by NATO Secretary General Jens Stoltenberg at the Cyber Defence Pledge Conference, London
Foreign Secretary Hunt,
Ladies and Gentlemen,
Let me first thank the United Kingdom for hosting this second conference on the Cyber Defence Pledge.
The United Kingdom has been strongly committed to the Pledge ever since we made the pledge at the Summit of Leaders and Heads of State and Governments in Warsaw in 2016.
And the UK has played a crucial role in making cyber a priority for our Alliance.
Hosting this conference here in London, at the National Cyber Security Centre, is a testimony to the strong commitment and the the leadership of the UK in the cyber domain.
This Centre is a model for national coordination, bringing together the best expertise to tackle a growing threat.
Ladies and Gentlemen,
Cyber-attacks can be as damaging as conventional attacks. A single attack can inflict billions of dollars’ worth of damage to our economies, bring global companies to a standstill, paralyse our critical infrastructure, undermine our democracies and have a crippling impact on military capabilities.
Cyber attacks are becoming more frequent, more complex and more destructive. From low-level attempts to technologically sophisticated attacks. They come from states, and non-state actors. From close to home and from very far away. And they affect each and every one of us.
NATO is not immune. We register suspicious events against NATO cyber systems every day. And cyber threats will become more dangerous with the development of new technologies. Such as artificial intelligence, machine learning and deep fakes.
These technologies are fundamentally changing the nature of warfare. As much as the industrial revolution did. NATO is adapting to this new reality.
NATO leaders have agreed that a cyber attack could trigger Article 5 of our founding treaty. Where an attack against one Ally is treated as an attack against all. NATO has designated cyberspace as a military domain.
Alongside land, sea and air. And at our Summit in Brussels last year, we agreed to establish a Cyberspace Operations Centre. At the heart of our military command structure. And we have agreed to integrate national cyber capabilities or offensive cyber into Alliance operations and missions. All of this has made NATO more effective in cyberspace.
The Cyber Defence Pledge is helping Allies boost their defences. They have strengthened their cyber capabilities, they have improved their legal and institutional frameworks, and they have increased the resources – people and money - devoted to confronting cyber threats.
As a result, we are tackling increasingly complex cyber threats faster and more efficiently. And we are more aware of the threats, more resilient to incidents. None of the attempts against NATO systems have compromised our networks. And none have affected our secure operations.
So Foreign Secretary, as you have just said, we also need to consider how we can deter attacks in cyberspace.
Part of the answer is in attribution. Cyber attackers must know that they will be exposed. As was the case last October, when authorities in the Netherlands, with the help of British experts, foiled an attack by Russia on the Organisation for the Prohibition of Chemical Weapons in The Hague.
So Allies must be prepared to call out attacks.
And when needed, we must be ready to use our cyber capabilities to fight an enemy.
As some NATO Allies did, not least the UK, successfully in the campaign against ISIS in Iraq and Syria.
By using national cyber effects – or offensive cyber, they suppressed ISIS propaganda, degraded their ability to coordinate attacks,
and disrupted their recruitment of foreign fighters.
For deterrence to have full effect, potential attackers must know that we are not limited to respond in cyberspace when we are attacked in cyber space. We can and we will use the full range of capabilities at our disposal.
NATO leaders will meet here in London on 3-4 December. At this summit, bolstering our cyber defences and resilience will be a top priority. That is why I have convened a meeting of National Security Advisers at NATO Headquarters next week. This meeting will be the first of its kind for the Alliance. It is a recognition that hybrid threats, including cyber threats, need a whole of a government response.
It takes just a ‘click’ to send a cyber virus spreading across the globe. But it takes a global effort to stop it from inflicting chaos.
For 70 years, NATO has kept our people safe in the physical world. Now NATO needs to do the same in the cyber world.
To do that, we must keep the technological edge. And ensure we harness the potential benefits of new technologies. While minimizing any possible risks.
So our engagement with industry will become ever more important as technologies develop. Industry creates, innovates and operates.
NATO is making sure that Allies invest more in defence. And that they invest in the capabilities and technologies we need.
But cyber goes beyond technology.
The people behind the technology are just as important. We need to build a strong and diverse workforce of future cyber defenders.
For this, we must be smart about recruitment, and think about how to retain these highly skilled experts.
And ensure these skills are kept sharp through regular exercises, as we do through Cyber Coalition – one of the largest cyber defence exercises in the world.
That is why, in this conference, we are focusing on education and on training.
And Allies are taking innovative steps. A few examples are a Tech Academy in Luxembourg, student cyber competitions in Estonia, and the ‘CyberFirst’ programme here in the UK. These national initiatives contribute to NATO. And enable us to secure our cyber defence in the future.
At the same time we have to look beyond NATO. We all stand to benefit from a norms-based, predictable, and secure cyberspace.
So we have stepped-up our cooperation with the European Union. Together we uphold the international rules-based system, also in cyberspace. And together we promote stability and reduce the risk of conflict.
