Speech: Cyber Symposium 2015

I’d like to thank my French colleagues for arranging this symposium.

It’s an impressive gathering with strong international representation.

And what unites us all is a growing interest in cyber and growing desire to keep several steps ahead of the threats we face.

I’m told this is the first of hopefully a series of events bringing together our militaries on cyber.

And, given the calibre of the individuals in this room, I’ve no doubt you will make a valuable contribution to the cyber debate.

French Cyber relationship

It’s also always a pleasure to share a platform with my good friend M Le Drian.

In fact, this is our tenth meeting in just over a year.

And that reflects the closeness of a relationship that has gone from strength to strength since the signing of the historic Lancaster House Treaty 5 years ago.

As M Le Drian has already indicated…our cyber relationship with France is certainly among our most valued.

…with our 2* Military Cyber Co-ordination Group reflecting a close working relationship on cyber, so that in future…

….we can share threat information to help us both improve defence of our military IT networks.

…and share information and lessons on how to train cyber specialists.

…which will be galvanised by the creation of our Combined Joint Expeditionary Force …that we test on exercises this year.


And underlying this joint activity is a real sense of urgency.

An awareness of the scale, diversity and complexity of the challenges we face. 100 years ago we stood together on the frontline of a Great War.

…today we stand on the frontline of a virtual war.

And though the warheads launched are invisible…cyber is far from a theoretical threat. Our adversaries, whether

…revanchist Russia or evil ISIL

…are becoming ever more adept and determined to use cyber to force their advantage.

We’ve seen cyber attacks

…on TV5Monde and on Sony …on government systems in Estonia …on a Polish airline.

And cyber is not just used to gain military advantage, but to radicalise individuals and spread misinformation as we are seeing with ISIL.

Such dangers are only likely to grow.

Today one in seven people on earth are using Facebook.

…which can garner worldwide headlines simply by adding a dislike button to its pages.

It’s another reminder of how fundamentally connected we are.

Of how our societies

…in the words of M Le Drian, when introducing the Pacte Defense Cyber, last year

… qui n’ont jamais été aussi dépendantes du numérique

(have never been so digitally dependent).

That makes us vulnerable.

Nor is it only our defence networks….already under daily attack…that are at risk

…but our civilian infrastructure.

Our transport networks.

Our energy networks.

Our banking systems.

Our economy as a whole.

The cost of cyber security breaches to the UK economy roughly tripled over just the last year.

It is now in the order of £20 to 30 billion per year.

…compared to £10.7 billion for drugs supply and £8.9 billion for organised fraud.

And what makes web attacks harder to stop…besides the anonymity of the attacker…is the proliferation of low-cost technology…which can allow a minor hacktivist on a home computer to pose a threat.

Twenty years ago in an article appropriately entitled “alerte dans le cyberspace” Paul Virilio wrote that

….la bombe informatique nécessitera, au XXIe siècle, une nouvelle dissuasion, une dissuasion sociétaire, pour parer aux dégâts de l’explosion de l’information généralisée

((in the 21st century the information bomb will necessitate a new social deterrence to ward off the destructive effects of the explosion of generalised information)).

We’ve heard how France is developing its response to this “information bomb”. Today I’d like to set out the UK’s response. It revolves around three ideas.

1. Putting Cyber front and centre

First, it’s about putting cyber front and centre of our thinking.

Cyber is now hardwired into UK defence’s DNA.

If you attended the DSEI exhibition in London recently…you’ll have seen the cyber zone….the first time the exhibition has given cyber a dedicated slot of its own.

That reflects a wider trend. These days we’re fitting cyber capability in as standard to our tanks, ships and planes.

Fifth generation tech such as the F35 Lightning II not only give pilots enhanced network connectivity …allowing them to send real time information …untainted and unseen by others…from the battlefield to the back office…up to ministers…and back again.

Not only are we enhancing our kit…but we’re upgrading our training… testing out our cyber capabilities in a virtual environment.

And we’re supporting our future leaders in learning more about cyber.

Our 150th Cyber Masters student has just started their course this month at Cranfield University.

At the same time, we’re making sure defence’s supply of top talent is continually replenished by setting up a cyber reserve to attract the brightest brains from the private sector.

