I am very happy to be here at Woods Hole this evening. I want to thank Susan Morse who has been a friend for 45 years for suggesting it and Nancy Bridges for making the arrangements.
Statement of Christopher Porter
Nonresident Senior Fellow, Cyber Statecraft Initiative, Atlantic Council
Chief Intelligence Strategist, Fireeye, Inc.
Committee on House Homeland Security
Subcommittee on Cybersecurity and Infrastructure Protection
Subcommittee on Transportation and Protective Security
September 6, 2018
Thank you Chairman Ratcliffe, Ranking Member Richmond, Chairman
Katko, and Ranking Member Coleman for convening this joint
hearing today. We appreciate the opportunity to share FireEye`s
perspective on threats to the aviation sector and provide an
overview of how the private sector is helping to secure the
My name is Christopher Porter, and I`m the Chief Intelligence
Strategist for cybersecurity company FireEye and a Nonresident
Senior Fellow at the Atlantic Council. At FireEye I manage our
``Intelligence for Executives`` program for senior corporate and
government clients across the globe. Our strategic intelligence
products reach more than 4,000 customers in 67 countries. Prior
to joining FireEye in 2016, I served for nearly nine years at the
Central Intelligence Agency, including an assignment as the cyber
threat intelligence briefer to White House National Security
Council staff, several years in counterterrorism operations, and
In addition to the 300-plus security professionals responding to
computer intrusions, FireEye has over 200 cyber-threat analysts
on staff in 18 countries, speaking 30 different languages, to
help us predict threats and better understand the adversary -
often by considering the political and cultural environment of
the threat actors. We have an enormous catalog of threat
intelligence, and it continues to grow everyday alongside the
continually increasing attacks on organizations around the world.
FireEye is supporting the aviation sector here at home. We`re
protecting the Transportation Security Administration with both
email and web inspection, managed by the Department of Homeland
Security`s Enterprise Security Operations Center. As TSA
continues to stand up its intelligence capabilities, we are
providing support through their subscription to our intelligence
The Federal Aviation Administration also makes great use of our
intelligence reporting and they`re using our malware analysis
tool to help prevent and detect future cyber attacks. I want to
share with you today FireEye`s perspective responding to breaches
in the aviation sector and from the intelligence we have
collected on what might be coming next.
I am sure it will come as no surprise to you that the aviation
sector is one of the most targeted for cyberattack. Safe,
reliable air transport is vital for everything from national
defense to global commerce to personal freedom. Malicious actors
seeking to undermine America`s strength in aviation through
cyberattacks and theft include foreign governments, terrorists,
organized crime, and other non-state actors.
I want to start by discussing the most common cyber threat facing
the aviation industry: cyberespionage. Foreign governments
routinely seek to steal industrial secrets from manufacturers,
researchers, designers, and operators of both military aircraft
and cutting edge civilian planes. China, Russia, and more
recently Iran have all targeted the U.S. or its close allies for
theft of aviation secrets via computer network operations.
All three countries also routinely target ticketing and traveler
data, shipping schedules and manifests, and partner industries
such as railways and hotels as they gather counterintelligence
data on suspicious travelers and intelligence on VIPs they wish
There are two aspects of cyberespionage targeting the aviation
sector overall that I want to emphasize: first, that because of
its pervasive nature, the best defense against cyberespionage is
rapid, detailed information sharing with context. Our company
pushes alerts to customers in real-time, and industry groups
share information between peers because, as we have learned, a
threat to one is often a threat to all. The US Government also
shares threat information, although it is generally classified
and available only to cleared vendors; there is room for
improvement in government information sharing with uncleared
industry partners. Most importantly, the timeliness of
information within industry and between the private sector and US
Government must improve. In my line of work, if we can`t provide
context and additional information in 24-48 hours of an attack,
we have not met customer expectations.
The second thing to know about cyberespionage though is that,
because it is routine, it should not be viewed as destabilizing.
