Deputy Secretary Bruce Andrews kicked-off the Regional Cybersecurity Summit in Bucharest, Romania by discussing the importance of cybersecurity as the keynote speaker. The event, co-hosted by the Government of Romania and the U.S. Government, gathered businesses and delegates from the Deputy Secretary’s trade mission and public and private sector officials from Central and Southeast Europe to discuss cybersecurity challenges and opportunities in the region.

The Cybersecurity Summit attracted 66 government and company delegates from 11 countries including Albania, Bulgaria, Croatia, Macedonia, Moldova, Montenegro, Serbia, Slovenia, Bosnia, Ukraine, and Czech Republic. At the summit, trade mission participants were given an opportunity to present their technologies to attendees to showcase the advances being made in cybersecurity and how the IT sector can continue supporting businesses and governments against cyber attacks. The summit also included moderated discussions focusing on challenges, best practices, and solutions to cybersecurity issues in the U.S. and Europe.

Remarks as Prepared for Delivery

Good morning. Prime Minister Ponta, thank you for your gracious hospitality in welcoming us to your country. It is a great honor and pleasure to be here to discuss the importance of cybersecurity. All of our countries face serious cybersecurity threats, and the IT sector is a critical partner in confronting these challenges. That is why I am here this week leading a trade mission of 20 U.S. cybersecurity companies.

These firms are all industry leaders – providing cutting edge technologies, products, and services all over the globe. One of the companies I’ve brought here with me is Oracle, the third largest software company in the world. Oracle is no stranger to Romania. The firm saw an opportunity to expand their operations by entering a tech savvy market, and in 1995, they became the first major multinational software company to open an office in Bucharest.

Another company on this trade mission is Cask – which specializes in information and communications technology management services and solutions. Cask chose Budapest, Hungary as the location for its first international office. We also have representatives from CSC with us. For over 50 years, CSC has been providing IT services to companies in any industry and the public sector in over 70 countries – including Bulgaria, Poland, and Romania. All three of these companies are committed to doing business in Central and Southeast Europe. Their presence here today is a testament to your tech savvy, this region’s strategic location, and our shared dedication to combatting both criminal and state-sponsored cyber attacks.

We all know that globalization and advances in technology have driven unprecedented increases in innovation, competitiveness, and economic growth around the world. The digital economy is booming, creating new jobs and opportunities we couldn’t have imagined even a decade ago. The economic platforms of the future are increasingly online – but with this new digital economy comes new threats. The national and economic security of all of our nations depends on the reliable functioning of critical infrastructure, like financial networks, roads, power grids, and water supply systems. And critical infrastructure – like any business or service in the 21^st century – utilizes information technology.

Cybersecurity threats exploit the increased complexity and connectivity of these systems, placing a nation’s security, economy, public safety, and health at risk. In other words, all of us are susceptible to cyber attacks. The U.S. government is concerned about protecting critical infrastructure, not only in the U.S. but around the world and especially among our friends. But the threat isn’t limited to just critical infrastructure. Hackers steal intellectual property and trade secrets. They traffic in stolen credentials and identities. They attack systems to take revenge against perceived slights. And as the attack against Sony shows, they even seek to embarrass companies. Cyber risks are growing – and governments must work with the private sector to develop technological and policy solutions to these serious threats.

Cybersecurity is a top priority for the United States, as noted by President Obama in his State of the Union speech. Earlier this year, our government hosted the first ever White House Summit on Cybersecurity. This event brought together stakeholders from across the country – including industry, technology companies, law enforcement, consumer and privacy advocates, legal experts, and students – to collaborate and explore partnerships that will help develop the best ways to bolster our cybersecurity. Our Congress is currently considering cybersecurity legislation aimed at improving information sharing and addressing data breaches. The Department of Commerce is also working with other federal agencies on the National Initiative for Cybersecurity Education.

This whole-of-government effort brings together industry and academia to raise cybersecurity awareness across the nation, to bring much needed training to the U.S. workforce, and to ensure we have the essential educational programs needed to fill the hundreds of thousands of open cybersecurity jobs in the U.S. today. Yet we know that government initiatives alone are not enough. The traditional model for defending our countries and our citizens is challenged by the borderless nature of cybersecurity threats. We will only be successful in combatting these threats by working together with the private sector.

