Defence Secretary's speech at the second RUSI Cyber Symposium
Speech by Michael Fallon, Secretary of State for Defence.
Introduction
I’m delighted to see so many international guests here…over 30 nations …from every corner of the globe.
I doubt… even 5 years ago… this type of event would have drawn such an impressive cast list.
It reflects the growing importance of cyber to our world.
Evolution of technology
You can’t come to RUSI
…our oldest defence think tank
…without a nod to our history.
100 years ago in the skies above the Somme
…the world witnessed the first major demonstration
…of the awesome power of the aeroplane
…new technologies
…offering combatants
…unparalleled reach
…unprecedented speed
…and destructive power unconstrained by borders or boundaries.
Airpower was the transformative technology of the 20th century warfare.
We’re here today to discuss its 21st century successor.
Cyber power.
Cyber power: benefits and dangers
The information age has brought huge benefits
…it’s opened up our world
…changing the way we bank
…book our holidays
…order our social life.
But the more reliant we are on electronic networks
…the more vulnerable we are to cyber attack.
Our cyber adversaries
…can target us anywhere on the planet
…not only stealing our information
…but exploiting, coercing or gaining psychological advantage over us
…but potentially dealing a sucker punch to our systems
…potentially disrupting our armaments or our energy supplies
…even our governmental systems
What gives cyber its added potency, is its availability.
Anyone with a laptop
…and a clever bit of open-source, encrypted software
…can now do us harm.
And any threat we face
…state sponsored aggression
…global terror
…attacks on elections…electoral machinery…media… and other key features of democracy
… lone wolf attacks
…any of these
…can have a cyber-dimension.
What’s more…these threats are growing.
Last year GCHQ here detected twice as many national security level cyber incidents, 200 per month, as the year before.
We know hostile actors are already developing and deploying advanced capabilities.
We’ve seen non-state actors like Daesh using social media to radicalise their followers.
And we’ve watched cyber criminals leaving a trail of destruction in their wake.
It’s not only the Yahoo hack…where data was stolen from 500 million people
…in the biggest publicly disclosed cyber-breach in history.
It’s the fact that …90% of large organisations reported last year they had suffered some form of a security breach.
The average cost of the most severe online security breaches for bigger companies starts at almost £1.5 million …doubled in a year
…up £600,000 in 2014.
Virtual threats have physical consequences.
It’s only a matter of time…in our view… before we have to deal with a major attack on British interests. That’s why, in last year’s SDSR, cyber was listed as a Tier One threat …up there with terrorism or a major natural hazard.
But you’ve not been here for the scare but to protect yourselves
How?
By learning 3 important lessons from the age of airpower.
1. Innovation
First, we must innovate.
100 years ago the first pilots on the Somme were flying wooden and canvass aircraft.
Now we’re building fifth generation lightning strike fighters.
Britain is already a world leader in cyber security.
But we can’t afford any complacency.
That’s why HMG is investing some £1.9 billion across government, almost doubling investment, to protect the UK from attack, to keep ahead of the curve.
We’re already seeing that investment bearing fruit.
Earlier this year, I announced the development of a new Cyber Security Operation Centre at the MOD…bringing together our defensive cyber activity to safeguard our military networks and systems against cyber threats.
This month we launched the new National Cyber Security Centre in Victoria… whose headquarters will be a stone’s throw from us here in Church House.
That centre is uniting Britain’s brightest brains from across Whitehall and across the private sector to defend Britain’s cyber infrastructure.
Today, I can announce we’re investing a further £265 million funding in a pioneering approach to root out cyber vulnerabilities within our military platforms and wider cyber dependent systems.
Funding that will help protect existing platforms and new platforms such as the new Queen Elizabeth Class.
The UK is a world leader in cyber security, and we recognise that cyber risk is one of the greatest threats we face in the modern world.
It is crucial that we innovate and stay ahead of this ever changing danger.
By investing in this programme we’re helping ensure the UK is fully protected.
But, this isn’t just be about defence as, as our US colleagues would say.
Offensive cyber
It must be about offense. It is important that our adversaries know there is a price to pay if they use cyber weapons against us, and that we have the capability to project power in cyberspace as in other domains.
We must exploit the opportunities that cyber presents to deliver military effects. The government announced a year ago that we are developing capability through the National Offensive Cyber Programme, in which the MOD and GCHQ are close partners.
We also said in the SDSR that our commitment to invest 2% of GDP in defence would help ensure that our armed forces will increasingly be able to operate as effectively in cyberspace as they do by land, sea or air.
Since then, we have begun to integrate Offensive Cyber into our military planning alongside the full range of military effects.
We will continue to develop and exploit cyber’s potential to complement and enhance our conventional military capabilities and assets.
