Home Office
Thank you. Its an enormous pleasure to be here with you today in Belfast.
It is also an incredible honour to be here in Belfast on this auspicious occasion. Not just to be here at this conference, but 25 years ago there was the extraordinary moment of the signing of the Good Friday agreement. That wonderful moment that gave hope to a new generation and demonstrated this country, the whole of the UK and the whole of these islands can move on from a difficult past to a much better future.
Its a reminder that peace can never be taken for granted, and that service, debate and compromise define what is at the heart of our peaceful and democratic system, and together they must never be neglected.
It also makes me particularly mindful of my role today. I stand before you as Security Minister of the UK.
In one respect, that is quite a simple job: keep Britain safe. Of course, that clarity marks a complexity of the challenges we face from terrorism and state threats to organised crime and distributed attacks.
Those attacks are more your field and its there in the cyber world that the UK faces some of its sternest tests.
A quick look at the basic figures is enough to bring home the scale and severity of the issue we face.
New findings released just yesterday from the Cyber Security Breaches Survey show that 32% of businesses experienced at least one cyber breach in the last 12 months.
This year, for the first time, the survey also tells us how many of these breaches resulted in a cybercrime being committed.
We can now estimate that 11% of businesses were victim to at least one cybercrime. That cost each of them around 15,000 in the past year.
We must never lose sight of the fact that behind each of these online statistics is a real-world victim.
Each is a grandparent defrauded, and stripped of their savings.
Each is a small business held to ransom, and jobs lost.
Each is public money stolen, and the taxpayer short-changed.
The cyber-threat doesnt just come from criminals. The ongoing war in Ukraine is a constant reminder of the threat we face from hostile actors.Russia has been trying to invade Ukraines cyberspace as much as its physical space, threatening critical information, critical services, and critical infrastructure.
The threat of further cyber fallout from conflict is very real to the United Kingdom and to all our allies.
At home we are seeing the overlap of state threats, terrorism and organised crime brought together online and off.
Against this troubling background our mission is clear. We must crack down on cybercrime, we must protect the United Kingdom from the most capable cyber adversaries - states, criminals and terrorists all are trying to hurt us and all have made the online world work for them, delivering offline political gain and criminal profit.
That is no small brief, and it is not one any department, certainly not one Minister, can achieve alone.
Thats why this event is so important to me. This is why Im so grateful to Lindy for inviting me and so grateful for the opportunity to speak to you. Because what we can achieve together is an all round ecosystem of cyber security built on the UKs world class foundations of education, expertise, technology and capability.
The task of cyber security falls to government of course, but also to individuals, law enforcement, and to you, business.
Now today, Id like to reflect on how far weve come, and where we need to go. Above all, I want to stress the core message, exemplified by those extraordinary events of 25 years ago - that only by working together can we collectively be safe.
Id like to briefly outline my priorities in cyber policy, before affirming areas in which government and industry partnerships must go further if we are all going to succeed.
The government has already made phenomenal progress in building resilience and countering the threat from our adversaries.
The latest iteration of the National Cyber Strategy set out the UKs role as a responsible and democratic cyber power, and laid down the framework on which the UKs security and prosperity can depend.
Its the bedrock of everything we do to keep the UK cyber safe.
It also important that our laws, the software of our society, are updated.
Thats why we recently published a consultation on improving the Computer Misuse Act, which is an important part of deterring those who would commit crime, and equipping law enforcement to carry out their duties.
That consultation is for you to contribute to and I look forward to hearing your thoughts.
We are proposing to include powers to take control of domains and IP addresses used by criminals and enable action against individuals in possession of or using data obtained through the criminal actions of others.
But I say again, your thoughts matter and Im looking forward to your input.
Were building the National Cyber Crime Unit to take on serious cyber criminals.
Its operational resources must deliver arrests and disruption, and build on the NCAs enhanced intelligence picture to target criminals where they are most vulnerable.
We recently helped to dismantle Genesis Market - one of the biggest online marketplaces selling stolen logins and passwords to criminals across the world.
Weve built a network of Regional Cyber Crime Units, ensuring that police units have access to specialists and capabilities.
I must also mention Ransomware attacks, where the National Cyber Security Centre assesses to be in the top tier of online threats to the UK.
Ransomware criminals cause harm and hurt. They cost more than cash. Hospitals and their patients in a pandemic were targeted, putting people and lives at risk.
Now this is a global problem, we are working with global partners.
With the US and others, the UK is a leading member of the international Counter Ransomware Initiative, and together we are going after these criminals.
Recently we sanctioned seven Russian cyber criminals who were behind some of the most damaging ransomware attacks in the UK in recent years.
With those priorities in mind, let me now turn to your role in the cyber community. Against this array of challenges, collaboration between government, law enforcement and industry is key.
Id like to propose three areas where we must go further and faster, together.
First, prevention is always better than a cure.
Sometimes cyberattacks are sophisticated - but the vast majority are in fact simple, and can be easily prevented by a few simple steps.
Our aim is to make the UK the safest place to be online, and that starts with all of us working to ensure that everyone understands how to protect themselves.
The NCSCs Cyber Aware campaign and the work of City of London Police leading this work, is I hope, of use to you all in providing advice that is simple, consistent and based on our collective latest understanding of the threat picture.
This room is filled with experts so please be active in shaping the guidance so that your staff and customers can avoid becoming victims in the first place.
Second, our most capable adversaries will only get better.
Malign states and crime gangs will look for chances in an open internet. Weve got to do the same to protect ourselves.
Five years ago, WannaCry wreaked havoc in the NHS, leading to cancelled appointments and postponed operations on a huge scale.
North Koreas cyber weapon was heralded in a new business model for criminals around the world.
Today, Ransomware is a chronic threat and is sold as a service to groups without cyber skills. The barriers to entry have come down. This is a democratisation of crime, just as much as any other.
The question that we should all be asking is: what next?
Breaking the future cyber-criminal business model and understanding tomorrows state action in cyber space is key to pushing for more responsible, democratic behaviour.
The enemy will evolve and so must we.
Third, new technology will change the world we think we know.
Dawn has broken on the age of Artificial Intelligence. Weve only just begun to wake up to the opportunities that will be unlocked in the coming years, and can only guess at the ways in which theyll transform our world.
This speech wasnt written by ChatGPT as you can probably tell. Youre not supposed to laugh at that. Very soon we are going to see Large Language Models such as Open AIs ChatGPT which are already able to ace the bar exam and indeed write better speeches than this, and suggest new avenues for drug discovery. Theyre not thinking yet, it is more pattern recognition and repetition than real thought, but the game is changing already.
The goal that many are working towards - an Artificial General Intelligence, or AGI is looking more open and more possible.
Its difficult to overstate what this would mean to all of us. Super intelligent computers that learn and develop autonomously would transform our society and our world, and more than almost any other advancement in human history.
Even in these early stages, AI can enhance our security but it can also threaten it. Our AI capabilities will be at the heart of our mission to protect the UK.
In Ukraine, AI is already being used to identify malicious Russian behaviour by analysing patterns of activity at huge scale, they are not just finding needles in the haystack but finding out what the haystack itself is saying.
At home and across our homes in the UK, AI could protect children from predators, unlockin