Defence Secretary speaks at Cyber Symposium
20 October 2016
Defence Secretary Michael Fallon today delivered a speech at the second RUSI Cyber Symposium in London.
I'm delighted to see so many international guests here, over 30 nations, from every corner of the globe.
I doubt even five years ago this type of event would have drawn such an impressive cast list.
It reflects the growing importance of cyber to our world.
You can't come to RUSI, our oldest defence think tank, without a nod to our history.
100 years ago in the skies above the Somme, the world witnessed the first major demonstration of the awesome power of the aeroplane, and 100 years ago the tank was invented.
New technologies, offering combatants, unparalleled reach, unprecedented speed, and destructive power unconstrained by borders or boundaries.
Airpower was the transformative technology of the 20th century warfare.
We're here today to discuss its 21st century successor: cyber power.
The information age has brought huge benefits, it's opened up our world, changing the way we bank, book our holidays, order our social life.
But the more reliant we are on electronic networks, the more vulnerable we are to cyber attack.
Our cyber adversaries, can target us anywhere on the planet, not only stealing our information, to exploit, coerce or gain psychological advantage over us, but potentially dealing a sucker punch to our systems, disrupting our armaments or our energy supplies, even our governmental systems.
What gives cyber added potency is its availability. Anyone with a laptop, and a clever bit of open-source, encrypted software, can do us harm.
And any threat we face, state sponsored aggression, global terror, attacks on elections, electoral machinery, media, and other key features of democracy, and lone wolf attacks, can have a cyber-dimension.
What's more, the threats are growing. Last year GCHQ detected twice as many national security level cyber incidents – 200 per month – as the year before.
We know hostile actors are already developing and deploying advanced capabilities. We've seen non-state actors like Daesh using social media to radicalise their followers. And we've watched cyber criminals leaving a trail of destruction in their wake.
It's not only the Yahoo hack, where data was stolen from 500 million people, in the biggest publicly disclosed cyber-breach in history.
Last year, 90 per cent of large organisations reported they had suffered a security breach.
The average cost of the most severe online security breaches for bigger companies starts at almost £1.5m, up £600,000 in 2014.
Virtual threats have physical consequences. It's only a matter of time before we have to deal with a major attack on UK interests.
That's why, in last year's SDSR, cyber was listed as a Tier One threat, up there with terrorism or a major natural hazard.
Yet we're not here to scare but to protect ourselves.
How? By learning three important lessons from the age of airpower.
First, we must innovate. 100 years ago pilots on the Somme were flying wooden and canvass aircraft. Now we're building fifth generation lightning strike fighters.
Britain is already a world leader in cyber security today. But we can't afford any complacency. That's why HMG is investing £1.9bn – almost double the previous levels of investment – to protect the UK from attack, to keep ahead of the curve.
We're already seeing that investment bearing fruit. Earlier this year, I announced the development of a new Cyber Security Operation Centre, bringing together our defensive cyber activity to safeguard our military networks and systems against cyber threats.
This month we launched the new National Cyber Security Centre in Victoria, whose headquarters will be a stone's throw from us here in Church House.
It's uniting Britain's brightest brains from across Whitehall and the private sector to defend Britain's cyber infrastructure.
Today, I can announce we're investing £265m in a pioneering approach to root out cyber vulnerabilities within our military platforms and wider cyber dependent systems.
The UK is a world leader in cyber security, and we recognise that cyber risk is one of the greatest threats we face in the modern world.
It is crucial that we innovate and stay ahead of this ever-changing danger. By investing in this programme we're helping ensure the UK is fully protected.
But, as our US colleagues would say, this cannot just be about our defence.
It must be about our offence too. It is important that our adversaries know there is a price to pay if they use cyber weapons against us, and that we have the capability to project power in cyberspace as elsewhere.
We must exploit the opportunities cyber presents to deliver military effects. The Government announced a year ago that we are developing capability through the National Offensive Cyber Programme, in which the MOD and GCHQ are close partners.
We also said in the SDSR that our commitment to invest 2% of GDP in defence would help ensure that our Armed Forces will increasingly be able to operate as effectively in cyberspace as they do by land, sea or air.
Since then, we have begun to integrate Offensive Cyber into military planning alongside the full range of military effects.
We will continue to develop and exploit cyber's potential to complement and enhance our conventional military capabilities and assets.
