Deputy Prime Minister, Oliver Dowden's speech at the UK - France Cyber Proliferation conference
Deputy Prime Minister, Oliver Dowden's speech at the UK-France Cyber Proliferation conference on commercial cyber tools.
INTRODUCTION
Welcome to Lancaster House.
Our surroundings might be familiar to our French co-hosts, as the interior decoration was inspired by the Palace of Versailles鈥�
鈥nd they might be familiar to everyone else, as the backdrop to the Netflix series The Crown and Bridgerton.听
In the real world, this house has played a role in delivering global peace and security for centuries.听
And so it is fitting that we are here today to talk about how we secure our peace and security in the centuries to come鈥�
鈥n a world where the challenges we face increasingly come from cyberspace.听
I want to start by welcoming the close and dedicated partnership we have had with France on this issue over the last year鈥�
鈥nd we are delighted to be co-hosting with our French colleagues.
Just as the Olympic torch is passing to France this year, we in the UK are proud to pick up the baton on cyber security鈥�
following the excellent conversations you convened at the Paris Peace Forum.听
DANGEROUS WORLD
We live in an increasingly volatile world.
State competition 鈥� national conflicts 鈥� organised crime鈥� domestic terrorism鈥�
鈥ll of these things are growing and converging, while the established multilateral order is being challenged.听
Meanwhile, technology is developing exponentially鈥�
鈥nd the economic sphere is ever more contested.
In this new dangerous and volatile world, the frontline is increasingly online鈥�
where the weapons used are often virtual ones鈥�
and online conflict and cyber criminality are becoming increasingly reckless.听
Thanks to rapid advances in technology 鈥� including AI 鈥� those weapons are becoming cheaper, more widespread, and easier to use.
There is now a growing market for the sort of cyber tools that, in the wrong hands, can be used against ordinary people鈥μ�
鈥� to steal from businesses鈥μ�
鈥o carry out crippling ransomware attacks鈥μ�
and to threaten our critical national infrastructure.
That is what I want to focus on today.听
These products often have legitimate uses 鈥� such as for law enforcement and national security 鈥� but they can also be misused鈥�
鈥nd increasingly, more actors are getting hold of them.
That opens up this battleground to a whole new world of unaccountable actors鈥�
鈥ave-a-go hackers鈥μ�
鈥� People who, with minimal barriers, can unleash maximum disruption to individuals, institutions, companies and indeed countries.听
THE IMPACT
That is why this matters.听
Because what happens in the virtual world has real-world consequences.
It is extremely likely that almost everyone in this room has been the victim of some form of cyber-attack.听
Whether it is鈥� your data鈥� your identity鈥� your intellectual property鈥� or even your money that has been expropriated鈥�
All are now seen as legitimate targets.听
And as the commercial market for these tools grows, so too will the number and severity of cyber-attacks鈥�
鈥ompromising our devices and our digital systems鈥�
鈥� causing increasingly expensive damage鈥μ�
鈥� and making it more challenging than ever for our cyber defences to protect public institutions and services.
If we fail to act, this market will rapidly become a driver for much of the cyber threat we face鈥�
鈥eyond just sophisticated and established state actors, and opportunistic criminals.
In this 鈥榶ear of elections鈥�, in which four billion people - half the world鈥檚 population - will vote in what are, often, digital elections鈥ith digital campaigns and digital infrastructure鈥�
鈥� all vulnerable to digital threats鈥�
鈥e must consider the impact upon our democracy too.听
SUCCESS SO FAR
We approach this threat from a position of strength, thanks to the work we have already been undertaking.听听
As part of our work to protect the UK from all forms of cyber attack, I have set ambitious cyber resilience targets for UK critical national infrastructure to meet by 2025鈥�
鈥nd in December, I launched the 鈥楽ecure by Design Framework鈥� for the UK public sector.听
Through these efforts the UK Government is embedding cyber security into the heart of our system design.
We are defending our democratic processes by offering technical support to individuals at high risk of targeting鈥�
鈥nd we are working to better understand and mitigate the threats of AI and disinformation during our elections.
As so often, where new forms of malign influence have emerged, the UK is once again at the forefront of combatting this emergent threat.听
Indeed our burgeoning cyber security industry continues to go from strength to strength鈥�
鈥ith our most recent estimates showing that the sector generates over 10 billion pounds in revenue - third only to the US and China鈥�
鈥� with exports also growing to over 5 billion pounds.
In the room today I see several faces I recognise from innovative young UK companies鈥�
鈥nd I know the important role they and others play in making us safer, both online and off.
The Government recognises the huge potential for growth in this industry鈥μ�
鈥nd the potential for cyber security to drive growth across all sectors of our economy.
That is why, alongside Michelle Donelan, the Secretary of State for Science Innovation and Technology, I have asked the Rt Hon. Stephen McPartland MP to lead an independent review to look at how we can shift the narrative and market incentives around cyber security to make this a reality.
