Being a global cyber power in the modern world requires offensive capabilities as well as strong cyber defenses, according to GCHQ director Jeremy Fleming, speaking during his keynote address today at CYBERUK 2022 in Newport, Wales, UK.
Fleming noted that since the last in-person CYBERUK event in 2019, “we’ve been through some particularly challenging times.” Most significantly, this is the impact of the COVID-19 pandemic, which has rapidly increased the cyber-threat landscape, while “cyber-criminals are constantly evolving their tactics.”
The shift to digital is a trend that is only going to continue, and therefore “we must be able to trust the systems that connect us and enrich our lives, both economically and socially.” As a result, “cyber clearly matters to everyone.”
Fleming emphasized that this means “we must change our cyber approach in the future.”
Encouragingly, he observed that the UK has developed into a global cyber power in the past few years. Fleming said the role of cyber has been elevated to the same level as traditional forms of diplomacy and statecraft at the government level. “Cyber now plays a vital role in our national security and prosperity.”
A country can only be considered a cyber power “if it can direct or influence the behavior of others in cyberspace,” according to Fleming. This ability is critical to protect the “digital homeland.” As cyber-threats become more dangerous, “we must continue to reinvent cybersecurity.” He emphasized that defensive security is not enough in this landscape.
This is why the UK government recently formed the National Cyber Force (NCF), bringing “another level to the spectrum of national security.” Fleming said this force is already having a significant impact in areas like tackling misinformation, supporting overseas military activity and helping law enforcement take action against overseas criminal gangs.
These activities are “imposing a cost on our adversaries.” Critically, in collaboration with national and international partners, the NCF is “undermining the cyber-criminals assumption that they can act with impunity on the internet.” This includes making it clear that they are being observed and “impacting their ability to profit from their illegal world” as well as denying them access to their cyber tools. Fleming said that these efforts have prevented “10s of millions of pounds in potential fraud against the UK economy.”
However, Fleming acknowledged it is important to develop frameworks to ensure these offensive capabilities are used proportionately and ethically. He confirmed that later this month that the UK’s Attorney General will set out the government’s legal views “on the responsible use of these cyber capabilities.”
Overall, Fleming argued that each part of the system – intelligence, security and cyber – has to operate together effectively to “provide true national advantage and cyber power.”