Speech

by Deputy Secretary General Mircea Geoană at NATO’s 2024 Cyber Defence Pledge Conference in the Hague

  • 17 May. 2024 -
  • |
  • Last updated: 17 May. 2024 14:23

(As delivered)

Thank you so much. Good morning, everyone. Best regards from our Secretary General and the leadership of NATO to all of you, our nations, our permanent representatives, the NATO enterprise, our partners: it's a privilege to be here today. And also, a huge honour and a deep sense of gratitude and friendship to the ministers, to Minister Kajsa Ollongren and Minister Luminița Odobescu. I think it's a great example that the Netherlands and Romania are hosting together this very important event, because your two countries are both vital for NATO cybersecurity. The Netherlands boasts a strong cyber ecosystem of cyber defence stakeholders. You are making real progress in boosting recruitment of a skilled cyber workforce through government traineeships, cyber reserve programmes, and retraining initiatives. And Romania, the new cyber command will become fully operational later this year, strengthening the resilience of military networks. I'm also saluting the representatives of Romania working in this very important field. Bucharest also hosts the European Cybersecurity Competence Centre, working to build a strong cybersecurity community and highlighting the importance of the NATO-European Union partnership. 

We all know the importance of cyber in safeguarding our security. Every nation represented here has been the focus of cyber-attacks, and is most likely being attacked in some way right now, as we speak. The targets: our militaries, our governments, our corporations and private sector, our infrastructure, but in essence, our democracy. Earlier this month, the North Atlantic Council condemned Russian cyberattacks against Germany, the Czech Republic, and other allies, targeting political parties and democratic institutions. American, British, and Canadian agencies have warned of Russian hacker groups, linked to Russia's GRU, targeting infrastructure, including water treatment plants in Texas and Indiana, Poland and France. Recently, there was a sustained attack on a European port. Had they succeeded, they would have brought the port to a standstill and disrupted supply chains across the European continent. 

Our adversaries are increasingly defying international norms and using cyber and hybrid operations against us. Hackers have burrowed deep into our critical infrastructure, including telecommunications, energy, water and other critical sectors, potentially gaining the ability to wreak havoc at a time of their choosing. And of course, since long before the ground campaigns started, Ukraine has been the target of a large scale and ongoing cyber campaign. The same things happen against the Republic of Moldova with a very important referendum and presidential elections in the next few months. We saw this when the Ukrainian communications were knocked out on the day of the invasion by an attack on its satellite network. And it seems then, with data-wiping attacks on Ukraine's government, commercial and energy sectors, and attacks on its transport networks. 

There is no peace in cyberspace. It is a constantly contested domain, where the line between peacetime, crisis, and conflict, simply does not exist as it does sometimes in the physical world. But like the physical world, the impact of cyber-attacks can be as potentially catastrophic for those under attack. That is why NATO takes cyber so seriously. It is a key part of our collective defence. Cyber activities, or the culmination of cyber activities, can trigger Article 5 of the Washington Treaty; an attack on one ally is an attack on all. And we exercised against those options. Cyber is now a domain of operations, just like land, sea, air and space, and a number of Allies have offered to NATO the use of their national cyber effects, and I want to thank you, and encourage more of the Allies to do the same. NATO also conducts regular exercises, including our flagship cyber coalition exercise, the biggest cyber exercise in the world. And in 2016, Allies signed the Cyber Defence Pledge. It is what brings us together today, and what is driving forward the efforts of our whole Alliance. Through the Pledge, Allies commit to strengthen and enhance their national networks as a matter of priority. 

The Pledge itself, and you can read it on the website, is a high-level agreement. It includes commitments to strengthen Allied cyber defences, develop national capabilities, and properly resource this vital work. But beneath those general commitments, there is a huge amount of detail work that is in your hands. The hands of our professionals, of our militaries, of our intelligence, of our superb ecosystem of talent that we have across the Alliance and together with our partners. At the Vilnius Summit, Allies agreed to enhance the Pledge to include a minimum baseline and start tracking cyber maturity. For the first time ever, the enhanced Cyber Defence Pledge questionnaire offers a quantifiable measure of current Allied cyber defences. Allies have given detailed, line by line information, as to what they're doing, what are their capabilities, and most importantly, where are the gaps. This gives us a baseline, a clear picture of where Allies are now, and indicating the further steps that need to be taken. The Pledge also provides a maturity model, a pathway for Allies to follow to get to where they need to be. This data will mean Allies can focus resources efficiently, precisely where they are needed most. We can see where Allies are doing well, and where more support is needed. But the Pledge is not just a technical exercise. We also have much to do to make it operational, and we agree needs to be done. So this is the essence of the political and practical synergy that we need to achieve together. 

