Chancellor of the Duchy of Lancaster's speech to the NATO Cyber Defence Conference
Chancellor of the Duchy of Lancaster, Pat McFadden's speech to the NATO Cyber Defence Conference at Lancaster House.
Thank you to Rob and Jean Charles, and it is a great pleasure to be here today.
Ladies and gentlemen, NATO is an organisation born out of the ashes of the Second World War.
An organisation for which the UK post-war Labour Government of the time saw an urgent need.
One which our post-war Foreign Secretary, Ernest Bevin, worked night and day to bring into being because he saw the need for collective security.
NATO was founded on the belief that when it comes to the safety and security of our people, Europe and North America stand stronger together.
And that is as true today as it was all those years ago.
And today, our alliance is strong. It has grown in membership — and I’m very pleased to welcome our newest member, Sweden, to their first cyber defence conference as a full NATO ally.
And our alliance has been brought closer together by Russia’s invasion of Ukraine.
It is clear that 75 years after its foundation, we need NATO more than ever.
Now, my Party entered government in the UK a few months ago at a new and dangerous time for the world. The global picture is more turbulent now than it has been for decades.
As the UK’s Chief of Defence Staff Admiral Sir Tony Radakin said a few weeks ago, we are witnessing a unique era of contest and competition:
One where our adversaries are becoming increasingly emboldened and aggressive, testing our collective security on a daily basis.
And that contest is played out in two realms: the physical and the cyber.
And as we meet here today, Ukrainian soldiers — many of them trained by our armed forces here in the UK — are fighting for their country’s freedom on the front lines of Donetsk and Luhansk, in their bid to repel Russia’s appalling invasion and to be able to decide their own future.
But the war is also raging on another frontline, in cyberspace.
Aided by allies, including the UK, Ukraine has had to defend itself from crippling Russian cyber attacks on its electricity grid, its airports, and other critical national infrastructure.
Russia has targeted its mobile networks — cutting off communication for millions at a time — and, on occasion, disabling the air raid warning system in Kyiv.
And it has waged cyber espionage on Ukraine’s networks, looking to hack valuable military information that will give them an advantage on the battlefield.
Military power is one thing.
But, cyberwar can also be destabilising and debilitating.
And with a cyber attack, Russia can turn off the lights for millions of people.
It can shut down power grids.
And that is the hidden war Russia is waging in Ukraine, and in the last year, both the Russian military and its unofficial army of cyber criminals and hacktivists have not just stepped up their attacks — but widened their targets to a number of NATO members and partners.
The aim is to gain a strategic advantage, to degrade the states that support Ukraine.
Here in the UK, Russia has targeted our media, our telecoms, our political and democratic institutions, and our energy infrastructure.
And together with international partners, we recently publicly exposed a Russian military unit — Unit 29155 — which has carried out a campaign of malicious cyber activity against NATO members.
The unit has targeted the government services, financial services, transport systems, energy and healthcare sectors of NATO members.
It doesn’t just want to disrupt efforts to provide aid, but crucially to pick away at public and state support for Ukraine.
Let me tell you today, that effort will not succeed; we will not stop in our support.
Meanwhile, hacktivists have been waging their own personal campaigns against NATO members — as we saw earlier this year, when a water plant was targeted in Texas.
Those attacks are increasingly frequent and, in some cases, increasingly sophisticated.
And then there are the gangs of cyber criminals and mercenaries not directly under the Kremlin’s control but who are allowed to act with impunity so long as they’re not working against Putin’s interests.
They recently targeted NATO’s Indo-Pacific partner, South Korea, in response to its monitoring of the deployment of North Korean troops to Kursk.
Russian state-aligned groups have taken responsibility for at least nine separate cyberattacks of varying severity against NATO states, including unprovoked attacks against our critical national infrastructure.
The activity of these groups isn’t something new, or something that has just been happening in recent months. They are unpredictable; they act with disregard for the potential geopolitical consequences, and with just one miscalculation, could wreak havoc.
Be in no doubt: the United Kingdom and others in this room are watching Russia. We know exactly what they are doing, and we are countering their attacks both publicly and behind the scenes.
We know from history that appeasing dictators engaged in aggression against their neighbours only encourages them. Britain learned long ago the importance of standing strong in the face of such actions.
And that is why we are supporting Ukraine in its fight to decide its own destiny.
Putin is a man who wants destruction, not peace. He is trying to deter our support for Ukraine with his threats, and he will not be successful.