Media reporting on cyber incidents is often focused on the worst-
case scenario in ways that are sometimes unjustified and
needlessly alarm the public or inflame opinion against a foreign
adversary. Every major cyber power, including the United States,
has an interest in knowing about the potential defense technology
developments of both its friends and potential threats, and the
US aviation sector is not unique in being targeted in this way.
When cyberespionage operators get a foothold on a system, they
can often use that access for stealing information or to launch a
disabling or destructive attack using the same technology. But
they rarely choose to do so, and in the US there are significant
redundancies in place to ensure safety. A crashed IT system does
not mean a crashed plane, and it`s important for the public to
keep that in mind.
So while cyberespionage on its own does not pose an urgent threat
to life, I am concerned that continued theft of trade secrets
poses a long-term threat to American economic health.
Aviation is one of our nation`s leading export industries, and
China in particular is harnessing all aspects of national power
to displace the U.S. as a military and economic power in Asia and
worldwide. Chinese theft of U.S. intellectual property for
commercial purposes has almost entirely dropped off since a
September 2015 agreement between President Xi of China and
President Obama, but because aviation research and development is
so closely tied to national defense this particular sector of the
American economy never stopped being targeted.
Chinese hackers pursue fewer targets in the United States than
they did before the Xi-Obama Agreement, but they have just as
many hackers who are more skilled and better resourced than ever,
meaning that industries that do continue to be threatened face a
greater threat than ever before that technologies the U.S. spends
billions developing will be stolen and adopted by economic
competitors and military rivals in China.
Cybercriminals likewise pose an economic threat to the aviation
sector and its customers. For years we have seen airlines and
third-party ticket sellers exploited so that illicit tickets
could be resold for profit in underground fora. Because airlines
are trusted by their customers with a wide variety of sensitive
personal data, they are also frequently targeted by
cybercriminals looking to gather data to enable other types of
fraud. In the last two years, our devices have detected a sharp
increase in the use of ransomware to temporarily disable airline
ticketing and support operations air travel is a time-sensitive
business, and cybercriminals know that they can extort quick
payment from airlines that are unable to move passengers until
their systems are decrypted.
Finally, in addition to threats to the aviation sector`s
proprietary information, customer records, and systems that
support flight operations, there are cyber threats intended to
use aviation`s prominent place in our lives as a means of
creating psychological damage or political pressure. Airports in
Europe, the Middle East, Southeast Asia, and here at home have
had their websites defaced or disrupted, mostly by non-state
actors seeking to draw attention to a particular political cause.
The primary victim in these situations are members of the public
who may wrongly fear that a loved one is at risk or grow in their
distrust of flying, even though the affected systems may be
public-relations focused and support no flight operations at all.
The fear these operations cause is particularly pronounced when
those outages are caused by groups affiliated with terrorists. In
other cases, these virtual sit-ins that affect a company`s
website have, in limited cases, delayed takeoffs for airlines
that also relied on those computers to make or distribute flight
plans, though even these attacks did not have a direct effect on
It is important that officials and airlines representatives
communicating with the public during such events differentiate
between taking down systems that cause inconvenience from those
that directly support flight operations and passenger safety.
Thank you again for the opportunity to participate in today`s
discussion. And thank you for your leadership improving
cybersecurity in the aviation sector. I look forward to working
with you to strengthen the partnership between the public and
private sectors and to share best practices to thwart future
cyber attacks. I`m happy to answer any questions from the
The Commission on Security and Cooperation in Europe
U.S. Helsinki Commission
Damon M. Wilson
Executive Vice President
Location: Dirksen Senate Office Building, Room 124
Time: 11:00 A.M.
Date: Tuesday, July 17, 2018
View the full testimony here
WILSON: Chairman Wicker, Co-Chairman Smith, Ranking Member Cardin, Ranking Member Hastings, and distinguished Commissioners:
On April 3, 2008, at NATO’s Bucharest Summit, just over 10 years ago, the consensus among allies on how to build a Europe whole and free fell apart. I was serving as Senior Director for European Affairs at the National Security Council at the time, and had a front row seat for what turned out to be a summit nearly as unscripted as the one we just witnessed in Brussels.
