Defence Secretary鈥檚 speech at Cyber 2017 Chatham House Conference
Defence Secretary Sir Michael Fallon gave a speech at Cyber 2017 outlining how the Ministry of Defence is tackling today's cyber threats
Good afternoon, and thank you again to Chatham House for putting on this very timely event at a timely moment. Last Friday we saw the United Kingdom hit by yet another cyber attack, this time directed against our Parliamentary IT facilities.
Investigations so far have found that the hackers were attempting to carry out a sustained and determined attack on all parliamentary user accounts in an attempt to identify weak passwords and to gain access to users鈥� emails.
Immediate steps have been taken to address that particular problem.
It has meant that聽some Members of Parliament and staff have been temporarily unable to access their email accounts outside of Westminster.
As MPs, some have been unable to answer constituents鈥櫬爀mails聽on a Sunday, and we鈥檝e had to live with that.
Since then, the聽National Cyber Security Centre has been working around the clock with聽our聽UK Parliamentary Digital service to understand the nature of the attack, to contain it, and聽to聽put in place mitigation measures to prevent possible future breaches.
Now, this latest聽attack聽is far away from being an isolated incident. 聽 It follows hot on the heels of the Wannacry virus聽that didn鈥檛 just shut down NHS operating theatres, but in the end affected more than 200,000 people over 150 different countries. 聽 So聽here was yet more evidence that cyber is a truly global phenomenon, evidence that has been聽piling up聽following聽the聽attacks on聽Germany鈥檚 lower house of Parliament.
Bulgaria has also suffered, and I quote from them, according to their President, 鈥渢he heaviest and most intense cyber attack鈥onducted in south-east Europe.鈥� 聽聽 And of course, there have been attacks on America, with the聽United聽States聽Office of the Director of National Intelligence concluding that Russia had targeted the Presidential election.
I quote, its 鈥渋ntelligence services conducted cyber operations against targets associated with the 2016 US presidential election, including targets associated with both major US political parties.鈥�
All these attacks point to our adversaries becoming more diverse, becoming better at what they do, and becoming more adept at using virtual attacks to inflict very real damage.聽 聽 One in five British businesses聽has been hacked by cyber criminals in the聽last year according to the British Chambers聽of Commerce. 聽 Analysts put the cost to our economy聽already聽in the billions, while it鈥檚 been estimated that the United聽States lose up to 3 per cent of GDP to Intellectual Property theft.聽
For the military, the consequences of cyber disruption are equally devastating.聽 聽 Reuters聽has聽reported that Russia used malware implants on Android devices to track and target Ukrainian artillery. 聽 That鈥檚 why back in the 2015 Strategic Defence and Security Review we put cyber up there with聽terror and聽major natural hazards as a Tier One threat to this country. 聽 To date, alarming as聽some聽these attacks have been, our people have proved equal to the task of defending against them. 聽 Fewer than 1 per cent of the 9,000 email accounts on the parliamentary network were compromised. 聽 But there is absolutely no聽complacency here.
We are investing a huge chunk of money 鈥� some 拢1.9bn聽鈥� into boosting our cyber security 聽 And Defence, in particular, has a three-fold role to play in this national cyber security effort.
Keeping our house in order
聽 First and foremost,聽we鈥檙e keeping our digital house in order. 聽 We鈥檙e not just working closely with the National Cyber Security Centre to ensure that our military and civilian systems are robust.
We have networks of information risk and asset owners embedded in our organisation to properly police data and to deal with problems.
And we聽are encouraging all our staff to observe good cyber etiquette.聽
They must now complete mandatory information handling refresher training annually and they must take personal responsibility for their data.
We鈥檙e also doing more to recruit the cyber savvy. 聽 There鈥檚 our cyber reservists, experts from industry and academia who聽are聽putting their high tech skills at the service of the nation by weeding out network vulnerabilities. 聽 At the same time, we鈥檙e building up a new聽21stcentury Cyber Corps, a band of expert volunteers, leaders in industry, who are going advise us on how to keep ahead in the cyber space race. 聽 Finally, cyber is becoming now a core part of our military training. 聽 In January,聽we will open a dedicated state-of-the-art Defence Cyber School at Shrivenham, bringing together all our military joint cyber training into one place. 聽 And we look forward to that first class of 2018 emerging with the digital X-factor to transform our future cyber capability.
