51茶馆

INTRODUCTION

Welcome to Lancaster House.

Our surroundings might be familiar to our French co-hosts, as the interior decoration was inspired by the Palace of Versailles鈥�

鈥�and they might be familiar to everyone else, as the backdrop to the Netflix series The Crown and Bridgerton.听

In the real world, this house has played a role in delivering global peace and security for centuries.听

And so it is fitting that we are here today to talk about how we secure our peace and security in the centuries to come鈥�

鈥�in a world where the challenges we face increasingly come from cyberspace.听

I want to start by welcoming the close and dedicated partnership we have had with France on this issue over the last year鈥�

鈥�and we are delighted to be co-hosting with our French colleagues.

Just as the Olympic torch is passing to France this year, we in the UK are proud to pick up the baton on cyber security鈥�

following the excellent conversations you convened at the Paris Peace Forum.听

DANGEROUS WORLD

We live in an increasingly volatile world.

State competition 鈥� national conflicts 鈥� organised crime鈥� domestic terrorism鈥�

鈥�all of these things are growing and converging, while the established multilateral order is being challenged.听

Meanwhile, technology is developing exponentially鈥�

鈥�and the economic sphere is ever more contested.

In this new dangerous and volatile world, the frontline is increasingly online鈥�

where the weapons used are often virtual ones鈥�

and online conflict and cyber criminality are becoming increasingly reckless.听

Thanks to rapid advances in technology 鈥� including AI 鈥� those weapons are becoming cheaper, more widespread, and easier to use.

There is now a growing market for the sort of cyber tools that, in the wrong hands, can be used against ordinary people鈥μ�

鈥� to steal from businesses鈥μ�

鈥�to carry out crippling ransomware attacks鈥μ�

and to threaten our critical national infrastructure.

That is what I want to focus on today.听

These products often have legitimate uses 鈥� such as for law enforcement and national security 鈥� but they can also be misused鈥�

鈥�and increasingly, more actors are getting hold of them.

That opens up this battleground to a whole new world of unaccountable actors鈥�

鈥�Have-a-go hackers鈥μ�

鈥� People who, with minimal barriers, can unleash maximum disruption to individuals, institutions, companies and indeed countries.听

THE IMPACT

That is why this matters.听

Because what happens in the virtual world has real-world consequences.

It is extremely likely that almost everyone in this room has been the victim of some form of cyber-attack.听

Whether it is鈥� your data鈥� your identity鈥� your intellectual property鈥� or even your money that has been expropriated鈥�

All are now seen as legitimate targets.听

And as the commercial market for these tools grows, so too will the number and severity of cyber-attacks鈥�

鈥�compromising our devices and our digital systems鈥�

鈥� causing increasingly expensive damage鈥μ�

鈥� and making it more challenging than ever for our cyber defences to protect public institutions and services.

If we fail to act, this market will rapidly become a driver for much of the cyber threat we face鈥�

鈥�beyond just sophisticated and established state actors, and opportunistic criminals.

In this 鈥榶ear of elections鈥�, in which four billion people - half the world鈥檚 population - will vote in what are, often, digital elections鈥�with digital campaigns and digital infrastructure鈥�

鈥� all vulnerable to digital threats鈥�

鈥�we must consider the impact upon our democracy too.听

SUCCESS SO FAR

We approach this threat from a position of strength, thanks to the work we have already been undertaking.听听

As part of our work to protect the UK from all forms of cyber attack, I have set ambitious cyber resilience targets for UK critical national infrastructure to meet by 2025鈥�

鈥�And in December, I launched the 鈥楽ecure by Design Framework鈥� for the UK public sector.听

Through these efforts the UK Government is embedding cyber security into the heart of our system design.

We are defending our democratic processes by offering technical support to individuals at high risk of targeting鈥�

鈥�and we are working to better understand and mitigate the threats of AI and disinformation during our elections.

As so often, where new forms of malign influence have emerged, the UK is once again at the forefront of combatting this emergent threat.听

Indeed our burgeoning cyber security industry continues to go from strength to strength鈥�

鈥�with our most recent estimates showing that the sector generates over 10 billion pounds in revenue - third only to the US and China鈥�

鈥� with exports also growing to over 5 billion pounds.

In the room today I see several faces I recognise from innovative young UK companies鈥�

鈥�and I know the important role they and others play in making us safer, both online and off.

The Government recognises the huge potential for growth in this industry鈥μ�

鈥�and the potential for cyber security to drive growth across all sectors of our economy.

That is why, alongside Michelle Donelan, the Secretary of State for Science Innovation and Technology, I have asked the Rt Hon. Stephen McPartland MP to lead an independent review to look at how we can shift the narrative and market incentives around cyber security to make this a reality.

