Ministry of Defence
Im delighted to see so many international guests here, over 30 nations, from every corner of the globe.
I doubt even five years ago this type of event would have drawn such an impressive cast list.
It reflects the growing importance of cyber to our world.
You cant come to RUSI, our oldest defence think tank, without a nod to our history.
100 years ago in the skies above the Somme, the world witnessed the first major demonstration of the awesome power of the aeroplane, and 100 years ago the tank was invented.
New technologies, offering combatants, unparalleled reach, unprecedented speed, and destructive power unconstrained by borders or boundaries.
Airpower was the transformative technology of the 20th century warfare.
Were here today to discuss its 21st century successor: cyber power.
The information age has brought huge benefits, its opened up our world, changing the way we bank, book our holidays, order our social life.
But the more reliant we are on electronic networks, the more vulnerable we are to cyber attack.
Our cyber adversaries, can target us anywhere on the planet, not only stealing our information, to exploit, coerce or gain psychological advantage over us, but potentially dealing a sucker punch to our systems, disrupting our armaments or our energy supplies, even our governmental systems.
What gives cyber added potency is its availability. Anyone with a laptop, and a clever bit of open-source, encrypted software, can do us harm.
And any threat we face, state sponsored aggression, global terror, attacks on elections, electoral machinery, media, and other key features of democracy, and lone wolf attacks, can have a cyber-dimension.
Whats more, the threats are growing. Last year GCHQ detected twice as many national security level cyber incidents 200 per month as the year before.
We know hostile actors are already developing and deploying advanced capabilities. Weve seen non-state actors like Daesh using social media to radicalise their followers. And weve watched cyber criminals leaving a trail of destruction in their wake.
Its not only the Yahoo hack, where data was stolen from 500 million people, in the biggest publicly disclosed cyber-breach in history.
Last year, 90 per cent of large organisations reported they had suffered a security breach.
The average cost of the most severe online security breaches for bigger companies starts at almost 1.5m, up 600,000 in 2014.
Virtual threats have physical consequences. Its only a matter of time before we have to deal with a major attack on UK interests.
Thats why, in last years SDSR, cyber was listed as a Tier One threat, up there with terrorism or a major natural hazard.
Yet were not here to scare but to protect ourselves.
How? By learning three important lessons from the age of airpower.
First, we must innovate. 100 years ago pilots on the Somme were flying wooden and canvass aircraft. Now were building fifth generation lightning strike fighters.
Britain is already a world leader in cyber security today. But we cant afford any complacency. Thats why HMG is investing 1.9bn almost double the previous levels of investment to protect the UK from attack, to keep ahead of the curve.
Were already seeing that investment bearing fruit. Earlier this year, I announced the development of a new Cyber Security Operation Centre, bringing together our defensive cyber activity to safeguard our military networks and systems against cyber threats.
This month we launched the new National Cyber Security Centre in Victoria, whose headquarters will be a stones throw from us here in Church House.
Its uniting Britains brightest brains from across Whitehall and the private sector to defend Britains cyber infrastructure.
Today, I can announce were investing 265m in a pioneering approach to root out cyber vulnerabilities within our military platforms and wider cyber dependent systems.
The UK is a world leader in cyber security, and we recognise that cyber risk is one of the greatest threats we face in the modern world.
It is crucial that we innovate and stay ahead of this ever-changing danger. By investing in this programme were helping ensure the UK is fully protected.
But, as our US colleagues would say, this cannot just be about our defence.
It must be about our offence too. It is important that our adversaries know there is a price to pay if they use cyber weapons against us, and that we have the capability to project power in cyberspace as elsewhere.
We must exploit the opportunities cyber presents to deliver military effects. The Government announced a year ago that we are developing capability through the National Offensive Cyber Programme, in which the MOD and GCHQ are close partners.
We also said in the SDSR that our commitment to invest 2% of GDP in defence would help ensure that our Armed Forces will increasingly be able to operate as effectively in cyberspace as they do by land, sea or air.
Since then, we have begun to integrate Offensive Cyber into military planning alongside the full range of military effects.
We will continue to develop and exploit cybers potential to complement and enhance our conventional military capabilities and assets.
This brings me to my second point. We cant operate or develop the right capability without the right skills.
Over the past 100 years, the UK has relied on brilliant aviation pioneers like Sir Thomas Sopwith, RJ Mitchell and Frank Whittle to reach for the skies.
We want to match that conveyor belt of talent in cyberspace. Were not just looking for people with IT expertise.
From Vietnam through to Afghanistan and Iraq, weve learnt perception is nine-tenths of the war.
Today hostile actors and agents see cyber as a way of controlling the narrative. We need to combat their lies with faster truth.
Thats why weve set up 77 Brigade and 1st Reconnaissance Brigade, learning new ways to improve information flows, influence capabilities, counter hybrid warfare techniques, and improve battlefield intelligence.
The pioneering techniques of our cyber soldiers will influence our whole Armed Forces. Were also giving thought to the next generation of online warriors.
To continue recruiting the best people, weve created a bespoke test to identify military personnel with an aptitude for cyber work.
The Defence Cyber Aptitude Test assesses an individuals cognitive abilities through a number of advanced challenges.
Were currently rolling the test out now in our technical training programmes. In the meantime, were making sure all our staff have a cyber schooling by establishing a new Defence Cyber School, based at our Academy in Shrivenham.
My final point is this, just as NATO Allies work together to secure Europes skies, as the UK has policed the airspace of the Baltic region this year to counter Russian belligerence, we require similar global partnerships, to address a cyber threat, that knows no bounds.
Im proud the UK already enjoys strong bi-lateral relationships in this area.
With our French friends, were using our new Combined Joint Expeditionary Force, to reinforce our 2* Military Cyber Co-ordination Group, sharing best practice to improve the defence of our military IT networks, and train cyber specialists.
Were also tightening our ties with our US partners and last month when Secretary Carter visited, we signed a memorandum of understanding, building on our existing partnership by enabling collaborative research and development, and greater information sharing on offensive and defensive cyber capabilities.
And we work closely in this area with our other allies in the Five Eyes Intelligence network, Australia, Canada and New Zealand.
But an effective response to the dangers of cyber requires all NATO nations to step up.
Were only as strong as our weakest link. Britain is doing her bit. We are leaving Europe, but were also stepping up our commitment to European and Alliance cyber security.
Thats why we advocated all NATO nations at the Warsaw Summit sign the Cyber Defence Pledge, and agree to strengthen our cyber defences, our national infrastructure and networks, as a matter of priority, to ensure the Alliance is strong and resilience in the face of cyber threats.
Britains commitment to spending a minimum of 2% GDP on defence means we can invest in a military that is cyber trained, cyber secure and cyber enabled, with the ability to fight in every domain in any future conflict.
At Warsaw, the UK advocated NATO recognition of cyber as a domain of operations in which it must defend itself as effectively as it does in the other domains.
This recognition will bring more effective organisation of skills and resources, integration of cyber defence capabilities into operational planning, protection of our deployed forces, and an improved NATO ability to maintain freedom of action across the global cyber commons.
Yet perhaps its greatest contribution will be to enlarge our understanding of the terms of engagement.
One of the most devastating effects of cyber weaponry is its capacity to deepen the fog of war, to add additional layers of ambiguity to the actions of an aggressor.
So, as NATO reaffirms the relevance of international law in cyber space, we must be clear that cyber could constitute an armed attack, while preparing our full spectrum response, and considering what sort of political or public support will be required by such a response.
Just as we must also think more closely about the impact cyber will have on the