But cyber demands we adapt our tactics as well as our weapons and training.

So we’ve got the Joint Forces Cyber Group …bringing our service arms together to develop the novel techniques needed to confront high-end threats.

And critically, all this activity is underpinned by investment. We believe it’s better to invest in digital now than pay the penalty later on.

So, as the headline writers are fond of writing “we’re putting our money where our mouse is”…channelling more than £860 million into our National Cyber Security Programme.

However, the story doesn’t end here. Like the technology itself we must continually adapt.

What capabilities will we need to counter cyber adversaries in future? How can those tools be used to complement our response in other areas of defence?

That’s why cyber is pivotal to our Strategic Defence and Security Review now currently underway.

2. Creating resilience culture

Yet the cyber response cannot involve government alone.

So my second point is that we are creating a culture of cyber resilience across society.

The UK government is sending out the right signals by committing to a basic level of cyber security.

…improving the resilience of core government ICT networks to cyber attacks…through authentication and ID assurance.

…and building a new Public Sector Network (PSN)… to create a new security model for the sharing of services.

…but we’re also actively encouraging good cyber etiquette throughout our military and civilian services.

All our staff must complete mandatory information handling refresher training, annually, and take responsibility for their data.

…while we have networks of information risk and asset owners… embedded in our organisation to properly police data and deal with problems.

Since cyber blurs the lines between the public and private sector… we’re also urging industry to take cyber safety seriously.

We’re running exercises with government and industry to test their capacity to withstand cyber attack.

We’ve set up the UK’s national Computer Emergency Response Team CERT-UK …bringing together industry, government and academia to enhance our cyber resilience.

And we’ve launched a national “gold standard” for ‘Cyber security, cyber essentials’.

…so companies that handle sensitive and personal data can demonstrate they are secure and trustworthy.

It recommends business put in place critical controls…such as firewalls, access controls and maleware protection…to protect business from common cyber threats.

To date, more than 1,000 companies have been awarded a Cyber certificate.

Lastly, we’re encouraging organisations to share information on threats and vulnerabilities as they occur through the Cyber Information Sharing Partnership (CISP) …complemented in ‘Defence by a Cyber Protection Partnership’.

This enables a “fusion cell” made up of analysts from business and the law enforcement and intelligence communities … to draw together a single intelligence picture of cyber threats facing the UK.

More than 1,000 members and over 400 businesses and organisations have already signed up.

So the UK is determined to lead the way on cyber security standards.

And not just because we’re interested in our self-preservation.

…but because…by showing we’re one of most secure places in the world to do business in cyberspace…we will attract the investment that helps our economy grow.

The internet already accounts for 8 per cent of the UK’s GDP advantage.

Over the last 10 years the ICT sector has grown over three times as fast as our whole economy.

It could be worth hundreds of billions of pounds to us in the years ahead.

3. Global responsibility

My final point…to echo M Le Drian…is that tackling these online obstacles also requires an international effort.

Even multinational organisations like NATO

…are only as strong as their weakest link.

So the onus is on all of us…

…especially as key players in international institutions NATO members…to get our house in order.

That requires investment to avoid systems obsolesce in an age of exponential technological advance.

It requires better education among all government and business internationally about the importance of being safe in cyber space.

And it requires us to work together to establish the new rules of the game.

Cyber operates in areas of ambiguity where what is and what is not considered an act of aggression… what should or should not be suitable response…are by no means clear cut.

So we must adapt our doctrines accordingly…understanding how best to respond in a range of different scenarios.


So we’ve a great deal to discuss.

Not that I’m expecting all the answers today.

After all, much work is already going behind the scenes …and I’m of the view that it’s better to keep our adversaries guessing.

But…in a sense…simply being here is sending out a sharp signal to our adversaries.


…whatever their virtual schemes

…we’re on the case

…and we’re determined to bring all our vast capabilities

…all our enormous expertise to bear

…to thwart their plans in the real world.

Finally, I am delighted to announce that the UK will run the next of these Symposiums in London in late 2016. As I hope you agree, this is a valuable forum for exchanging information and ideas, and I am very pleased that we can build on the momentum that our French colleagues have started here today.

Continue reading...

Similar threads

New Posts