by NATO Deputy Secretary General Mircea Geoană at NATO Cyber Defence Pledge Conference 2021
Thank you Mr Matt.
Dear Prime Minister Kallas, dear Kaja,
Ladies and gentlemen.
It is a pleasure to join you at the Cyber Defence Pledge conference.
This year marks five years since Allies signed the pledge at our Summit in Warsaw.
Let me start by expressing, on behalf of Secretary General Stoltenberg and myself, our deep thanks to Estonia for hosting this conference.
You have been a strong supporter of our efforts in cyber defence since the very beginning.
And you truly are a digitalised nation.
You host the NATO Cyber Defence Centre of Excellence.
As well as the NATO Cyber Range - an important tool to make sure our skills keep pace with technology.
And at the end of last year, you hosted virtually the Cyber Coalition, one of the largest cyber defence exercises in the world.
This all demonstrates Estonia's leadership in cyber defence, something we very much need in this digital age.
This past year, we have seen many security threats and trends accelerate.
Perhaps nowhere more so than online.
Around the world, unprecedented numbers of people have been working, communicating, shopping and socialising from home.
On screens instead of face-to-face.
And relying on the internet to obtain information.
This rapid shift in our culture means we have to pay even more attention to our personal safety online, to the security of our critical infrastructure and to the stability of our democratic system.
Because the number of cyber-attacks is growing.
They target our people, our businesses, and ultimately, our societies. And they attempt to undermine trust in democratic processes and institutions.
Throughout the pandemic, there have been ransomware attacks on hospitals and other healthcare services, including in the Czech Republic, France or Germany.
These attacks disrupted critical care for patients in so much need and strained our medical experts' ability to respond during a crisis. And Allies have condemned this destabilizing and malicious cyber activities.
The attack on the American IT company, SolarWinds, led to 'back doors' inserted into a huge number of companies and government agencies around the world.
Russia and China have tried to use the COVID-19 crisis to exploit vulnerabilities, including those in cyberspace, with cyber-enabled disinformation campaigns, designed to sow distrust and division in our democratic societies.
This trend is not slowing down, but on the opposite, is only likely to accelerate, especially with the development of new technologies, including 5G.
So we need to be prepared.
Able to resist and quickly recover from any sort of cyber-attack.
For this, NATO and all Allies must continue to adapt, to ensure we are as safe and resilient in the digital world as we are in the physical one.
And this is what we are doing.
Since we adopted the Cyber Defence Pledge in 2016, we have come a long way.
We agreed that a cyber-attack could trigger our collective defence clause, Article 5.
We designated cyberspace as a military domain, alongside land, sea, air, and now, space.
We also agreed to integrate national cyber effects - known as "offensive cyber" - into Alliance operations and missions – increasing our response options.
And we have established a new Cyber Operations Centre to improve our situational awareness and better coordinate our operations.
Just last December, thanks to Estonia's support, we successfully conducted our annual flagship exercise, Cyber Coalition.
Because of COVID-19, we moved the entire exercise online.
But this demonstrated our ability to leverage technology in order to continue to core activities and tasks.
The exercise also tested our ability to solve cyber challenges together, as quickly as possible.
Individual Allies are also further boosting their national cyber defences in line with the commitment they made in the Cyber Defence Pledge.
Since 2016, they have taken significant steps to strengthen their cyber capabilities, improve their legal and institutional frameworks, and increase the resources devoted to confronting cyber threats.
Most recently, we have seen that cyber resilience and capabilities are central to the United Kingdom's Integrated Review of its foreign and defence policy.
In the United States, more than 1.6 billion US dollars of the COVID Recovery Plan is earmarked for critical IT infrastructure and national cyber security.
Germany's recent IT Security Act 2.0 reflects the growing importance of cyber.
And from Luxembourg to Slovakia to Turkey, nations are ramping up legislative and practical measures to increase our collective resilience.
But even as an Alliance of 30 nations, we cannot secure – let alone shape the future of cyberspace alone.
It takes a global effort.
This is why we need to cooperate and engage even more closely with like-minded partners from around the world.
Nations and other organisations such as the European Union, the UN and the OSCE. And the OECD on emerging and disruptive technologies.
But also with the private sector and academia.
Because so often these days, new technologies are driven not only by governments, but mostly by private, civilian companies. And we need to continue to nurture our unique innovation ecosystem, all the way from the Baltic to the Black Sea, all the way to Silicon Valley.
Together, we can better grapple with the opportunities and the dangers posed by new and disruptive technologies.
We can better promote stability and reduce the risk of conflict in cyberspace.
And together, we can better ensure the global rules and norms of cyberspace, and to ensure they are shaped by our values of freedom, our values of democracy and the rule of law.
Not by authoritarianism, censorship or control of your own citizenry.
NATO is ideally placed to facilitate discussion and support for the rules, standards and norms governing the security of cyberspace, and to coordinate resources to see that those rules are upheld.
NATO already acts as a platform for Allies across Europe and North America to coordinate their response to malicious cyber-attacks.
Allies have publicly condemned these destabilising and malicious cyber activities, and we have called for the respect of international law and norms of responsible behaviour in cyberspace.
We do this because we all stand to benefit from a more predictable and secure cyberspace.
Now, looking ahead, enhancing our resilience and leveraging technology will be key to a strong Alliance in a more competitive world.
These are essential elements of the NATO 2030 initiative, which will be at the heart of the upcoming NATO Summit later this summer.
On resilience, we should adopt clearer and more measurable national resilience targets to ensure minimum standards among Allies – including in the cyber domain. Because we are only as strong as our weakest link.
We should also conduct an annual review of vulnerabilities in Alliance in critical infrastructures, in technologies, so that we can better address these vulnerabilities before any potential adversaries would try to exploit them.
On technology, we are developing a NATO defence innovation initiative, in order to preserve the edge and the prevention of a gap between Allies when it comes to technological innovation.
This starts with better leveraging emerging and disruptive technologies, using those to improve our defences, including in cyberspace, and harnessing the benefits for our citizens and our societies.