We derive our strength and resilience not only from what we do alone, but what we do with our allies.听听

So the UK was proud to sign-up to the Joint Statement on 鈥渆fforts to counter the proliferation and misuse of commercial spyware鈥� at the 2023 Summit for Democracy last March鈥�

鈥�and I look forward to furthering that conversation when I attend the 2024 Summit in Seoul next month.听

Indeed, when our allies strengthen their defences, our defences are strengthened too.

So we welcome the European Parliament鈥檚 work on this issue鈥�

and we recognise the changes made through international export control frameworks, including the Wassenaar Arrangement.听

We further note the recommendations of the Paris Call Working Group on Cyber Mercenaries, and the Cybersecurity Tech Accords.

These represent crucial progress on spyware.听

But we must go further if we are to prevent commercially available cyber weapons from being developed and sold, used irresponsibly, or falling into the wrong hands.

A BROADER ALLIANCE

That work starts with building a broader alliance against those who seek to do us harm.

The market for these intrusion capabilities, with its vendors and customers, is very much a global phenomenon鈥�

鈥�as is the impact of the threats created by malign and irresponsible activity.

Addressing this issue therefore falls to all the states and stakeholders in this room 鈥� and more besides, in wider, multilateral fora.

Our joint efforts should focus on ensuring that states and industry alike act responsibly in cyberspace鈥�

鈥�ensuring our robust existing framework of international law and norms are equally applied in the virtual realm.

For governments, we can make a difference, through effective regulation, proper export controls鈥�

鈥�and working with the market responsibly as a customer, and end user鈥�

鈥�to develop better safeguards and oversight.

Our partners in industry also have a role to play:

Software providers keeping their products patched, identifying flaws, and working with partners on collective security.

And the legitimate vendors of these capabilities ensuring they have responsible supply chains.

They all have a responsibility to vet and limit their customers鈥�

鈥�and to exercise caution when considering their use.

Throughout this, civil society will continue to play a vital part, shining a light on the realities of this complex threat.听

We should pay tribute to the hard work - often at personal risk, often without fanfare - that organisations and individuals have carried out鈥�

鈥�they are the embodiment of our resilience鈥μ�

鈥� And the UK is committed to supporting these efforts.

I can announce today that we will be enhancing our strategic partnerships with non-profit organisations working on these endeavours鈥�

鈥�through a one-million-pound uplift to Shadowserver, to help them expand the access they provide to early warning systems, and to cyber resilience support for those impacted by cyber-attacks.

TAKING ACTION

This bigger, broader alliance must come together to agree exactly what the threats are.听

The world鈥檚 first AI Safety Summit, which the UK Government held at Bletchley Park last year, kicked off a new type of multilateralism for artificial intelligence.

鈥�where civil society, industry and nation states came together to build a shared vision of the future.

We will need this same whole-of-society approach when it comes to cyber intrusion.

And so today, I am proud to be joined by my French colleagues, and all of you, in launching the Pall Mall Process,

鈥�a new multi-stakeholder initiative through which we will, together鈥�

鈥� work to tackle the proliferation and irresponsible use of commercially available cyber intrusion capabilities.

Named after the very street on which this house sits.

The scope must be broad鈥�

鈥�not just looking at spyware, but also considering the 鈥榟ackers for hire鈥� phenomenon, the exploit marketplace鈥�

鈥�alongside the broader range of 鈥榦ff the shelf鈥� intrusion capabilities, including tools for disruptive and destructive effect.

With shared definitions鈥�

鈥�we must establish guidelines for best practice for developing, selling, facilitating, purchasing, and using commercially available cyber intrusion tools and services鈥�

鈥�and we must be clear about what irresponsible behaviour looks like, and how to discourage it.

Ultimately, we must agree on what an international framework should look like.

And it must flow from some foundational principles that we all agree, to ensure the responsible use of these tools:

鈥�with accountability, in a legal and ethical manner鈥�

鈥�with precision, avoiding unintended or irresponsible consequences鈥�

鈥�with oversight mechanisms in place鈥�

鈥�and with transparency, around supply chains, financing and responsible business practices.

CONCLUSION听

There is no silver bullet to solving this problem.

But the pace of change demands that we act fast.

We are in a cyberspace race with our adversaries鈥�

鈥�as they develop the tools to do us harm鈥�

鈥�while we define the risks, develop the rules and build the global alliance.

But I am optimistic.听

Cyber, ultimately, can and should be a force for good.听

We have a noble goal鈥�

鈥�to protect our citizens from being illegitimately targeted鈥�

鈥�to give companies the confidence with which to operate and trade鈥�

鈥�and to build an online world that remains free, open, peaceful and secure.听

Another worthy endeavour to pursue amid these historic surroundings鈥�

鈥�and one I hope we can build upon in the months and years to come.听

Thank you.