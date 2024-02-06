presentation

Welcome to Lancaster House.

Our surroundings may be familiar to our French co-hosts, as the interior decoration was inspired by the Palace of Versailles

and they may be familiar to everyone else, as the background of the Netflix series The Crown and Bridgerton.

In the real world, this house has played a role in providing global peace and security for centuries.

And so it is fitting that we are here today to talk about how we ensure our peace and security for centuries to come.

in a world where the challenges we face increasingly come from cyberspace.

I want to start by welcoming the close and committed partnership we have had with France on this issue over the past year

and we are delighted to be co-hosting with our French colleagues.

As the Olympic torch is passed to France this year, we in the UK are proud to take up the cyber security baton

after the excellent talks you held at the Paris Peace Forum.

DANGEROUS WORLD

We live in an increasingly unstable world.

State competition, national conflicts, organized crime, domestic terrorism

all these things are growing and converging, while the established multilateral order is being challenged.

Meanwhile, technology is developing exponentially

and the economic sphere is increasingly contested.

In this dangerous and volatile new world, the front line is increasingly online

where the weapons used are often virtual ones

and online conflict and cybercrime are becoming increasingly reckless.

Thanks to rapid advances in technology, including AI, these weapons are becoming cheaper, more widespread and easier to use.

There is now a growing market for the kind of cyber tools that, in the wrong hands, can be used against ordinary people.

to steal from businesses

to carry out damaging ransomware attacks

and to threaten our critical national infrastructure.

That's what I want to focus on today.

These products often have legitimate uses such as law enforcement and national security, but they can also be misused

and more and more actors are catching on to them.

This opens up this battlefield to a whole new world of irresponsible actors

Hackers hackers

People who, with minimal hindrance, can unleash maximum disruption on individuals, institutions, companies and indeed countries.

iMPACT

That's why this matters.

Because what happens in the virtual world has consequences in the real world.

It is very likely that almost everyone in this room has been a victim of some form of cyber attack.

Whether it's your data, your identity, your intellectual property or even your money that has been expropriated

All are now seen as legitimate targets.

And as the commercial market for these tools grows, so will the number and severity of cyberattacks

compromising our digital devices and systems

causing increasingly expensive damage

and making it more challenging than ever for our cyber defense to protect public institutions and services.

If we fail to act, this market will quickly become a driver for much of the cyber threat we face

beyond sophisticated and determined state actors, and opportunistic criminals.

In this election year, in which four billion people – half the world's population – will vote in what are often digital elections with digital campaigns and digital infrastructure

all vulnerable to digital threats

we must also consider the impact on our democracy.

SUCCESS SO FAR

We approach this threat from a position of strength, thanks to the work we've already done.

As part of our work to protect the UK from all forms of cyber attack, I have set ambitious cyber resilience targets for the UK's critical national infrastructure by 2025

And in December, I launched the Secure by Design Framework for the UK public sector.

Through these efforts, the UK Government is putting cyber security at the heart of our system design.

We are protecting our democratic processes by providing technical support to individuals at high risk of being targeted

and we are working to better understand and mitigate AI and disinformation threats during our elections.

As so often, where new forms of malicious influence have emerged, the UK is once again at the forefront of combating this emerging threat.

Indeed, our emerging cybersecurity industry continues to go from strength to strength

with our latest estimates showing the sector generates over £10bn in revenue – third only to the US and China

with exports also rising to over £5 billion.

In the room today I see some familiar faces from the UK's innovative young companies

and know the important role they and others play in making us safer, both online and offline.

The government recognizes the huge potential for growth in this industry

and the potential for cyber security to drive growth across all sectors of our economy.

That is why, together with Michelle Donelan, Secretary of State for Science Innovation and Technology, I have asked the Rt Hon. Stephen McPartland MP to lead an independent review to see how we can shift the narrative and market incentives around cyber security to make this a reality.

We derive our strength and resilience not only from what we do alone, but from what we do with our allies.

