Foreign and Commonwealth Office
NATO Cyber Defence Pledge conference: Foreign Secretary's speech
Speaking at the National Cyber Security Centre, the Foreign Secretary said NATO must work together to deter Russia's malicious global cyber campaign.
Welcome to the National Cyber Security Centre.
Two centuries ago, the seminal military theorist Carl von Clausewitz described what he called the “fog of greater or lesser uncertainty” that surrounds decision-making in times of conflict. He wrote: “A sensitive and discriminating judgement is called for; a skilled intelligence to scent out the truth.”
Clausewitz was writing in the era of swords and muskets, and yet his warning also applies to the cyber age, when sabotage, theft and disruption can be carried out in seconds by an invisible adversary.
At first, the impact of any such attack – along with who did it and how – will be shrouded in a fog of uncertainty. It takes the most sensitive and discriminating assessment to piece together the evidence and discover the guilty party.
This Centre seeks to perform that task and allow the British government to take appropriate counter-measures. In the first 2 years of its existence, it dealt with over 1,000 cases of malicious cyber activity in the UK – or about 10 incidents every week – mostly perpetrated by hostile states.
In 2017, hackers in North Korea infected thousands of computers with the Wannacry ransomware, inflicting damage across the world.
In France, several Renault factories were brought to a halt.
Here in Britain, 48 NHS hospitals were infected, something that made a particular impression on me because I was Health Secretary at the time.
Russian cyber activity
This Centre shares its world-leading expertise with Britain’s NATO allies and other friendly countries to strengthen our collective response to common threats.
Today, we judge that Russia’s intelligence services are targeting the critical national infrastructure of many countries in order to look for vulnerabilities. This global campaign also seeks to compromise central government networks.
I can disclose that in the last 18 months, the National Cyber Security Centre has shared information and assessments with 16 NATO Allies – and even more nations outside the Alliance – of Russian cyber activity in their countries. We have regularly provided technical knowledge to help our partners to counter the threat.
Deterrence in cyber age
Together, NATO countries have become better at defending themselves against dangers in cyber space.
But we should not be content with just making ourselves tougher targets – crucial though that is. Our primary goal must be to deter this kind of behaviour from happening in the first place.
NATO is the most successful military alliance in history precisely because of our collective power of deterrence, and that prevented nuclear war and helped to keep the peace for 70 years. Our profound insight is that strength is the surest guarantee of peace – and when we stand together, no aggressor can hope to win a war so it never makes sense to start one.
The challenge today is therefore to apply the eternal verities at the heart of NATO’s success to the Alliance’s newest operational domain. And that means deterrence – strengthening our joint ability to deter those who would harm our citizens in cyberspace.
We have already made important progress.
In 2014 the Allies agreed that a cyber attack could result in the invoking of Article V of the Washington Treaty, meaning that the incident would then be treated as an attack on every member of NATO.
The North Atlantic Council would take any such decision on a case-by-case basis. Britain was the first ally to offer our offensive cyber capabilities to NATO. Another 8 countries have since done the same.
Then in 2016, NATO leaders endorsed the Cyber Defence Pledge, recognising the ‘new realities of cyber threats’.
But we can and must do more to improve our response. In particular, we should be more emphatic about what we consider to be unacceptable behaviour and the consequences for any breach of international law.
Interference in free elections
At particular risk are the democratic processes in all of our countries.
In the cyber age, authoritarian states possess ways of undermining free societies that dictators of earlier times would have envied. Time and again, we have seen attempts by states to interfere in democratic elections, often through the use of proxies.
In 2014, Russian hackers calling themselves ‘CyberBerkut’ sought to disrupt the presidential election in Ukraine, including by tampering with the voting system and delaying the final result.
In 2016, the Russian state interfered in the presidential election in the United States with the aim of damaging one party’s candidate.
Free elections are at the heart of our way of life. The leaders and ministers of NATO countries have been raised up by the decisions of millions of voters, expressed through the ballot box. We can all be cast down in the same way.
But recent events demonstrate that our adversaries regard democratic elections as a key vulnerability of an open society. If cyber interference were to become commonplace, the danger is that authoritarian states would damage public confidence in the very fabric of democracy.
We cannot afford to wait until one of our adversaries succeeds in changing the result of an election. We must be crystal clear that any cyber operations designed to manipulate another country’s electoral system and alter the result would breach international law – and justify a proportionate response.
Together, we possess options for responding to any attacks that fall below the threshold for Article V. We should be prepared to use them.
Deciding to do nothing would be an important decision in itself – and the consequences could be escalatory.
The more we communicate our resolve to act, the more we lower the risk of miscalculation. The more we work together to develop an array of appropriate response options – and signal our willingness to employ them – the greater our power of deterrence.
As always, we need to balance clarity about our determination to act with constructive ambiguity about exactly what we would do in specific circumstances.
The EU gained one further option last week when we adopted a new sanctions regime, allowing the imposition of travel bans and asset freezes on those who carry out ‘cyber attacks with a significant effect’.
In conclusion let us remember that throughout history, every new technology has created risks and hazards. The problems have often seemed daunting; the responses costly or uncertain. Yet so far, despite such challenges, we have always been equal to dealing with every advance.
So it must prove this time as we strengthen and adapt NATO’s power of deterrence – our priceless asset – to meet the challenge of the cyber age.
Latest News from
Foreign and Commonwealth Office
UK welcomes journalists from across the Middle East for second UK-Arab Commentators Forum26/02/2020 16:15:00
The Forum sees participants share insights and learn from UK government and media institutions in partnership with the Cardiff University School of Journalism.
UK Statement to the WTO Informal Working Group on MSMEs25/02/2020 16:20:00
The UK's Ambassador to the WTO in Geneva, Julian Braithwaite, delivered a statement to the WTO Informal Working Group on MSMEs Meeting on 25 February 2020.
Dialogue and cooperation is essential for a peaceful and lasting Somalia25/02/2020 14:10:00
Statement given yesterday by Ambassador Jonathan Allen, Deputy Permanent Representative to the UN, at the briefing on the situation in Somalia.
Israeli settlements, February 2020: UK statement25/02/2020 10:25:00
The UK government has reiterated its position on the Israeli settlements situation.
Troika statement on the formation of the Transitional Government in South Sudan on 22 February24/02/2020 16:20:00
The members of the Troika have made a new statement on the formation of South Sudan’s revitalised Transitional Government of National Unity.
UN Open-Ended Working Group on developments in ICTs in the context of international security: Commonwealth statement24/02/2020 14:10:00
UK-delivered statement that built on the 2018 Commonwealth Heads of Government Meeting Cyber Declaration, calling for greater UN coordination on cyber security (24 February 2020).
Diamond Princess evacuation flight lands in the UK: Foreign Secretary statement24/02/2020 10:25:00
Dominic Raab confirms that 32 British and European citizens have been brought safely home from Japan, following the coronavirus outbreak.
Peacekeeping transitions in Haiti21/02/2020 16:20:00
Statement given yesterday by David Clay at the UN Security Council briefing on Haiti.
Standing behind Ukraine and supporting Ukrainian sovereignty21/02/2020 14:10:00
Statement given yesterday by Mungo Woodifield at the UN General Assembly