GovWire

Speech: Deputy Prime Minister, Oliver Dowden's speech at the UK - France Cyber Proliferation conference

Cabinet Office

February 6
14:13 2024

INTRODUCTION

Welcome to Lancaster House.

Our surroundings might be familiar to our French co-hosts, as the interior decoration was inspired by the Palace of Versailles

and they might be familiar to everyone else, as the backdrop to the Netflix series The Crown and Bridgerton.

In the real world, this house has played a role in delivering global peace and security for centuries.

And so it is fitting that we are here today to talk about how we secure our peace and security in the centuries to come

in a world where the challenges we face increasingly come from cyberspace.

I want to start by welcoming the close and dedicated partnership we have had with France on this issue over the last year

and we are delighted to be co-hosting with our French colleagues.

Just as the Olympic torch is passing to France this year, we in the UK are proud to pick up the baton on cyber security

following the excellent conversations you convened at the Paris Peace Forum.

DANGEROUS WORLD

We live in an increasingly volatile world.

State competition national conflicts organised crime domestic terrorism

all of these things are growing and converging, while the established multilateral order is being challenged.

Meanwhile, technology is developing exponentially

and the economic sphere is ever more contested.

In this new dangerous and volatile world, the frontline is increasingly online

where the weapons used are often virtual ones

and online conflict and cyber criminality are becoming increasingly reckless.

Thanks to rapid advances in technology including AI those weapons are becoming cheaper, more widespread, and easier to use.

There is now a growing market for the sort of cyber tools that, in the wrong hands, can be used against ordinary people

to steal from businesses

to carry out crippling ransomware attacks

and to threaten our critical national infrastructure.

That is what I want to focus on today.

These products often have legitimate uses such as for law enforcement and national security but they can also be misused

and increasingly, more actors are getting hold of them.

That opens up this battleground to a whole new world of unaccountable actors

Have-a-go hackers

People who, with minimal barriers, can unleash maximum disruption to individuals, institutions, companies and indeed countries.

THE IMPACT

That is why this matters.

Because what happens in the virtual world has real-world consequences.

It is extremely likely that almost everyone in this room has been the victim of some form of cyber-attack.

Whether it is your data your identity your intellectual property or even your money that has been expropriated

All are now seen as legitimate targets.

And as the commercial market for these tools grows, so too will the number and severity of cyber-attacks

compromising our devices and our digital systems

causing increasingly expensive damage

and making it more challenging than ever for our cyber defences to protect public institutions and services.

If we fail to act, this market will rapidly become a driver for much of the cyber threat we face

beyond just sophisticated and established state actors, and opportunistic criminals.

In this year of elections, in which four billion people - half the worlds population - will vote in what are, often, digital electionswith digital campaigns and digital infrastructure

all vulnerable to digital threats

we must consider the impact upon our democracy too.

SUCCESS SO FAR

We approach this threat from a position of strength, thanks to the work we have already been undertaking.

As part of our work to protect the UK from all forms of cyber attack, I have set ambitious cyber resilience targets for UK critical national infrastructure to meet by 2025

And in December, I launched the Secure by Design Framework for the UK public sector.

Through these efforts the UK Government is embedding cyber security into the heart of our system design.

We are defending our democratic processes by offering technical support to individuals at high risk of targeting

and we are working to better understand and mitigate the threats of AI and disinformation during our elections.

As so often, where new forms of malign influence have emerged, the UK is once again at the forefront of combatting this emergent threat.

Indeed our burgeoning cyber security industry continues to go from strength to strength

with our most recent estimates showing that the sector generates over 10 billion pounds in revenue - third only to the US and China

with exports also growing to over 5 billion pounds.

In the room today I see several faces I recognise from innovative young UK companies

and I know the important role they and others play in making us safer, both online and off.

The Government recognises the huge potential for growth in this industry

and the potential for cyber security to drive growth across all sectors of our economy.

That is why, alongside Michelle Donelan, the Secretary of State for Science Innovation and Technology, I have asked the Rt Hon. Steven McPartland MP to lead an independent review to look at how we can shift the narrative and market incentives around cyber security to make this a reality.

We derive our strength and resilience not only from what we do alone, but what we do with our allies.

So the UK was proud to sign-up to the Joint Statement on efforts to counter the proliferation and misuse of commercial spyware at the 2023 Summit for Democracy last March

and I look forward to furthering that conversation when I attend the 2024 Summit in Seoul next month.

Indeed, when our allies strengthen their defences, our defences are strengthened too.

So we welcome the European Parliaments work on this issue

and we recognise the changes made through international export control frameworks, including the Wassenaar Arrangement.

We further note the recommendations of the Paris Call Working Group on Cyber Mercenaries, and the Cybersecurity Tech Accords.

These represent crucial progress on spyware.

But we must go further if we are to prevent commercially available cyber weapons from being developed and sold, used irresponsibly, or falling into the wrong hands.

A BROADER ALLIANCE

That work starts with building a broader alliance against those who seek to do us harm.

The market for these intrusion capabilities, with its vendors and customers, is very much a global phenomenon

as is the impact of the threats created by malign and irresponsible activity.

Addressing this issue therefore falls to all the states and stakeholders in this room and more besides, in wider, multilateral fora.

Our joint efforts should focus on ensuring that states and industry alike act responsibly in cyberspace

ensuring our robust existing framework of international law and norms are equally applied in the virtual realm.

For governments, we can make a difference, through effective regulation, proper export controls

and working with the market responsibly as a customer, and end user

to develop better safeguards and oversight.

Our partners in industry also have a role to play:

Software providers keeping their products patched, identifying flaws, and working with partners on collective security.

And the legitimate vendors of these capabilities ensuring they have responsible supply chains.

They all have a responsibility to vet and limit their customers

and to exercise caution when considering their use.

Throughout this, civil society will continue to play a vital part, shining a light on the realities of this complex threat.

We should pay tribute to the hard work - often at personal risk, often without fanfare - that organisations and individuals have carried out

they are the embodiment of our resilience

And the UK is committed to supporting these efforts.

I can announce today that we will be enhancing our strategic partnerships with non-profit organisations working on these endeavours

through a one-million-pound uplift to Shadowserver, to help them expand the access they provide to early warning systems, and to cyber resilience support for those impacted by cyber-attacks.

TAKING ACTION

This bigger, broader alliance must come together to agree exactly what the threats are.

The worlds first AI Safety Summit, which the UK Government held at Bletchley Park last year, kicked off a new type of multilateralism for artificial intelligence.

where civil society, industry and nation states came together to build a shared vision of the future.

We will need this same whole-of-society approach when it comes to cyber intrusion.

And so today, I am proud to be joined by my French colleagues, and all of you, in launching the Pall Mall Process,

a new multi-stakeholder initiative through which we will, together

work to tackle the proliferation and irresponsible use of commercially available cyber intrusion capabilities.

Named after the very street on which this house sits.

The scope must be broad

not just looking

Related Articles

Comments

  1. We don't have any comments for this article yet. Why not join in and start a discussion.

Write a Comment

Your name:
Your email:
Comments:

Post my comment

Recent Comments

Follow Us on Twitter

Share This


Enjoyed this? Why not share it with others if you've found it useful by using one of the tools below: