the national security, foreign policy, economic health, or financial stability of the United States.

I would like to take a minute to focus on an emerging field – cybersecurity for supervisory control and data acquisition, or SCADA.  These kinds of critical services have already been the focus of sophisticated attacks.

Just last month, there was an electricity outage at a power plant in the Ukraine. That incident left some 80,000 customers in Western Ukraine without power for six long hours.  Malicious software was discovered on that power plant’s systems. We do not yet know if that software caused the hack, but the fact that hackers had access and an adversary was motivated to shut down the power, are enough to cause us grave concern.

And recently in the United States, an Iranian “hacktivist” group claimed responsibility for a cyberattack on the control system for a dam in suburban New York.  DHS’ NCCIC—or National Cybersecurity and Communications Integration Center–responded to this incident. We helped the city figure out what was going on, kick the bad guys off the network, and lay out a path to a more secure system. In this case, the adversaries were not able to gain sufficient control to cause real harm. But this incident does highlight the increasing risks in this space.

Because of events like these I’m pleased to stress the continuing cooperation between the U.S. in Israel to get ahead of these threats and anticipate novel attacks.  These joint efforts are in keeping with our mutual commitment to help each other defend ourselves from threats to our security in many other fields.

As you may know, last October the respective water authorities of Jerusalem and New York City signed a Memorandum of Understanding aimed at developing innovative methods to defend critical water infrastructure from cyber threats.  This is just one example of the natural collaboration that is emerging between the relatively large market in the United States that oversees critical infrastructure and an advanced group of Israeli companies developing innovative solutions to cyber-attacks.  Here, Israeli firms truly represent the cutting edge.

As I mentioned earlier, such attacks are in a state of constant evolution and growth – becoming increasingly sophisticated and innovative.  And U.S. entities responsible for critical infrastructure in the energy and water sectors are taking notice.

Currently, the United States requires that power utilities integrate a degree of cyber tools to protect critical infrastructure.  Other sectors, though, such as water, desalination, and sewage, have only begun to search for solutions.  But we anticipate a market for growth as both U.S. and Israeli firms continue to develop unique defenses to cyber threats that face this specific, but vital, group of industries.

Our bilateral cooperation has been expanding.  Last summer, Deputy Secretary of Homeland Security Mayorkas and Israel National Cyber Bureau Director Dr. Evyatar Matania signed a joint statement of cooperation that reaffirmed our countries’ mutual commitment to promoting collaboration on cybersecurity and cyber research and development.

Under this agreement, we are exploring future collaboration in R&D and conducting regular exchanges that involve both our governments and our private sectors to identify ways to tackle the most pressing threats and strengthen the cybersecurity critical infrastructure.  We will enhance our cooperation on cyber incident management, including cooperation between our NCCIC and Israel’s Computer Emergency Response Team, or CERT.  And we will further develop cooperation of cybersecurity-related investments and knowledge products, so we are best able to anticipate and respond to the cyber needs of the future.

While the United States and Israel remain the world’s powerhouses in the development of cyber technology and security, we also share in the benefits of an open, inclusive, and secure internet. We can celebrate our recent success—made possible in close concert with Israel—to build agreement on norms of responsible state behavior in cyberspace, at fora such as the UN Group of Governmental Experts and the G-20.

I would also like to mention the recent launch of the Global Connect Initiative by the Department of State.  Unveiled last September, this program seeks to bring 1.5 billion people who lack internet access online by 2020.  This spring we will bring together governments and stakeholders to further advance this initiative and help bridge the digital divide.  I sincerely hope that Israel will be a committed and active partner in this important work.

Our countries should take pride in the contribution they’ve made to the current global cyber landscape.  But as I’ve outlined today, the landscape of cyber policy is constantly changing.  Cyberspace is both a medium and a tool.  And as such, it touches on issues as diverse as freedom of speech, national security, nonproliferation, trade and commerce, as well as international norms.  We know we have a committed partner in Israel, and I look forward to taking the next steps forward together to ensure our mutual prosperity, protection, and freedoms as global leaders in cyber security.