Keynote address
by NATO Deputy Secretary General Rose Gottemoeller at the NATO Information Assurance Symposium (NIAS) Cyber Conference
(As delivered)
It's a pleasure to be here at this year's NIAS cyber security conference I've had a chance to meet some of you already this morning and this is an impressive group so thank you very much for your attendance.
In the last few years the idea of cyber defence has broken out of specialist conferences such as this one and entered the popular consciousness. From the tabloid revelations following the attack on Sony pictures in 2014 to the Wannacry ransomware that brought an estimated 100,000 organizations across 150 countries to a standstill, including many hospitals in the UK.
Cyber attacks have become headline news. But the industry and NATO have known about this problem for far longer. It has been 14 years since the titan rain attacks on US defense contractors in 2003, many of you around the room probably remember that one.
And it has been 10 years since the attacks that disrupted the Estonian government as well as its banks and broadcasters in 2007. That second attack led to the establishment of this cooperative Cyber Defence Center of Excellence in Tallinn, that is now going from strength to strength in helping us to train, exercise and understand what cyber defence means. Once upon a time, aggressive actions were as obvious as lines of soldiers crossing the border. Now things are much more complicated. So-called hybrid warfare combines a wide range of overt and covert tactics, including cyber attacks, everything from tweets to tanks.
We have extensive experience with traditional collective defense that when it comes to cyber, we are still learning, we must be fast learners. Technology is at the heart of our advanced network societies and is at the heart of our militaries too.
On land, at sea, in the air, NATO forces have long enjoyed tactical superiority because of our technological advantage. We must stay ahead of that curve, this very advantage now has the potential, if we’re not careful, to make us vulnerable to attack.
Cyber attacks are serious, they have the potential to undermine NATO's missions around the world and to hamper our ability to deliver collective defece. That is why cyber defence is a top priority for NATO and NATO Allies, we have to be as effective in the cyber domain as we are in the physical world.
At last year's NATO summit in Warsaw, Allied leaders pledged to increase our efforts in the field of cyber defence to make sure that all Allies are equipped and ready to meet a distinctly 21th century challenge that comes at us nowadays. As part of the Cyber Defence Pledge, Allies committed to strengthen and enhance the cyber defences of their national networks and infrastructure also as a matter of priority.
Resilient national cyber defences are vital to the collective defence. For the Alliance as a whole to be cyber secure and cyber enabled Allies must be too. That is why I welcome that so many of you around this room are working across NATO with Allies and also NATO partners to try to make all equally secure. The pledges help to focus strategic level attention on cyber defence. It is a tool for Allies to promote and prioritize investment in this area. National implementation of the Cyber Defence Pledge continues, and the next progress report is planned before the 2018 Summit which will come up next July.
Allied leaders are recognizing cyberspace as a domain of operations on par with other domains of land, sea, and air. This is to ensure that our commanders in the field are properly equipped for the operations and missions of the 21th century. Having cyber as a domain of operations will increase our ability to work together, to develop new and appropriate capabilities and to share information among all Allies.
But we cannot do all of this on our own. Cyber defence is a team sport. That is why NATO works closely with partner countries, other international organizations and of course with you, with industry.
And also, I must mention, universities who are an important part of our partnership in the cyber arena. The private sector plays a central part in cyber defence. It is you after all who develop and operate the vast majority of networks worldwide. You are often the first line of response to cyber incident, you are also at the forefront of innovation from driverless cars and home automation to artificial intelligence and virtual reality, again areas that can bring great benefits, but also can bring with them the risk of cyber attacks.
Speaking of driverless cars, I don’t know if it was a driverless car or not, but I passed a really souped-up DeLorean out there in the Expo Center and I'm very impressed and I’m going to have to take a stop when I go back out to see exactly what that is doing, but it's a very impressive I must say.
We need your help to effectively defend cyberspace. That's why in 2014 we launched this NATO Industry Cyber Partnership. Our goal is to deepen our cooperation as part of a mutually beneficial partnership. That partnership has already begun to bear fruit. Our continuous interaction with industry helps provide rapid notice and mitigation of cyber attacks against NATO and NATO Allies. A number of industry partners take place in NATO's annual cyber defense workshop, where leading experts share information in a trusted setting. This exchange improves our mutual awareness of some of the latest trends and threats.
Working with industry we have developed a Malware Information Sharing Platform, a tool to exchange technical information in real time and believe me, it has already come in handy. The faster information can be shared, the better we are able to prevent, halt or respond to cyber incidents. During the Wannacry incident in May we quickly contacted both Allies and industry partners, the information we exchanged was critical for getting the most up-to-date picture of what was going on. It was a rapidly developing and very complex situation and we appreciate those of you who participated in that exchange of information during that period.
Next month we will run the latest of NATO's flagship cyber defense exercises which are called Cyber Coalition. Industry partners are essential to this exercise, during which we learn about each other's procedures and needs so that we understand how best to work together during a crisis. Looking ahead, we hope to work more on innovation to explore how NATO can benefit from the latest in cutting edge technologies while at the same time helping industry to better understand our needs and our requirements.
With all this talk of cyber attacks, it is important to underline the fundamentally defensive nature of the NATO Alliance. NATO's missions and mandates are always handled in a way that is defensive, proportionate and entirely in line with our international commitments. That applies as much to cyber as it does to any other domain of NATO operations.
NATO exists to protect the almost 1 billion citizens who live within the 29 countries that are members of the Alliance and that most likely includes I would say the majority of you in this room.
When it comes to cyber defence NATO doesn't have all the answers by any means. We rely on knowledge, insights and the ideas that gathering such as this conference can bring.
So yes, there are risks from our dependence on networks, but there are extraordinary benefits too and I don't have to tell you that. We all stand to benefit from a predictable and secure global cyberspace and by working together we can work to shape and protect that future.
So thank you very much for the opportunity to speak with you this morning. I am impressed so far with what I've seen at this conference, well beyond the DeLorean car that's out there, so I do wish you all the best for the success of your discussions on this last day of the conference, and look forward to the next opportunity to speak with you.
Thank you very much.