That’s why President Obama asked the Department of Commerce to convene stakeholders from across industry and the expert community – including many of the companies here with me on this trade mission – to develop a voluntary Cybersecurity Framework.

When the President gave us this task, he knew that the government alone could not possibly keep up with such a rapidly evolving field.

This diversity of IT products and services is good for cybersecurity and good for innovation – but it also means that we had to engage with the private sector in order to develop strategies for managing cyber risks.

Our National Institute of Standards and Technology, or NIST –which is part of the Department of Commerce – reached out to key stakeholders. More than 3,000 people from industry, academia, and government contributed to this effort. They suggested specific issues to address and provided detailed comments on each draft. The final product – which we call the NIST Cybersecurity Framework – provides a common language for any organization to understand, manage, and express cybersecurity risk, both internally and externally. It serves as a bridge between business leaders at all levels, starting with the boardroom and continuing across the supply chain and industries. 

Today, I am proud to say that the Cybersecurity Framework is a resounding success. Although it was originally started for critical infrastructure, it is now being used by a broad range of sectors, and by organizations of all sizes. Early adopters include companies and sectors vital to our nation’s physical and economic infrastructure, including financial services, communications, power, water and wastewater, chemical facilities, and transportation. It’s also being used around the globe. The Japanese have already translated the framework to use in their country. And we’ve met with officials from China, South Korea, Australia, Europe, and others to discuss how we can make the framework approach work for them.

One of the most important characteristics of the Cybersecurity Framework is that it is grounded in international standards, international guidelines, and international best practices. This is especially important – because most sectors today either operate globally or rely on the interconnectedness of the global digital infrastructure. Government laws and regulations that do not reflect these standards can harm cybersecurity, impede interoperability, and hinder innovation. We are seeing a rising wave of digital protectionism and digital nationalism around the world, in which governments enact laws and policies to benefit their domestic industries.

These actions – in the guise of economic and security regulations – will limit economic growth by denying their citizens and businesses access to the best technologies in the world. If we’re going to prevent future cyber attacks, government and industry must work together to evolve and meet our shared challenges.

This is what this week’s Summit is ultimately about an opportunity for our governments to get on the same page; an opportunity to learn from each other; an opportunity to forge new business partnerships; and an opportunity to meet face to face with some of the best tech companies in the world. Together, we must find ways to protect the growing digital economy and our nations’ critical infrastructure without stifling innovation. I know this type of collaboration is possible – because  we’re already doing it.

Tomorrow, I will join representatives from the Romanian government to celebrate the opening of a Cybersecurity Innovation Center here in Bucharest. This public-private partnership will support personnel training, testing of new technologies, simulations of cyber attacks, and brainstorming among company executives, government officials, and NGO experts. Funded in part by the U.S. Trade and Development Agency and Fidelis Cybersecurity, this new center will illustrate how governments and industry can effectively work together to prevent and combat cyber attacks.

My hope is that we will see more of this kind of collaboration as a result of this Summit – because the most effective way to combat growing threats to our cyber space is through a strong partnership between industry, government, and civil society. Working together on cybersecurity is a win-win scenario that will make us more resilient to cyber attacks, foster closer ties between our nations and our peoples, create high skill, high wage jobs, and bolster  and protect economic prosperity.

With an increasing number of cybersecurity attacks across Europe and around the world, the time is now to find the technological and policy solutions needed to protect and recover from future threats. The fact is, the digital world is embedded in our governments, in our businesses, and in our daily lives. The number of devices connected to the Internet is expected to triple between now and 2020, to over 50 billion devices. The benefits to society and our economies are potentially enormous, but this also means that number of targets for hackers is only getting larger.

It is up to all of us –from across industry, academia, and government – to work together to combat cyber threats. I look forward to hearing from all of you today about the challenges you face and the opportunities for collaboration you see in the critical field of cybersecurity.

Thank you.