Deputy Chief of Mission David Burger’s Remarks for Workshop on Cyber Threats to Financial Institutions

Wednesday, July 21, 2021, 3:30 p.m.

As Delivered

Kalispera sas to our Greek and Cypriot colleagues.  I want to start by thanking my Embassy colleagues and our partners at U.S. Embassy Nicosia for hosting this online workshop to educate Greek and Cypriot public and private sector professionals.  I also want to thank the Greece and Cyprus AmChams and the Overseas Security Advisory Council (OSAC) for helping us to identify invitees from the private sector.

Cybersecurity is a new frontier of challenges to our shared prosperity and collective security.  Critical infrastructure, national defense, and the daily lives of Greek, Cypriot, and American citizens increasingly rely on computer-driven and interconnected information technologies such as the one we’re using today.

Both public and private entities must be proactive in securing their systems in the face of increasingly significant threats.

In 2020, while most of us were focused on protecting ourselves from the global pandemic, cyber criminals went on an internet crime spree.  They were hard at work finding new and better ways to exploit our increasing dependence on technology.  In the United States alone, the FBI believes cyber criminals were responsible for more than $4 billion in losses.

Schemes like ransomware have always caused disruption and financial loss, but today they’ve escalated to a whole new level.  Earlier in the summer, ransomware attacks shut down the Colonial Pipeline, the largest pipeline system for refined oil products in the United States, causing gasoline prices to surge.  An attack on JBS, the second-largest meat producer in the United States, forced the shutdown of nine beef plants, affecting thousands of workers.

Many of the cyber criminals responsible for these attacks are located outside the reach of U.S. and European law enforcement.  According to FBI Director Christopher Wray, the bureau is investigating more than 100 different types of ransomware, and many of them—including the attacks on Colonial Pipeline, JBS meatpacking, Scripps Medical, and others—have been traced back to cyber criminals in Russia.  Greek companies have also been victims of malware attacks originating from Russia.

And while the United States does not now have evidence of Russian government complicity in ransomware, the United States has publicly indicted Russian intelligence officers in numerous hacking malware operations.  These include, but are not limited to, the 2016 U.S. election, the 2017 French election, the 2018 Winter Olympics, billion-dollar attacks in 2018 against FedEx, TNT Express, Maersk Shipping, and American hospitals and pharmaceutical firms, the Ukrainian power grid in 2015, and Georgian media and government in 2018 and 2019.  This state-sponsored hacking to undermine democracy and commerce is both shocking and unacceptable.

Most recently, on 19 July, the United States, EU, UK, and NATO exposed the People’s Republic of China’s malicious cyber activities aimed at undermining American and European economic and national security.  The indictment made public on Monday details a multiyear campaign by the Chinese Ministry of State Security, or MSS, in more than a dozen countries, targeting key sectors including the maritime industry, aviation, defense, education, and healthcare.

MSS hackers tried to steal the Ebola vaccine, trade secrets, and confidential business information. The FBI believes hackers affiliated with the MSS conducted cyber espionage operations by exploiting vulnerabilities in the Microsoft Exchange Server in a massive cyber espionage operation that indiscriminately compromised thousands of computers and networks, mostly belonging to private sector victims.  And since then, America and Europe have engaged in around-the-clock efforts to address these vulnerabilities and strengthen our collective networks.

By exposing PRC and Russian malicious cyber activity, we are empowering system owners and operators to act.  We urge the American and European private sector to take ambitious measures and make cybersecurity investments with the goal of minimizing future incidents.

The United States is committed to the collective security of all NATO member states and to fighting malign influence, disinformation, and complex cyber threats across our transatlantic community.

The global nature of cyberspace necessitates strong international engagement and cooperation through diplomacy and by building the capacity of our foreign partners, which is what we’re trying to do today.

Addressing this problem is going to require everyone’s effort.

Public reporting is and always will be key to our success against cyber threats.  Corporate cooperation is also necessary in helping the FBI and other law enforcement agencies piece together who was behind an attack and in thwarting future attacks.

Cyber threats evolve too quickly and are too widespread for any of us to address them alone – it will take a coalition of governments and public-private partnership to protect each other from these common threats.  We are in this together!

Workshops like this one foster strategic partnerships that promote best practices and a common vision of an open, interoperable, reliable, and secure internet.

We want to ensure people have the tools necessary to protect themselves as much as possible.  We also want to call out bad actors, authoritarian actors like China and Russia who engage in malicious behavior, allowing criminals to operate from within their borders, or both.

To that end, I hope you find today’s information helpful. I would like to thank the FBI again for organizing today’s workshop.

The United States will continue to prioritize cyber security policies as we take our relationships with Greece and Cyprus to new heights.  Efcharisto poli.