We derive our strength and resilience not only from what we do alone, but what we do with our allies.听听
So the UK was proud to sign-up to the Joint Statement on 鈥渆fforts to counter the proliferation and misuse of commercial spyware鈥� at the 2023 Summit for Democracy last March鈥�
鈥nd I look forward to furthering that conversation when I attend the 2024 Summit in Seoul next month.听
Indeed, when our allies strengthen their defences, our defences are strengthened too.
So we welcome the European Parliament鈥檚 work on this issue鈥�
and we recognise the changes made through international export control frameworks, including the Wassenaar Arrangement.听
We further note the recommendations of the Paris Call Working Group on Cyber Mercenaries, and the Cybersecurity Tech Accords.
These represent crucial progress on spyware.听
But we must go further if we are to prevent commercially available cyber weapons from being developed and sold, used irresponsibly, or falling into the wrong hands.
A BROADER ALLIANCE
That work starts with building a broader alliance against those who seek to do us harm.
The market for these intrusion capabilities, with its vendors and customers, is very much a global phenomenon鈥�
鈥s is the impact of the threats created by malign and irresponsible activity.
Addressing this issue therefore falls to all the states and stakeholders in this room 鈥� and more besides, in wider, multilateral fora.
Our joint efforts should focus on ensuring that states and industry alike act responsibly in cyberspace鈥�
鈥nsuring our robust existing framework of international law and norms are equally applied in the virtual realm.
For governments, we can make a difference, through effective regulation, proper export controls鈥�
鈥nd working with the market responsibly as a customer, and end user鈥�
鈥o develop better safeguards and oversight.
Our partners in industry also have a role to play:
Software providers keeping their products patched, identifying flaws, and working with partners on collective security.
And the legitimate vendors of these capabilities ensuring they have responsible supply chains.
They all have a responsibility to vet and limit their customers鈥�
鈥nd to exercise caution when considering their use.
Throughout this, civil society will continue to play a vital part, shining a light on the realities of this complex threat.听
We should pay tribute to the hard work - often at personal risk, often without fanfare - that organisations and individuals have carried out鈥�
鈥hey are the embodiment of our resilience鈥μ�
鈥� And the UK is committed to supporting these efforts.
I can announce today that we will be enhancing our strategic partnerships with non-profit organisations working on these endeavours鈥�
鈥hrough a one-million-pound uplift to Shadowserver, to help them expand the access they provide to early warning systems, and to cyber resilience support for those impacted by cyber-attacks.
TAKING ACTION
This bigger, broader alliance must come together to agree exactly what the threats are.听
The world鈥檚 first AI Safety Summit, which the UK Government held at Bletchley Park last year, kicked off a new type of multilateralism for artificial intelligence.
鈥here civil society, industry and nation states came together to build a shared vision of the future.
We will need this same whole-of-society approach when it comes to cyber intrusion.
And so today, I am proud to be joined by my French colleagues, and all of you, in launching the Pall Mall Process,
鈥 new multi-stakeholder initiative through which we will, together鈥�
鈥� work to tackle the proliferation and irresponsible use of commercially available cyber intrusion capabilities.
Named after the very street on which this house sits.
The scope must be broad鈥�
鈥ot just looking at spyware, but also considering the 鈥榟ackers for hire鈥� phenomenon, the exploit marketplace鈥�
鈥longside the broader range of 鈥榦ff the shelf鈥� intrusion capabilities, including tools for disruptive and destructive effect.
With shared definitions鈥�
鈥e must establish guidelines for best practice for developing, selling, facilitating, purchasing, and using commercially available cyber intrusion tools and services鈥�
鈥nd we must be clear about what irresponsible behaviour looks like, and how to discourage it.
Ultimately, we must agree on what an international framework should look like.
And it must flow from some foundational principles that we all agree, to ensure the responsible use of these tools:
鈥ith accountability, in a legal and ethical manner鈥�
鈥ith precision, avoiding unintended or irresponsible consequences鈥�
鈥ith oversight mechanisms in place鈥�
鈥nd with transparency, around supply chains, financing and responsible business practices.
CONCLUSION听
There is no silver bullet to solving this problem.
But the pace of change demands that we act fast.
We are in a cyberspace race with our adversaries鈥�
鈥s they develop the tools to do us harm鈥�
鈥hile we define the risks, develop the rules and build the global alliance.
But I am optimistic.听
Cyber, ultimately, can and should be a force for good.听
We have a noble goal鈥�
鈥o protect our citizens from being illegitimately targeted鈥�
鈥o give companies the confidence with which to operate and trade鈥�
鈥nd to build an online world that remains free, open, peaceful and secure.听
Another worthy endeavour to pursue amid these historic surroundings鈥�
鈥nd one I hope we can build upon in the months and years to come.听
Thank you.