Creating a culture of resilience
聽 Second,聽the interconnected nature of the web, the way it blurs the boundaries between military and civilian, between public and private, means we all have a responsibility to look after ourselves online.
A stronger password here, a Windows update there, and we would have stood an even better chance of warding off the Parliamentary and Wannacry attacks. So聽my聽second point is that聽the聽MOD has a key role to play in聽contributing to a culture of resilience. That鈥檚 why we set up the Defence Cyber Partnership Programme聽(DCPP) to ensure that companies聽with whom we聽have defence contracts聽are properly protecting themselves and meeting a host of聽cyber security standards.
Strengthening our deterrence
But there鈥檚 a third way in which we聽can聽protect聽our national infrastructure, and that鈥檚 by strengthening our deterrence. 聽 So we鈥檙e using our rising budget to invest聽our聽拢178bn in full spectrum capability, from carriers to Ajax armoured vehicles, fifth generation F35 to the latest UAVs, signalling to potential cyber strikers that the price of an online attack聽could invite a response from聽any聽domain, air, land, sea or cyber space. 聽 And when it comes to the latter, we鈥檙e making sure聽that聽offensive cyber is now an integral part of our arsenal. 聽 We now have the skills聽to expose cyber criminals, to them hunt down and to prosecute them, to respond in kind to any assault聽at a time of our choosing.
Our National Offensive Cyber Planning allows us to integrate cyber into all our military operations. 聽 And I can confirm that we聽are now using offensive cyber routinely in the war against Daesh, not only in Iraq but聽also in the campaign to聽liberate Raqqa and other towns聽on the Euphrates. 聽 Offensive cyber there is already beginning to have聽a major effect on degrading聽Daesh鈥檚聽capabilities.
We鈥檙e determined as a coalition to maintain our advantage in this arena and聽that聽is why we聽are investing with our allies in the sort of kit聽capable of data use.
To help create聽a picture of the virtual battlefield we have recently聽here in the United Kingdom launched a multimillion pound competition to develop machine learning algorithms聽and Artificial Intelligence聽which will assimilate this wealth of new data and聽will聽free up our personnel to deliver a more coordinated, targeted response. 聽 The first contracts聽from that investment聽have already been awarded to a variety of UK suppliers including from academia and innovative micro-scale businesses and other SMEs, all of whom are working on a range of solutions from rapid sensor聽integration to predictive cognitive control systems.
International partnerships
Cyber deterrence is obviously stronger when we stand together with聽our聽like-minded allies. And聽that鈥檚 why we鈥檙e working hard,聽in particular,聽to get NATO, the bedrock of our security, to do more to defend聽effectively online.
聽At last year鈥檚 Warsaw summit we achieved a breakthrough in getting the Alliance to recognise cyber as a distinctive聽domain of operations. 聽 We also succeeded in persuading NATO聽nations聽to聽sign the cyber pledge, committing Allies to enhance their national defences as a priority聽and to strengthen their capability, collectively and individually, to resist cyber attacks in any form.聽 聽 There remains work to be done to share our data to deal with major incidents together and聽to聽improve the underlying infrastructure of the Internet. 聽 At the same time,聽we聽will also聽need聽new doctrine to clarify our response聽within NATO聽to anonymous cyber activity聽which often takes place聽now聽in聽that聽grey zone below the previously understood threshold of war. 聽 And all the while we are developing the effects, covert and overt, cognitive and physical, to help provide a proportionate response to those cyber attacks.
But聽Alliance聽effectiveness in the virtual world would be immeasurably enhanced if national capabilities were made ready to deploy in support of NATO operations. 聽 So having honed our own UK pioneering cyber techniques against Daesh in Iraq and Syria, I can聽confirm today that United Kingdom is聽ready to become one of the first NATO members聽to聽publicly聽offer such support to NATO operations as and when聽required. 聽 ### Conclusion
So let me say in conclusion that cyber is a serious聽problem. It is a聽growing problem. 聽 But my message to you is聽that聽Government聽here聽and Defence, in particular,聽is聽on the case. 聽 Over the next few years we鈥檙e going to be redoubling our efforts聽to聽strengthen聽our聽resilience against our adversaries, to聽strengthen聽our hand against our聽cyber聽adversaries and聽to聽ensure聽those who mean to do our country harm, offline or online, have nowhere to hide.