Secretary Mayorkas delivered the following remarks in his keynote address to the Western Hemisphere Cyber Conference in Washington, DC.
Good morning to all of you – buenos dias – and thank you very much for joining us for this conference. I see many friends in the room. It is an honor to welcome you to Day Two of our Western Hemisphere Cyber Conference. I add my voice to the many who have welcomed you to Washington, and to the United States. Thank you very much to the Organization of American States for hosting us here these last two days, and to my wonderful colleague, Iranga Kahangama, our Assistant Secretary for Cyber Policy, for his kind introduction and also for making this conference hard possible.
During our country’s formative years, at the end of the 18th century, one of our foremost thinkers and founding fathers, Benjamin Franklin, wrote a letter to the Governor of Pennsylvania advising him that, “those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety.” From our founding, we have structured our government around that sentiment – grounding every decision in our essential values, never missing the forest for the trees.
Today, our region and our world are in another such formative period.
The cyber landscape – which powers our individual countries and connects our countries to each other at unprecedented speeds and at an unprecedented scale – grows by the year more and more essential to our economic and social vitality. Critical governmental and economic functions are moving from the physical world to the digital realm; providing every constituent with reliable, safe internet access is increasingly a governmental obligation.
Like the United States was in the late 18th century, we are all now often faced with a choice between our values and our expediency. Rapid technological advancement, unsurprisingly and understandably, has put pressure on governments across the world to, just as rapidly, make the necessary upgrades, invest in the necessary security measures, and build the necessary infrastructure.
It is critical that all of our governments not do so at the expense of common, core human values like freedom and privacy. It is critical that we not give up essential liberty to purchase a little temporary safety.
I am referring, of course, to the People’s Republic of China.
Since the PRC launched their Belt and Road Initiative, or BRI, in 2013, and their Digital Silk Road Initiative in 2015, dozens of countries have been offered new physical, digital, and security upgrades, at too-good-to-be-true prices. These countries have paid for their new infrastructure with their data, their privacy, and their long-term security.
An instructive example can be seen in Malaysia. In 2017, the Malaysian government broke ground on a major railway, backed by a BRI loan. National elections the following year, however, brought a new administration to power in Malaysia – an administration that quickly suspended the railway project over pricing and security concerns.
They were too late. The PRC retaliated days later, according to leading cybersecurity researchers, by unleashing targeted malware attacks against Malaysian government networks, attacks made all the more devastating by the unfettered access to those networks the PRC’s partnership with Malaysia afforded. The PRC was able to collect intelligence, steal sensitive information, and ultimately, hold Malaysia hostage until the government agreed to resume the railway project.
The years ahead will bring similar inflection points for nearly every country in our region. A choice between speed and sovereignty. A choice between vulnerability and security. A choice between up-front affordability, and the cost of rebuilding after a devastating cyber-attack made possible by high-risk hardware and software.
I recognize that I am reminding you of this reality from a privileged position. The United States does not seek to force your hand. Each of your governments must decide which choice best delivers what your countries need; which choice affords you with the most trust in your critical cyber infrastructure; and which choice comes with strings attached.
What I can tell you is that a threat to a port or communications network anywhere in our region is a threat to our entire region, that a cyberattack will be repeated so long as vulnerabilities remain exploitable, and that threat actors prey on secrecy and the siloing of information. And so I can tell you that the United States is eager to work with each of you to invest in, build, and harden your cyber infrastructure – creatively, quickly, and securely – and that the larger our coalition, the more creative, quick, and secure our work will be.
Our recent $25 million grant to bolster Costa Rica’s cybersecurity training operations and long-term capacity building in the wake of devastating ransomware attacks is one example of what that support looks like and what it can look like. Our work helped safeguard the rights, liberties, and privacy of the Costa Rican people, and our partnership has allowed critical government operations to function unimpeded.
We are eager to bring those same resources, along with the ingenuity and intelligence-sharing that we have already brought to our partners across Europe and the Pacific, to every corner of the Western Hemisphere – our Hemisphere.
As with any effective partnership, this one must be built on a foundation of trust. That foundation will not be built overnight. Trust must be earned. It is our hope that convenings like this one that we have enjoyed over these past two days will help lay such a foundation.
We are very grateful that you are all here, and we are eager to get to work building the secure, resilient, sustainable, and free future all our countries deserve and to which we all aspire. Thank you for lending your time, expertise, and experience in service of that ideal, as partners and as friends.