(As prepared for delivery)
U.S. Ambassador Richard Verma’s Remarks
ASSOCHAM’s 7th Annual Summit on Cyber and Network Security
Wednesday, August 26, 2015
Ashok Hotel, New Delhi
Good morning and thanks for the generous introduction. I’m delighted to be here and thank ASSOCHAM for the chance to speak to you on this important topic. Of course, the Internet today is part of just about everything we do. This digital age has opened countless windows of opportunity, to the great benefit of the U.S. and India. Both our societies and our economies have been enriched by the many advantages of greater connectivity; and I know this first hand, since I continue to marvel and how instantly connected I have felt to Indians of all ages since I have started my Twitter account. In fact just two weeks ago I visited Twitter’s India headquarters and took part in an online chat with a number of tech savvy Indians.
When we talk about digital technology, it is natural to think about potential risks, but it is the possibilities that should motivate us. From the campuses of Silicon Valley to the tech parks of Bangalore, our countries have emerged as leaders in the field of IT development. The Indian diaspora has played a particularly large role. Just two weeks ago Sundar Pichai, a native of Chennai, was named CEO of Google, one of America’s tech giants. He is one of countless similar examples. Indeed, when Prime Minister Modi visits California next month, he will be welcomed by a vibrant Indian-American community which, over the last two decades, has helped to transform the high-technology sector.
Similarly, here in India, technology has been integral in powering economic growth, whether it be through e-commerce, IT services, or product development. The Prime Minister’s “Digital India” initiative highlights India’s commitment to enhancing digital capacity, across a variety of sectors, bridging the divide between urban and rural communities. Secretary John Kerry also recently launched a new initiative to increase internet connectivity, in partnership with government, development banks, engineers, and industry leaders. I applaud these efforts, as broadening the reach of the Internet is a powerful way to promote global development. Every time a country increases its internet penetration by ten percent, its total economic growth can expand by up to two percent.
The Internet is part of the critical infrastructure that we have come to depend on. We use it in so many ways – as a communication tool, a marketplace, a forum for expressing new ideas. Digital technology promotes transparency and helps to hold governments accountable. It is a means to fight against repression, and protect human dignity. Yet we must ensure that cybersecurity tools are not inappropriately used to undermine these important benefits.
But, as transformative as the Internet is, there are risks. And the more reliant we become on the Internet, the greater those risks become. This means we need sound policies to protect this essential resource, as it is vital to advancing human progress in the 21st century. Therefore, promoting an open, secure, and reliable Internet is a key component of our economic policy.
Protecting the Internet cannot be the task of just one country, however, and requires cooperation between government, industry, academia, and every user. It is a shared resource, and thus its stewardship is a shared responsibility. The Internet has flourished because of the bottom-up, consensus-based process that allows multiple stakeholders to participate in its governance.
Likewise, all stakeholders have a critical role in cybersecurity and cybercrime as well. The multi-stakeholder approach reaches beyond government and includes the private sector, civil society, academic institutions, and all internet users. Multi-stakeholder Internet governance has served us well thus far, and it is critical to broaden this approach to other areas of cyber policy because all institutions and users share a responsibility to keep the internet operating in a safe, secure, and reliable manner.
To that end, India’s recent decision to support the multi-stakeholder approach to internet governance is not only a win for India’s people, but an example of India’s ever-expanding role as a democratic world leader. We look forward to working closely with India and other partners to preserve the multi-stakeholder model, wherever it is challenged.
Of course, there are other, serious threats to the internet. As recent headlines have shown, cyber-attacks are a real and persistent concern. Internet misconduct has resulted in billions of dollars in economic damage. Criminal networks misuse the Internet to steal information and profit at the expense of private citizens, businesses, and governments. Extremist groups see it as a means to disseminate violent extremist propaganda and mislead youth into joining their causes. It is in our shared interest to seek collaborative solutions to these challenges.
We believe that the best defense is to promote what we call “international cyber stability.” This means we are seeking broad consensus on what constitutes responsible behavior in cyberspace. Our goal is to create a climate in which people everywhere are able to enjoy the benefits of the digital world. There is general consensus that the basic rules of international law apply in cyberspace, but there are a number of additional principles that should underpin countries’ behavior in cyberspace.
First, we posit that no country should support or conduct online activity that intentionally damages or impedes another country’s use.
Second, no country should seek to prevent emergency teams from responding to a security breach, or allow its own teams to cause harm.
Third, no country should engage in cyber-enabled theft of intellectual property, trade secrets, or other confidential information for commercial gain.
Fourth, every country should confront malicious cyber activity emanating from its soil. This includes the activities of extremist groups who seek to engage in criminal and terrorist behavior.
And finally, every country should do what it can to help states that are the victims of a cyber-attack.
Agreeing to and abiding by these principles would move us a long way towards ensuring a more secure cyberspace. In order to get there, however, we must work to improve our own and our partners’ capacity to protect against cyber threats. This includes a preventative component – through strong legal frameworks and improved training. It also means enhancing our capability to respond to threats, by improving the resiliency of our networks, and strengthening the relationships between our law enforcement communities.
Perhaps the greatest protection against such threats is the regular and substantive sharing of information on cyber threats, and stronger coordination in response to cyber-attacks and cybercrime. This is an area in which the United States and India continue to partner. We recently provided information on a high-profile hacking group operating from India, enabling our two countries to take concerted action against its threat. We are also engaged in efforts to improve the process through which other countries can obtain bank records and other forms of electronic evidence from the United States, for use in legal proceedings against illicit actors. We should continue to build information-sharing mechanisms through law enforcement and intelligence channels, as well as within our private sector, as the bulk of our networks lie outside of public and government control. We must also continue to work through differences in our legal systems that can sometimes slow the sharing of information used during criminal investigations. Given the risks involved, these are worthwhile efforts.
Just two weeks ago, our governments participated in the U.S.-India Cyber dialogue. The United States and India held open and constructive conversations about substantive measures to increase cyber cooperation, ranging from coordinating on internet governance issues, deepening our existing cyber security collaboration, streamlining the exchange of information related to cybercrime, and U.S. support for India’s ambitious but essential cybersecurity skills development initiative. These, and other common objectives, highlight the criticality of the U.S.-India relationship, leverage the inseparable ties of our IT communities, and emphasize yet another example of our joint efforts to safeguard critical infrastructure and national security.
Our populations are among the most interconnected on the planet, which is in part a reflection of our shared values. The Internet is an unparalleled platform where voices from every corner of the globe can contribute to political, economic, and social discourse. Discussions on how to manage cyberspace can be difficult, because they touch on the core of our democratic values, including ethics, the role of government in society, and economic liberty. But if we commit ourselves to protecting internet freedom, the digital revolution will continue to power the opportunities our societies cherish most – by helping to strengthen governments, make us safer, boost economic growth, and promote free expression. And those are goals worth fighting for.