So the UK was proud to sign up to the Joint Declaration on Efforts to Counter the Spread and Misuse of Commercial Spyware at the 2023 Summit for Democracy last March

and I look forward to continuing that conversation when I attend the 2024 Summit in Seoul next month.

Indeed, when our allies strengthen their defenses, ours also strengthens.

So we welcome the work of the European Parliament on this issue

and we recognize the changes made through international export control frameworks, including the Wassenaar Agreement.

We further note the recommendations of the Paris Call Working Group on Cyber ​​Mercenaries and Cyber ​​Security Technical Arrangements.

These represent substantial progress in spyware.

But we must go further if we are to prevent commercially available cyber weapons from being developed and sold, used irresponsibly or falling into the wrong hands.

A WIDER ALLIANCE

That work begins with building a broader alliance against those who seek to do us harm.

The market for these intervention capabilities, with its vendors and customers, is a global phenomenon

such as the impact of threats created by malicious and unaccountable activity.

Therefore, it is up to all states and stakeholders to address this issue in this room, and more so, in broader, multilateral forums.

Our joint efforts must focus on ensuring that states and industry act responsibly in cyberspace

ensuring that our existing strong framework of international law and norms are applied equally in the virtual realm.

For governments, we can make a difference, through effective regulation, appropriate export controls

and working with the market responsibly as a customer and end user

to develop better protection and supervision.

Our industry partners also have a role to play:

Software vendors keep their products patched, identify flaws, and work with partners for collective security.

And legitimate sellers of these skills ensure they have responsible supply chains.

They all have a responsibility to vet and limit their customers

and caution should be exercised when considering their use.

Through it all, civil society will continue to play a vital role, illuminating the reality of this complex threat.

We must pay tribute to the hard work – often at personal risk, often without fanfare – that organizations and individuals have done

they are the embodiment of our resilience

And the UK is committed to supporting these efforts.

I can announce today that we will be enhancing our strategic partnership with nonprofit organizations working on these efforts

through a £1 million boost to Shadowserver, to help them expand the access they provide to early warning systems and cyber resilience support for those affected by cyber attacks.

TAKING ACTION

This larger and broader alliance must come together to agree exactly what the threats are.

The world's first AI Security Summit, which the UK Government held at Bletchley Park last year, launched a new kind of multilateralism for artificial intelligence.

where civil society, industry and nation states came together to build a shared vision for the future.

We will need the same whole-of-society approach when it comes to cyber intrusion.

And so today, I am proud to join my French colleagues, and all of you, in launching the Pall Mall Process,

a new multilateral initiative through which we will, together

work to address the proliferation and irresponsible use of commercially available cyber intrusion capabilities.

Named after the very street on which this house is located.

The scope should be wide

not only looking at spyware, but also considering the hacker-for-hire phenomenon, the exploit market

alongside the widest range of off-the-shelf intervention capabilities, including tools for disruptive and destructive effect.

With common definitions

we must establish best practice guidelines for the development, sale, facilitation, acquisition and use of commercially available cyber intrusion tools and services

and we need to be clear about what irresponsible behavior looks like and how to discourage it.

Ultimately, we need to agree on what an international framework should look like.

And it should flow from some basic principles that we all agree on, to ensure the responsible use of these tools:

accountable, legally and ethically

accurately, avoiding unintended or irresponsible consequences

with supervisory mechanisms in place

and with transparency, around supply chains, financing and responsible business practices.

cONcluSiON

There is no silver bullet for solving this problem.

But the pace of change requires us to act quickly.

We are in a cyberspace race with our adversaries

as they develop the tools to do us harm

while we define the risks, develop the rules and build the global alliance.

But I am optimistic.

Cyber, after all, can and should be a force for good.

We have a noble purpose

to protect our citizens from illegal targeting

to give companies the confidence to operate and trade

and to build an online world that remains free, open, peaceful and secure.

Another worthy effort to pursue among these historic settings

and one that I hope we can build on in the months and years to come.

Thank you.