2. Skills
This brings me to my second point
We can’t operate or develop the right capabilities without the right skills.
Over the past 100 years
…the UK has relied on brilliant aviation pioneers like Sir Thomas Sopwith, RJ Mitchell and Frank Whittle to reach for the skies.
We want to match now that conveyor belt of talent in cyberspace.
We’re not just looking for people with IT expertise.
From Vietnam through to Afghanistan and Iraq.
…we’ve learnt perception is nine-tenths of the war.
Today hostile actors and agents see cyber as a way of controlling the narrative.
We need to work harder at combating their lies with faster truth.
That’s why we’ve set up 77 Brigade and 1st Reconnaissance Brigade.
…learning new ways to improve information flows
…influence capabilities
…counter hybrid warfare techniques
…and improve battlefield intelligence.
The pioneering techniques of our cyber soldiers will influence our whole armed forces.
We’re also giving thought to the next generation of online warriors.
To continue recruiting the best people, we’ve created a bespoke test to identify military personnel with an aptitude for cyber work.
The Defence Cyber Aptitude Test assesses an individual’s cognitive abilities through a number of advanced challenges.
We’re currently rolling the test out now in our technical training programmes.
In the meantime, we’re making sure all our staff have a cyber schooling by establishing a new Defence Cyber School…based at our Academy in Shrivenham.
3. Partnerships
My final point is this
… just as NATO Allies work together to secure Europe’s skies
…as the UK has policed the airspace of the Baltic region this year to counter Russian belligerence
…so we require similar global partnerships
…to address a cyber threat
…that knows no bounds.
I’m proud the UK already enjoys strong bi-lateral relationships in this area.
With our French friends
…we’re using our new Combined Joint Expeditionary Force
…to reinforce our 2* Military Cyber Co-ordination Group
….sharing best practice between Britain and France to improve the defence of our military IT networks.
…and train cyber specialists.
We’re also tightening our ties with our US partners.
Last month when Secretary Carter visited London
…we signed a memorandum of understanding
…building on our existing partnership by
…enabling more collaborative research and development together
…and greater information sharing
…on both offensive and defensive cyber capabilities.
And we work closely in this area
…with our other allies in the Five Eyes Intelligence network
… Australia, Canada and New Zealand.
But an effective response to the dangers of cyber requires all nations in NATO to step up.
We can only be as strong as our weakest link.
And Britain is destined to do its bit.
We are leaving the European Union
…but we’re also stepping up our commitment to European and Alliance cyber security.
That’s why…at the Warsaw Summit..we advocated all NATO nations should …sign the Cyber Defence Pledge …should agree to strengthen our cyber defences
…should strengthen our national infrastructure and networks
…as a matter of priority
…to ensure that the Alliance is strong and resilience in the face of cyber threats.
Britain’s commitment to spending a minimum of 2% GDP on defence means we can invest in a military that is cyber trained, cyber secure and cyber enabled…with the ability to fight in every domain in any future conflict. At Warsaw, we advocated NATO recognition of cyber as a domain of operations…
…in which NATO must defend itself as effectively as it does in each of the other domains.
Recognition that will bring
…more effective organisation of skills and resources
…will bring integration of cyber defence capabilities into operational planning
And will better our protection of our deployed forces
…and will give us an improved NATO ability to maintain freedom of action across the global cyber commons.
Yet perhaps the greatest contribution will be to enlarge our understanding of the terms of engagement.
One of the most devastating effects of cyber weaponry
…is its capacity to deepen the fog of war
…to add additional layers of ambiguity to the actions of an aggressor.
So, as NATO reaffirms the relevance of international law in cyber space
…we must be clear that cyber could constitute an armed attack
…while preparing our full spectrum response
…and considering what sort of political or public support will be required by such a response.
And…just as we must also think more closely about the impact cyber will have …on the nature of our military operations and objectives…on our tactics… and on our strategy in future.
There are not easy answers.
But by gathering the right network of people together…through this conference…I believe we’ve made a start. And we’re already looking ahead to next year’s conference in the Netherlands.
Conclusion
I began by mentioning the transformative power of airpower.
In ending I’d note that airpower didn’t just transform 20th century warfare.
It transformed society itself.
The sky used to be a limit.
It isn’t now.
Today we can get a flight to anywhere on the globe.
Tomorrow we might be catching a flight into space.
So my hope is that
…if we get cyber right…
…we have the potential too
…not just to bolster our capability and improve our security
…but to bring in the jobs, the investment…the talent to power our economies for decades to come.
And if we do that job properly…100 years from now…our successors will look back on this moment…the dawn of a new cyber age…as the moment when a potentially devastating threat turned into a dazzling economic and social opportunity.