Resilience is proving to be the great challenge of the 21st century. The Covid crisis has shown the huge impact disease outbreaks can have on our lives and economies—but tomorrow’s danger could just as easily come from a very high-level cyber-attack.
Cyberspace has transformed all our lives: the way we work, shop, travel and communicate. But our openness and dependence on IT makes us more vulnerable. And our adversaries—be they state aggressors, terrorists, criminal gangs or even individuals with a grudge and a laptop—are eager to take advantage.
Recent events have provided a salutary reminder of what we’re up against. A few weeks ago Ireland witnessed a cyber-attack on its healthcare system that affected everything from its coronavirus testing to maternal care services and cancer treatments. Across the pond, a criminal ransomware attack on an oil pipeline in the US caused widespread gas shortages across the country. Last December, the SolarWinds hack exposed vulnerabilities in the global software supply chain.
The evidence from the SolarWinds hack points once again to Russia. We’ve been here before. In 2017, the Russian military mounted the NotPetya cyber-attack on Ukraine that didn’t just affect companies in that country, but caused chaos and delays resulting in over £7.5bn in economic damage. Russian actors spread misinformation online during the 2019 general election campaign, and their fingerprints were all over multiple cyber-attacks aimed at the last two US presidential elections. More recently their operatives have mounted cyber-attacks on vaccine developers. It appears nothing is off limits.
That’s why the UK is building up its cyber resilience. GCHQ’s National Cyber Security Centre (NCSC) is already busy taking down malicious sites and helping the public strengthen their online security. Last year it dealt with 723 major cyber security incidents—the highest figure since the NCSC was formed five years ago. In total, last year, it stopped 700,000 online scams targeting the UK.
Reacting to threats is not enough; we must be able to push back against them. The UK’s world-class offensive cyber capability has already been demonstrated in the battle of Mosul, where our digital know-how prevented Islamic State from pushing its propaganda and recruiting new fighters.
Yet our adversaries have moved on, and so must we—which is why, thanks to our defence settlement, we will be putting more than £500m into state-of-the-art electromagnetic capabilities. Alongside this investment we have established a National Cyber Force, blending the MoD’s operational expertise and scientific and technical capabilities; GCHQ’s global intelligence and cyber skills; and the Secret Intelligence Services’ knowledge to help in recruiting and running agents.
And we’re making sure our next generation of digital warriors will have the right skills, by establishing a dedicated career pathway for defence cyber specialists and expanding our Defence Cyber School.
But no nation can tackle the cyber threat alone. We are working with like-minded partners including Five Eyes and Nato to establish principles for responsible behaviour in cyberspace. We will be investing £22m in cyber capacity-building for target countries in Africa, the Commonwealth and the Indo-Pacific. The forthcoming visit of our HMS Queen Elizabeth carrier to the Indo-Pacific will provide a perfect opportunity to build a cyber security consensus among our friends in the region to stop the spread of digital authoritarianism.
Later this year, we’ll be publishing a comprehensive cyber strategy to help the UK stay ahead of the curve in critical cyber technologies. It will not only increase our cyber resilience but up our cyber power: power to shield our nation from future shocks, power to overwhelm our online enemies and power to seize the great opportunities arising from this dynamic digital age.