So Ladies and Gentlemen,
NATO is the most successful Alliance in history.
Because we have always been able to change when the world is changing.
And that is precisely what we are doing now.
When our security landscape is defined by new and emerging technologies.
We adapt to those changes and to those challenges.
By doing so, NATO will remain an anchor of peace and stability for generations to come.
So thank you very much and all the best with this conference.
Thank you, Secretary General, and welcome to the Foreign Secretary back to this stage. I think we’ve got time for a couple of questions from the floor and from the media. I think the first question is from the Ambassador from the Czech Republic. Sir? A microphone is on its way.
Question: Thank you very much, sir and Foreign Secretary General. This is very impressive I’ve paged through your annual report 2018 and what you have achieved in those two / three half of the years is really immense and thank you for your leadership in the alliance and it was mentioned several times now. We’ve been attacked by our enemies in terms of critical infrastructure in terms of indeed military communication etc. That’s one side of the situation, the other side of the situation is that I believe that the more and better protected resilient we will have our critical infrastructure the more the enemies will focus on the mind of our societies. And here, indeed, the aim is to undermine the trust, the mutual trust, to undermine also the credibility of the government etc, etc – you mentioned that. Now, a critical moment in that respect is public awareness, education, making people understand the challenge so if you could develop on this side of the challenge. Thank you.
Jeremey Hunt: Let me go first on that one. I think the crucial thing to understand is that out opponents have developed a new strategy. One of the greatest strengths of the NATO alliance has been our leadership on values, our shared democratic values, our belief in an open society and that’s always been our secret weapon and for years authorisation societies have said all this stuff about values it’s just a cover for your core national interest, it doesn’t really amount to anything. But, they’ve found a way to attack that values leadership, which is by shaking the confidence of our own populations in democratic processes through activities on cyberspace where it is possible to influence what people think by use of social media platforms and a range of other techniques and so, that’s why I think this conference is incredibly important because we are now coming together and we’re recognising that we have to find a way to protect the confidence of our own populations in our own values, which are increasingly being threatened and one of the ways…the easiest ways to do that is to damage the credibility of elections and just to say look these are all being manipulated by different sources and the gap in my view, and I think we share this view is that what we don’t yet have is a proper deterrence strategy, which has been so effective in the nuclear field but, of course, it has to be quite different in cyber and the way we approach it. It can’t be symmetric deterrence and so we have to figure out a way to do it that is different but, make sure that people know that if they try there will be a price to pay and that price will be too high.
Jens Stoltenberg: Just, first of all I’m in full agreement second, just to add one reflection I think that to protect ourselves against any attempts to interfere in our democratic processes use cyber space to undermine our democratic institutions that’s part about technical measures to increase the technical defence of our systems and we are doing a lot to improve those defences as NATO and as allies and together. But, it’s as you mentioned not only about technical measures to protect our systems against hacking or cyber attacks but is also very much about awareness. And awareness is something we can increase by conferences like this. We can increase awareness by exposing the attacks and I think that’s extremely important that we are transparent and that we expose them when we see them. And also, through exercises and many of the people in this room have participated in the recent NATO exercise and I think we learn a lot from that about awareness and to fully understand that the gravity and the seriousness of cyber-attacks. So it’s important that NATO allies and NATO exercise but we need a whole of government approach so not only military structures but also civilian structures, institutions are exercising increasing awareness improving their understanding of the potential threats in cyber space.
Thank you both. I think we have a question from the Ambassador from Norway:
Question: Thank you and thank you to both of you for sharing your thoughts on such an important topic. I have a question that primarily would go to Foreign Secretary Hunt – you spoke about cyber deterrence could you say a few words on the role of resilience in deterring preventing and stopping cyber-attacks?
Jeremy Hunt: Absolutely. So I think that the very first step in this process is to reduce our vulnerability and that’s why I think the work of the NCSC and occurrence leadership is very, very important and we should never underestimate our ability to remain one step ahead of our opponents in terms of the things that they are likely to consider trying and we need to continue to invest in that. But, combined with that increased resilience, I think resilience has been the area that we’ve actually made the most progress on in recent years. I think we agree significantly more resilient than we were five years ago and I think all the people in this room, all the NATO allies deserve an utmost credit for that. But, I think we also then have to go one step further and say that it isn’t just resilience it’s also changing the calculations of your opponents as to whether they wish to try this in the first place. And if I can give you an example of where I think we’ve changed those calculations. It is the very successful response which NATO played a very, very important role in a response to the chemical weapons attack in Salisbury, which I think Russia thought that they would get away with. And the fact that there was the largest ever expulsion of Russian diplomats / spies from around the world will have done something to change their calculations in terms of what they choose to do in future because I think in the quieter moments in the Kremlin they will think that they probably paid too higher price for what they decided to do in Salisbury. So we have to think about those calculations now in a smart way. It can’t be the same as other deterrent strategies, you know, it’s going to be asymmetric and not always going to respond to a cyber threat with a cyber response. But, we need to go that extra stage because I think that’s been at the heart of NATO success in other areas.