This brings me to my second point. We can't operate or develop the right capability without the right skills.
Over the past 100 years, the UK has relied on brilliant aviation pioneers like Sir Thomas Sopwith, RJ Mitchell and Frank Whittle to reach for the skies.
We want to match that conveyor belt of talent in cyberspace. We're not just looking for people with IT expertise.
From Vietnam through to Afghanistan and Iraq, we've learnt perception is nine-tenths of the war.
Today hostile actors and agents see cyber as a way of controlling the narrative. We need to combat their lies with faster truth.
That's why we've set up 77 Brigade and 1st Reconnaissance Brigade, learning new ways to improve information flows, influence capabilities, counter hybrid warfare techniques, and improve battlefield intelligence.
The pioneering techniques of our cyber soldiers will influence our whole Armed Forces. We're also giving thought to the next generation of online warriors.
To continue recruiting the best people, we've created a bespoke test to identify military personnel with an aptitude for cyber work.
The Defence Cyber Aptitude Test assesses an individual's cognitive abilities through a number of advanced challenges.
We're currently rolling the test out now in our technical training programmes. In the meantime, we're making sure all our staff have a cyber schooling by establishing a new Defence Cyber School, based at our Academy in Shrivenham.
My final point is this, just as NATO Allies work together to secure Europe's skies, as the UK has policed the airspace of the Baltic region this year to counter Russian belligerence, we require similar global partnerships, to address a cyber threat, that knows no bounds.
I'm proud the UK already enjoys strong bi-lateral relationships in this area.
With our French friends, we're using our new Combined Joint Expeditionary Force, to reinforce our 2* Military Cyber Co-ordination Group, sharing best practice to improve the defence of our military IT networks, and train cyber specialists.
We're also tightening our ties with our US partners – and last month when Secretary Carter visited, we signed a memorandum of understanding, building on our existing partnership by enabling collaborative research and development, and greater information sharing on offensive and defensive cyber capabilities.
And we work closely in this area with our other allies in the Five Eyes Intelligence network, Australia, Canada and New Zealand.
But an effective response to the dangers of cyber requires all NATO nations to step up.
We're only as strong as our weakest link. Britain is doing her bit. We are leaving Europe, but we're also stepping up our commitment to European and Alliance cyber security.
That's why we advocated all NATO nations at the Warsaw Summit sign the Cyber Defence Pledge, and agree to strengthen our cyber defences, our national infrastructure and networks, as a matter of priority, to ensure the Alliance is strong and resilience in the face of cyber threats.
Britain's commitment to spending a minimum of 2% GDP on defence means we can invest in a military that is cyber trained, cyber secure and cyber enabled, with the ability to fight in every domain in any future conflict.
At Warsaw, the UK advocated NATO recognition of cyber as a domain of operations in which it must defend itself as effectively as it does in the other domains.
This recognition will bring more effective organisation of skills and resources, integration of cyber defence capabilities into operational planning, protection of our deployed forces, and an improved NATO ability to maintain freedom of action across the global cyber commons.
Yet perhaps its greatest contribution will be to enlarge our understanding of the terms of engagement.
One of the most devastating effects of cyber weaponry is its capacity to deepen the fog of war, to add additional layers of ambiguity to the actions of an aggressor.
So, as NATO reaffirms the relevance of international law in cyber space, we must be clear that cyber could constitute an armed attack, while preparing our full spectrum response, and considering what sort of political or public support will be required by such a response.
Just as we must also think more closely about the impact cyber will have on the nature of our military operations and objectives, on our tactics, and on our strategy in future.
There are no easy answers. But by gathering the right network of people together, today we've made a start. Talking of which, we're already looking ahead to next year's event.
I began by mentioning the transformative power of Airpower. In ending I'd note that airpower didn't just transform 20th century warfare, but society itself.
The sky used to be the limit. It isn't anymore. Today we can get a flight to anywhere on the globe. Tomorrow we might be catching a flight into space.
And my hope is, if we get cyber right, we have the potential not just to bolster our capability and our security, but to bring in the jobs, the investment and the talent to power our economies for decades to come.
If we do our job properly, 100 years from now, our successors will look back on this moment, the dawn of a new cyber age, as the moment when a devastating threat turned into a dazzling opportunity.
|Join the GlobalSecurity.org mailing list|