In cyberspace, as in any of the other domains, our Alliance of 32 nations is only as strong as our weakest link. So just as we work hard to make sure our armies, our navies, and our Air Forces are compatible, capable, and have the right number of highly skilled staff, so too must our cyber defence forces. This is about how we organise our militaries. When it comes to cyber, as with all these rapid technologies, and I salute David Van Weel and his team, it is the private sector, and not the military, that is in the driving seat. So the question is, how do we ensure the military remains a part of the picture? How do we benefit from the extraordinary innovation happening in industry, and from the vast amount of innovation intelligence collected by industry? And yes, how can we make sure that we adopt and instil in everything we do, the huge advance of technology in the private sector? That's another challenge that we are facing together across our great Alliance. 

Over the last 30 or more years, the tech industry has developed in peacetime with a peacetime mindset. But times have changed. We need a new mindset. While we are not at war, we are in a new era of strategic competition, that is likely to stay with us for some time, and has the potential to quickly transform into a crisis, or even a conflict. So how, if the time comes, does the military support or take the lead in such a situation? The key here is to make the maximum use of NATO as a platform, fully respecting what individual Allies do at the national level. But for information sharing, for policymaking, for decision-making, for strengthening all the Allies in all corners of our great Alliance, NATO is the ideal platform to do that. And we encourage all Allies and our partners to make full use of our convening power in NATO. One of the big deliverables on this important topic, the Washington Summit, now just weeks away, and I know how much all of us work to make it a great success, will be our work to strengthen civil military cooperation at all times through peacetime, crises and conflict; recognising and responding to what we see across the cyber threat landscape. And it's vital we continue the conversation. Continue the progress. Build on the progress we have, and never relent. 

After the Summit, including the National Cyber Coordinators meeting in the United Kingdom on the 26th and 27th of November, a beautiful new political product of NATO 2030. And as we move forward towards NATO's next summit here in The Hague next year—and I think it's a sort of a dress rehearsal, our conference today—and I salute the offer of our Dutch friends and Allies for hosting our next Summit. And it's vital we continue this conversation also with our partners, as I mentioned before, but no matter how ambitious we are in defending cyberspace, we can never lose focus on strengthening our resilience against cyber threats. And this conversation and the work of the National Cyber Coordinators sometimes overlaps with the National Resilience Coordinators' work. We should not work in silos. It's a continuum of threats to our security. 

This is why the Pledge plays a huge role in driving action by Allies, and the understanding that a huge amount of resource and investment needs to be dedicated to it. In a way, this important conference is informing the national governments and the treasuries of the investment we need to make individually and collectively. Because having strong national cyber defences means we can be more proactive and again use NATO as a platform to enhance the resilience of the Alliance as a whole, with greater situational awareness across a trusted community. Only once we improve our cyber defences, we can get ahead of our rivals: not only reacting to events in cyberspace, but actively shaping cyberspace.

It's not only NATO Allies that are adopting the Cyber Defence Pledge. Our partners, and again I salute our partners, are using the Cyber Defence Pledge questionnaire as a tool to track their own cyber defences. In other words, NATO Cyber Defence Pledge has become a global instrument for helping nations to improve their national cyber resilience. It is an important step today and it's my pleasure to welcome 18 NATO partner nations to the Cyber Defence Pledge Conference for the first time. This is great to be together with all our partners and to discuss our shared challenges in cyberspace and seek opportunities to cooperate on areas of shared interest. And in September, in Sydney, NATO will co-host with Australia the Cyber Champions Summit, bringing together high level national cyber policy coordinators from NATO Allies and our very close Asia Pacific partners, that for the third time in a row will be attending at the highest-level NATO Summits, like we had in Madrid, in Vilnius, and now in Washington.

Cyber is something that our partners most request from Allies. Our vulnerable partners in the East, our Southern partners, and our partners in the Indo Pacific all ask for our support with cyber. So, I encourage all Allies to be open to these requests, and help us all become stronger and more resilient in cyberspace. And as I urged Allies to invest more in cyber resilience, I think we have to be open to the request that our partners make to us, because strengthening their resilience in cyber is also strengthening our collective resilience as an Alliance. Ladies and gentlemen, we may be short on time, but we must be big on ambition.

I'm very privileged to be here to represent the Secretary General, another great leader of our Alliance, and Admiral Rob Bauer, who, together with Secretary General was hosting yesterday the Military Committee. They talked also about adaptation in NATO and in a way these two events are really complementing each other on the way to the Washington Summit at the 75th anniversary of our Alliance. NATO has, in our DNA, the gene of permanent adaptation to a changing security landscape. What we do today in The Hague is just another proof of the reigning reason why this Alliance is so successful overtime and overtime again.

It is my privilege to be here. I wish you the best of luck and again to our two host nations, the Netherlands and Romania: our deepest appreciation for your common work. Thank you so much.