GovWire

Introduction:

Good morning everyone,

Its really great to be here with you in Manchester.

This is one of Britains great cities.

From music to sport to industry, Manchester has made its mark on the world in so many ways

And today I want to talk to you about an area where I believe Manchester, the North West, the whole country can grow in strength in the future.

There might have been times when a government minister making a speech about cyber security was thought to be something routine.

Ritual calls for preparedness, and it might not seem to have much connection to the real world.

But not today. Not this time. Not this week. Not with what we have been seeing happening over the past few weeks.

Great British businesses. Household names like M&S, the Co-op, Harrods, all the subject of serious cyber incidents.

These cyber attacks are not a game. Theyre not a clever exercise. They are serious organised crime.

The purpose is to damage and extort good businesses. Its the digital version of an old-fashioned shake down. Either straight theft or a protection racket where your business will be safe as long as you pay the gangsters.

And what weve seen over the past couple of weeks should serve as a wake-up call for everyone - for government and the public sector, for businesses and organisations up and down the country, as if we needed one, that cybersecurity is not a luxury - its an absolute necessity.

Whether it is a system failure or a deliberate attack, no organisation can afford to treat cyber security as an afterthought.

So its not routine. Its a good time to be gathering today, to discuss what we can do to make our defences as strong as possible.

Now its one of the paradoxes of modern life: technology brings huge benefits, and theres no going back - but it also brings risks.

The internet is one of the greatest engines for creativity and innovation in modern history. It has transformed the way we live, work and learn.

Just think of the applications. Busy parents who can save so much time by ordering goods online, students with an unfathomable range of knowledge at their fingertips, families all around the world able to share pictures of those precious moments - birthdays, christenings, weddings - just at the press of a screen. All of us benefit from this astounding level of connectedness.

Yet the technology that underpins it can be weaponised by those who want to destabilise our infrastructure, our information systems, or our industrial base.

The UKs critical infrastructure is now more interconnected than ever. That is empowering

But it also carries risks, because there are vulnerabilities - and more than we had years ago. Right down to the household level.

As the cost of the tech has plummeted, and broadband speeds have risen, more and more devices are connected online. In 2020, it was thought to be about 50 billion. By 2030 - which isnt that far away now - it will be 500 billion, according to projections.

More connections, more interconnectedness.

Technological leaps are rarely born in comfort; more often, they are forged during conflict, or competition or by sheer necessity. And history shows us that innovation always accelerates when the stakes are highest, from nuclear energy to the space race.

The stakes are high right now. And we are in the middle of another huge technological leap - a technology shock if you like - with AI and other emerging technologies developing at breakneck speeds.

Its a duty for Government and all of us to keep up.

Because in the modern world, where everything is connected, and so much of its online, it doesnt take much if that is attacked to cause serious disruption.

Just ask anyone in Spain or Portugal who went through the power outage last week. Passengers stuck in underground trains. Payment systems disabled and suddenly, for a day, cash is king again. And a host of other effects.

I experienced last July, just a couple of weeks after the general election, the CrowdStrike incident. We worked closely with one of the sponsors of this conference, CrowdStrike, to manage the fallout of that.

That wasnt a cyber attack but it did cause ripples right across the country and the world.

Flights grounded. Hospital appointments disrupted. Holidays cancelled. GP services cut off.

We worked closely with the company to resolve it. But what did we learn?

Lessons:

First, youve got to bring people together and coordinate. We had the National Cyber Security Centre, the Cabinet Office - the department I lead - Microsoft and CrowdStrike, all the different parts of government to understand what the incident was.

Secondly, Government cannot do it alone. You have to have good partnerships between the public and private sector.

And thirdly, even though it exposed a responsibility, there is also a prize to be grasped here.

Because if interconnectedness that Ive spoken about requires greater protection and powers of recovery, then those countries that think about this, that invest in the cybersecurity services, will be able to offer those services to those that need them.

Just think about previous waves of interconnectedness and how the UK led the way in protecting them. Think about how Lloyds of London, for example, insured shipping right across the globe, well so too can the UK play a major role in cyber security. A new kind of technological insurance.

We are already the third largest exporter of these products and services in the world.

And as the technology continues to develop, I believe that our cyber companies and start-ups can use that current competitive advantage as a launchpad for greater success - for the benefit of the entire UK economy.

So my message this morning to you is that its not just about vulnerability and risk - its about economic growth too.

Later this year, well publish a new National Cyber Strategy that will set out how we want to approach these challenges and opportunities in the years to come.

Today I want to touch on three aspects of that today: threats, security and growth.

Threat landscape

Scale of activity:

The threat is growing.

Last year the NCSC received almost 2,000 reports of cyber attacks - of which 90 were deemed significant, and 12 at the top end of severity.

That is three times the number of severe attacks compared to the year before (2023).

Theyre targeted both Government and private systems.

Combatting it is a constant challenge. I cant stand here this morning and tell you that Government systems are bombproof. That is not the case.

These are new systems, built on top of legacy systems, and were doing everything in our power to modernise the state, and to upgrade those core systems . But the Government, and the country as a whole, has to take this seriously if were going to do it securely in the future.

Artificial Intelligence:

Its our strong conviction that Artificial Intelligence will bring huge opportunities to the UK. We want this country to be a good home both for investment and adoption in this field. But like all general purpose technologies, it can be used for good or ill.

And just as people and businesses across the country are using AI in all sorts of applications, so too are our adversaries.

Today, we are declassifying an intelligence assessment that shows AI is going to increase not only the frequency, but the intensity, of cyber attacks in the coming years.

Our security systems will only remain secure if they keep pace with what our adversaries are doing.

And thats why its imperative to understand what theyre doing and why.

State-actors:

And today state-backed cyber hacking has become the new normal.

Hostile states constantly working to degrade our military advantage. With cyber criminals who will routinely sell their services to other states. These cyber mercenaries can cause huge harm.

Sometimes to steal money. For example, it is thought that North Korea stole $1.34bn through cryptocurrency theft last year, causing US officials to describe their hackers as the worlds leading bank robbers.

The cyber activity we are seeing in countries like North Korea reflects that grey area that exists between some states and cyber criminals.

My colleagues at the Home Office, under the leadership of the Home Secretary and the Security Minister, are working hard to strengthen our overall response to cyber crime. They have been consulting on a number of ransomware proposals designed to thwart our enemies.

Other state-backed hacking is done as part of a wider war - and weve seen that with Russias illegal invasion of Ukraine.

How Ukraine is putting up an incredibly brave fight against cyberwarfare unleashed by the Russians, and we have vowed to stand shoulder-to-shoulder with Ukraine for as long as it takes to defend their sovereignty.

And so were going to invest 8 million in the Ukraine Cyber Programme over the next year to counter the Kremlins cyber aggression.

What Russia is doing doesnt stop in Ukraine. There have been a number of other attacks and disinformation campaigns in other countries.

For example, in Moldovas presidential election last year. And we know that they will keep trying. So we will be investing 1 million in cyber capabilities in Moldova, to help give that country the tools to c

View the original news story