In Bucharest, NATO leaders failed to agree to offer Membership Action Plans (MAP) to Georgia and Ukraine to help them prepare to become allies. Rather, in the wake of inconclusive diplomacy to reach an agreement, particularly between Washington and Berlin, Central European leaders stepped into the breach, to push NATO to agree that Georgia and Ukraine, “will become members of NATO.” Seemingly, leaders decided that NATO membership for Georgia and Ukraine would be a question of when, not whether.
Yet, today, ten years on from Bucharest and the subsequent Russian invasions of Georgia and Ukraine, we run the risk of our rhetoric not keeping pace with reality. We have agreed a vision, but we do not now have a strategy to get there. As a consequence, many allies have lost faith in the vison and we run the risk of accepting an unstable grey zone of insecurity in Europe’s East.
This is in part because Russia under Vladimir Putin has evolved from embracing the possibility of partnership with the West to advancing a reality of confrontation with NATO, the United States, and especially Russia’s neighbors.
In the wake of the Bucharest summit, recognizing the potential vulnerability of Georgia and Ukraine, US diplomacy went into overdrive. We launched the US-Georgia and US-Ukraine Charters on Strategic Partnership to bolster bilateral ties. Secretary of State Condoleezza Rice led an effort to intensify the moribund diplomatic talks on Russia’s occupied territories and visited Tbilisi to advance diplomacy and caution against conflict. Yet Russia continued to pursue a dual policy of “creeping annexation” – that is, taking steps that tightened its grip on the territories of Abkhazia and the Tskhinvali region of South Ossetia – even as it obfuscated and undermined the diplomatic tracks intended to seek compromise and resolution.
We felt the full consequences in August 2008 as Russian forces attacked and then invaded Georgia, coming within mere miles of Tbilisi.
The Bucharest Summit and this subsequent invasion ended our strategy of advancing a Europe whole and free. This vision had proven wildly successful ever since President George W. Bush’s 1989 address in Mainz, Germany laying out this concept. Our success rested on three mutually-reinforcing pillars:
· Building a strategic partnership with Russia, first through the Permanent Joint Council and then the NATO-Russia Council;
· Enabling former adversaries to become allies through NATO enlargement, with four successive post-Cold War rounds; and
· Facilitating a deepening of European integration as the European Community became the European Union, adopted the Euro, and followed NATO with its own enlargement.
These advances happened in a parallel, cyclical fashion. Each step making the next step viable. It was at Bucharest and the subsequent invasion of Georgia when Putin acted to disrupt this process. Indeed, as early as February 2007 at the Munich Security Conference, Putin stunned Western audiences by speaking clearly about his rejection of the order in Europe and began to reposition the West as an adversary of Russia. His resolve to oppose the West weakened the resolve of the Alliance to advance the West at Bucharest.
Since 2008, we have witnessed a revanchist Kremlin, intent on undoing the gains of the post-Cold War period, reshaping the international order that allowed Europe to remain peaceful and prosperous, and ensuring the domination of its neighbors.
The strategic environment has now changed dramatically and sufficiently that our approach to Georgia and Ukraine should change as well.
The first significant shift among allies is that they all now recognize the challenge posed by a revanchist Russia. The annexation of Crimea, the invasion of eastern Ukraine, and the continued fighting has driven home among all our allies the nature of the threat that European security and the international order faces if left unchecked. This is why last week’s NATO summit continued to adopt strong defense and deterrence measures.
This new understanding opens the way for the Alliance to adopt a new approach to Europe’s East to correct the mistakes of Bucharest and to ensure that we have a strategy so that our rhetoric becomes reality.
This process has already begun. At the just-concluded NATO Summit, allied leaders invited the government in Skopje to begin accession negotiations, paving the way for the Republic of North Macedonia to become NATO’s 30th member upon finalizing the name deal between Skopje and Athens. It was in Bucharest where NATO failed to extend this invitation, opening a decade of stagnation that led to a crisis in the Western Balkan nation. Last week’s decision, overcomes that failure.