We will not join those voices of weakness who want to give Putin a veto over our help for Ukraine.
And given the scale of Russia’s hostility, my message to the members today here is clear:
While no one should underestimate the Russian aggressive and reckless cyber threat to NATO, we will not be intimidated by it, and we will never allow it to dictate our decisions or our policies. And we will do everything to defend our countries against it.
And, of course, it’s not just Russia. Some of the biggest threats in cyberspace emanate from China, North Korea and Iran.
Cyber attackers linked to Iran’s Islamic Revolutionary Guard Corps have mounted a consistent campaign against individuals here in the UK, including senior government officials, journalists and lobbyists.
Cyberwar is now a daily reality. One where our defences are constantly being tested.
And the extent of the threat must be matched by the strength of our resolve to combat it, to protect our citizens and our systems.
And I believe we must enhance our collective defences in three ways.
First, we have to respond to new technologies, like AI.
NATO has stayed relevant over the last seven decades by constantly adapting to new threats.
It navigated the worlds of nuclear threat and militant nationalism.
The move from cold warfare to drone warfare.
Now it needs to adapt to the world of AI. Because as the tech evolves, the threat evolves.
Now AI has immense potential to improve the world and we want the UK to be a welcome home to develop these technologies. But its full impact is as yet unknown.
As we develop this technology, there is a danger it could also be weaponised against us.
Because our adversaries are also looking at how to use AI on the physical and cyber battlefield.
And they won’t hesitate to use AI to gain an advantage against us.
Last year, we saw the United States. for the first time, publicly call out a state for using AI to aid its malicious cyber activity.
In this case, it was North Korea — who had attempted to use AI to accelerate its malware development and scan for cybersecurity gaps it could exploit.
North Korea is the first, but it won’t be the last.
So we have to stay one step ahead in this new AI arms race.
And I am pleased today to announce that we are launching a new Laboratory for AI Security Research at the University of Oxford. It is backed by £8.2 million of funding from the UK government’s Integrated Security Fund.
The lab will pull together world-class industry, academic and government experts to assess the impact of AI on our national security.
In the meantime, the second thing we must do is find ways to strengthen NATO’s collective cybersecurity.
The UK continues to work closely with Allies to expose cyber attackers from across the world — whether that’s through public attributions, calling out hostile actors, or through sanctions.
But we’re also looking to see where we can help NATO allies facing an increased threat to defend themselves.
And so, we are launching a new incident response project to help countries (including NATO allies) respond to attacks on their critical national infrastructure — pulling together both the public and private sectors in the UK to offer their technical assistance on combating those attacks.
Finally, we are constantly looking at where we can bolster our own digital defences here in the UK.
And that’s a whole-of-society effort. Government cannot do it on its own.
It means making sure that businesses and other civilian organisations are doing everything they can to lock their own digital doors and prevent gaps from appearing in our cyber defence.
And again, Ukraine provides a great example.
Because it has displayed unimaginable courage and innovation in the face of a daily barrage of cyber attacks. It has worked tirelessly with industry and civilian organisations to bolster its cyber security. And its made those defences stronger as a result.
And NATO must learn from Ukraine’s experience.
In a few days, I and the UK’s senior national security officials will sit down with British businesses to discuss how they can boost their own security and help defend the nation from actors with malign intent — particularly from Russia.
And I’ll be very clear with them:
Russia won’t think twice about targeting British businesses in pursuit of its goals. It is happy to exploit any gap in our physical or cyber defences.
And so I urge them to do everything in their power to strengthen their own security and protect themselves, the country and our allies from this threat.
As we reflect on NATO’s history, we should also reflect on its success.
It has shown the strength of solidarity between countries.
Its existence sends a constant daily message to our adversaries about the price of attacking its member states.
It has enabled shared learning about defence and security.
And it has had to adapt to changing circumstances and changing threats.
And that’s particularly true of this cyber threat today.
Every day, we need to do this unspectacular work of plugging away at our cyber defences: identifying weaknesses, shoring up our national barriers, and continuing to work together in the name of this collective security that brought NATOs founders together.
It’s a continual effort in this new theatre of conflict. And an entirely necessary one.
For if we only prepared for yesterday’s battles we would be failing in our duties of today.
In this new era of instability, that effort is needed more than ever, and that’s why I am so pleased it is the centrepiece of this conference for the next two days.
Thank you very much.