Jens Stoltenberg: Again, I agree but let me just highlight that resilience is of course a national responsibility and different nations make sure that they have resilient systems infrastructure in different ways, at the same time I think we need to look into how we can develop more and strong common approaches and understanding of what we mean with resilience. We have the resilience pledge not the NATO pledge, which is actually addressing, I think it is several different areas where we have created guidelines and in the light of what we now see in cyber space and also other technologies I think that it’s an argument for us looking into whether we can strengthen and develop a stronger common understanding some kind of minimum standards for what is resilience. Because we are faced with the same threat, the same technologies, the same challenges across borders and across countries. These are one of the dilemmas we face in all international institutions and in NATO what is a national responsibility and what should we decide and develop on the international level. I’m not able to tell you exactly where that balance goes but at least I think it’s extremely important when you now are looking into how to strengthen the resilience.
Thank you. Moving to media colleagues I think we have a question from Roland at Sky News?
Question: Can you hear me? Roland Manthorpe at Sky News. Foreign Secretary, President Trump is going to be here next month with your strong warning on Russian manipulation in elections and reported tolerance for 5G. Is the UK diverging from the Trump administration on cyber and when he does come who do you think will be Prime Minister?
Jeremey Hunt: Teresa May will be Prime Minister to welcome him and rightly so and we are absolutely at one with the United States on the threat of cyber. I had substantial discussions with Secretary Pompeo when he came to London very recently on this issue and we all agree on exactly the message that we’ve been talking about this morning which is that the thing we must not allow to happen is for hostile States to damage the fabric of our democracy by reducing public confidence in the functioning of elections and United States is acuity aware of that because of their own experience but, actually, there are many many European countries that share those concerns. And when it comes to decisions about 5G as I have said many times we would never take any decision that either threatened our national security or our intelligent sharing capabilities.
I think we’ve time for a final question from Kim Sengupta at The Independent. Kim?
Question: Foreign Secretary and Secretary General you have both expressed your concern about the hostile cyber activity of Russia. You’ve stressed a need for Europe and NATO to have a strategy of common front to confront it. I just wonder how effective that is going to be with the rise of populist government within NATO who appear to be sympathetic to approving of Russia and Mr Putin and expect the success of populist parties with the same kind of views in the European elections and a quick supplementary Foreign Secretary, to you, you’re seeing the Prime Minister this afternoon. What will you be advising her?
Jens Stoltenberg: I can start on the first part of that question [laughter]. Because I think that you refer to the rise of populist parties and we are an alliance of 29 democracies and there are different parties and there are different views and there are actually a lot of disagreements within nations and between nations on many different issues. But the strength of NATO is that despite all these differences we have seen again and again that NATO is able to unite around our core post to protect and defend each other and what we now see when it comes to cyber defence is yet another example of that unity, our ability to deliver collective defence, our ability to stand together despite differences. And we have seen that now in cyberspace we had a remarkable increase in our capabilities to defend our networks to stand together, to integrate offensive cyber intermissions and operations and we have done that over the last years. And I totally agree with the Foreign Secretary that I think Russia has underestimated the unity of our alliance. He refer to the attacks or the use of a chemical agent in Salisbury but, I think if we look at what Russia has done over the last years in Crimea, in Donbass and elsewhere, they didn’t expect that NATO would react in this firm and united way we have done. With increased readiness of our forces, with for the first time in our history deploying forces to the eastern part of the alliance, with the economic sanctions which have been there year after year. And now what we see in cyberspace we are also willing to expose what they are doing. So, while we are 29 different democracies, people vote for different parties and they have done so for the 70 years NATO has existed but for all those 70 years we have proven that despite the differences, we are able to deliver strong collective defence and I am absolutely certain we will be able to do that after the EU elections this weekend.
Jeremey Hunt: Well I’m sorry to disappoint you in terms of the answer to your second question but, I mean, all discussions between the Foreign Secretary and the Prime Minister should remain confidential and I’m not going to change that this morning. But with respect to the first question I think that the fact that NATO is an alliance of countries with different parties in control, different philosophies of ruling parties, is also a sign of the strength of our belief in democratic values and our belief that in every country the people who run the country should be decided by the people who live in the country and it is true that there is a spectrum of views as to the degree of friendliness or the degree of suspicion with which we should hold President Putin and his intentions, but I have never encountered anything other than total unanimity behind the view that the electoral processes of any country, any democracy must be sacrosanct and we need to be very, very robust with countries that seek to interfere with those processes.
I think that’s all we have time for, Foreign Secretary, Secretary General. Thank you for those excellent contributions to this most important of events we are honoured by your presence and I just invite the audience to express their gratitude for your being here. Thank you.