We can do the same with Georgia and eventually Ukraine.
We witnessed in this Brussels Summit that despite transatlantic tensions and division, there was consensus on enlargement. This is significant because this consensus allowed NATO to meet the Bucharest commitment to extend an invitation as soon as Athens and Skopje reached a deal on the name issue. This decision also ensures we will eliminate any security vacuum in the Western Balkans.
We witnessed what a decade of indecision produced in the Western Balkans: democratic erosion and economic stagnation within the country, combined with stepped-up Russian influence.
Enlargement is a stabilizing factor. Enlargement advances US interests as it welcomes nations to our alliance which are willing to assume the responsibility of becoming an ally, while also ensuring that the new ally is immunized from Russia’s efforts to destabilize it.
We have witnessed the same formula in the Baltic states. Once considered too controversial to consider as NATO members, enlargement brought stability and security to the nations, giving them confidence to develop predictable, normal relations with Russia. While the region is tense today given Russia’s aggressive intimidation tactics, imagine what Northeast Europe would look like if the Baltic states were not in NATO. Our crisis in Europe’s East would not be confined to Ukraine’s East.
This logic applies to Georgia today.
The Russia-pedaled paradigm that enlargement is provocative is wrong. Leaving nations, whose people aspire to join the alliance, in limbo over time is provocative as it tempts Russia to extend its influence – its sphere of influence – either through sowing chaos to ensure weak states or occupation and domination to ensure obedient neighbors.
As history has shown, this Russian strategy is not a recipe for stability, but for perpetual instability and potential conflict. Even the most cynical grand bargain consigning Georgia and Ukraine to Russia’s sphere of influence would not be durable as it denies the aspirations and agency of the people of the nations themselves. They have a say in their future. Witness the Rose Revolution and subsequent democratic transitions in Georgia. Witness the Maidan and continued resistance to occupation in the east.
It is easy to argue that we are in a period of tension with Putin’s Russia today, so why make things worse by considering enlargement to Georgia and eventually Ukraine?
To put today’s dilemma facing us in perspective consider the 1950s. Europe was only beginning to recover from the devastation of World War II. Greece was emerging from a brutal civil war that ended in 1949. Turkey remained weak and vulnerable to Soviet probing as Joseph Stalin sought more reliable access to the Mediterranean. Indeed, Russia sought to topple the government in Ankara during the Turkish Straits Crisis. Furthermore, these two nations – much like France and Germany in Western Europe – had been historic adversaries in Southeast Europe.
Furthermore, the Truman administration was facing a world in which the Soviets had attained the atomic bomb, the West was witnessing a Soviet advance in Europe and globally, and war was waging on the Korean peninsula. Yet President Truman stepped in decisively – first bilaterally and then through NATO – to anchor Greece and Turkey together in the West. Rapidly, US diplomacy overcame an obvious flashpoint and anchored a region bordering the Soviet Union in NATO. Imagine what would have happened in this region during the Cold War without Greece and Turkey as allies.
Jump forward to today. It is the absence of security for Georgia and Ukraine that has tempted Russia to occupy and annex their territory. Russia aims to keep these neighbors at best in a permanent grey zone, and at worst under its domination.
Article 10 of the Washington Treaty makes clear that allies by unanimous agreement may invite any European state “in a position to further the principles of this Treaty and to contribute to the security of the North Atlantic area.”
Georgians and Ukrainians have done more than most to fight to defend the principles of the Alliance. They are also prepared to be serious contributors. Both spend well over 2 percent of their GDP on defense. Georgia is among the most significant troop contributors to NATO and other international missions. Ukraine has the most battled-tested forces of any European nation. And both are already acting as allies, joining NATO and the European Union on major policy decisions.
Yet NATO has handcuffed itself by abiding by the principles developed in its 1995 Study on Enlargement and its adoption of the MAP process in 1999. The study on enlargement sets expectations that nations aspiring to membership will resolve any territorial disputes before entering the alliance. Allies adopted the MAP process to help nations take the practical steps to better prepare to become members.
NATO needs to reexamine these policies. These policies were crafted in different – that is, benign – geopolitical circumstances. They made great sense then. Today, however, NATO’s own policies only incentivize Russia to hold on to occupied territories as long-term insurance to prevent NATO or for that matter EU enlargement.
Similarly, in today’s environment, MAP only serves to signal to Russia that the Alliance is getting more serious about membership, without yet being serious about membership. A MAP decision in many respects begins a countdown clock which may put pressure on Moscow to act to disrupt the neighbor’s accession process before it accedes, much like we witnessed in Montenegro with the October 2016 Russian-backed attempted coup in the run-up to its accession to NATO.
To avoid this dynamic, NATO needs to reexamine and update its Open Door policy for today’s new circumstances. Doing so should be coupled with NATO efforts to maintain dialogue with Russia and to provide and seek greater transparency.
Allies should make clear that their commitment that there is no third-party veto over enlargement decision means that Russian occupation will not serve as an obstacle to membership. Allies should also recognize that a Membership Action Plan is not a requirement for membership. Rather instruments like the NATO-Georgia Commission and its Annual National Plans provide even more rigor in helping Georgia prepare. Indeed, NATO Secretary General Jens Stoltenberg said in December 2016, “Georgia has all the practical tools to become a member of NATO.”
Yes, this is tricky, but it is doable. Historians of NATO know well the debates on how, when, and where NATO’s security guarantee in Article 5 would apply – an attack on one will be considered as an attack on all. In 1955, West Germany became part of NATO without the Germans relinquishing their commitment to eventual unification. France argued successfully for Article 5 to include Algeria, a decision the North Atlantic Council had to later reverse. Belgium argued unsuccessfully to apply the treaty to its holdings in the Belgian Congo. Today, Spain governs territory on mainland Africa, the cities of Ceuta and Melilla in Morocco, but there is no expectation that this territory is part of the Alliance’s defense plans.
In the case of Georgia and eventually Ukraine, the North Atlantic Council can make clear that the Washington Treaty does not apply to the occupied territories, but without relinquishing Allied commitment to the nations’ territorial integrity and without Tbilisi or Kyiv giving up their claims of sovereignty.
There is a benefit to acting decisively. Such a strategy can only advance with American leadership. Much like the Truman administration, a serious US bilateral commitment to Greece and Turkey assured the other allies of our commitment and made the NATO decision, while a momentous one, not a controversial one.
Today, Europe finds itself again at the center of global geological competition. The circumstances require that we not be ambivalent. Deterrence is about the psychology and the perception of your adversary, as much as about military capabilities and plans. The premise of our defense of the Baltic states is deterrence, backed up by planning and now some modest forces. The same can apply for Georgia.
The post-World War II formula for US strategy in Europe was that NATO security guarantees would allow for stronger political cooperation among former adversaries and provide a framework of confidence for economic growth and integration. That formula worked dramatically well, and it remains valid.
My ideas seem counterintuitive at a time of transatlantic divisions and heightened tension with Russia. Yet a big transatlantic project could help anchor the alliance. This strategy would also anchor Turkey more firmly within the West. It would provide Russia a more predictable set of neighbors. It would remove grey zones that tempt a revanchist Kremlin. Precisely because of geopolitical tension, the elimination of grey zones of insecurity can help ensure durable peace in Europe’s East.
At the Atlantic Council, we believe that we must work alongside our allies and partners to secure the future while recognizing our failure – witness Ukraine, witness Syria – will open the door to less benevolent forces or violent chaos.
This maxim applies more than ever today in how to think about Georgia and its future relationship with NATO.
Permitting these nations’ aspirations to be held hostage by Russian occupation and intimidation is a recipe for instability and conflict in Europe. We cannot allow these nations, known as captive nations for much of the 20th century, to become known as hostage nations in the 21st century. Rather, we should recognize that they stand on the frontline of freedom and anchor them within our NATO alliance to ensure peace in Europe’s East.
"A Conversation with Katrin Jakobsdottir"