I want to start with three images, three incidents.
Hundreds of men, women and children, crammed around one satellite internet terminal. Desperate to call their loved ones after weeks of uncertainty and suffering, to tell them one thing: I am alive.
This is an image from the day Russian troops finally withdrew from the Ukrainian city of Kherson, exactly one year ago.
Russian occupiers had taken down all the communication infrastructure before they left the city. For many Kherson residents, the internet terminal on the main square, put up by the Ukrainian Armed Forces, was the first opportunity in weeks to go online.
Only one month ago, Hamas terrorists brutally entered Israel and committed unspeakable atrocities.
At the same time, hacking groups tried to paralyse missile-warning apps used by Israeli civilians. The aim: to send erroneous warnings on the app, and to sow panic on the day of Hamas’s atrocious attack.
In July last year, a hacker group affiliated with Iran attacked Albania’s government websites and administrative platforms, paralysing key government functions like electronic immigration control for weeks.
These examples – and I am sure all of you could cite many more – show that cyberattacks are not a game. They have an impact in the real world.
They threaten lives and economies.
They are a danger to our democracies and the rule of law.
And as the AI revolution moves forward, the tools used to carry them out are becoming available to almost anyone.
On top of that, cyber attacks are by now a well-established business for organized crime, to steal data and extort money. A business that is sometimes heavily intertwined with state actors, as we can see in some of the crises around us.
Therefore, we as NATO, we as Allies, we as democracies have to keep cyber defence at the centre of our attention.
Cyberspace has become our societies’ nervous system.
And just like in the human organism, malign intruders sometimes create havoc long before we even realise it.
International law is fully applicable in cyberspace – but it is broken every day. We cannot sit back and watch this ongoing erosion. We need to build a globally respected state practice of responsible behaviour in cyberspace.
As NATO, we need to constantly adapt and evolve our strategies to contain these challenges.
In 2021, we recognised that cumulative cyber activities can be considered an armed attack.
And we built on our national commitments by strengthening our Cyber Defence Pledge at the Vilnius summit. The pledge means that we need to be ready to handle malign cyber incidents – in times of peace, crisis and conflict. We have to bring our systems up to speed: those our governments use, but also those our industries and citizens rely on, from telecommunications to energy infrastructure and even games.
The Cyber Pledge requires us to invest in prevention, and to invest in our national resilience on a daily basis. Because resilience is the main building block of deterrence and defence in cyberspace.
But our commitment to prevention also requires us to be able to actively defend ourselves in cyber space, if necessary. Germany’s National Security Strategy – launched this year – envisages to create a dedicated entity especially for that. We are even considering a change to our Constitution to make it happen! Proportionality and our responsibility under international law will remain our corner stones in active cyber defence. As an Alliance, we need to continue to work hard on making our commitments in this area more tangible.
But NATO has not only evolved at the level of concepts and national commitments. We have also enhanced our cyber posture in concrete terms.
In Vilnius, we launched NATO’s Virtual Cyber Incident Support Capability. That became NATO’s cyber “emergency number”.
It enables Allies to seek immediate help from one another.
Implementing this in Germany, we have just created a national mechanism involving all relevant agencies – from our Federal Office for Information Security to the Bundeswehr. With this mechanism, we can ensure that we are ready when our Allies need us - or when we need our allies.
NATO has made considerable progress on cyber defence.
But for the Alliance to stay on track and for cyber to make a substantial contribution to our joint deterrence and defence, we need to do more.
In my view, three points are crucial.
First, we need to bring together all the dimensions. We, as Allies, and NATO need to build a culture of cooperation beyond our bureaucratic silos. This is what many of us and many of you discussed in the run-up to the Vilnius summit.
And this is why, today, we are coming together in this integrated setting for the first Annual NATO Cyber Defence Conference, with leading representatives from the political, military and technical communities in our different countries, as well as – and this is important - from the private sector.
Against this backdrop, I am joined today by colleagues from the German Defence and Interior Ministries and the Vice-President of our Federal Office for Information Security. And I am very thankful that many colleagues from different agencies and from different countries came despite these difficult times.
The Conference will be a platform for expert discussions across these dimensions and will serve to foster cooperation routines in our Alliance.
Because we have to invest in our deterrence by cooperation between these different fields – public and private.
I mentioned the experience of our Albanian colleagues last year. That is a case in point. When hackers attacked the Albanian servers, the military domain was quick to activate cyber defence. Technical experts managed to restore the functioning of government systems. This made a quick political response possible: Together with its Allies, Albania attributed the attacks to Iranian state-linked actors and sent a clear diplomatic response to Iran.
Integrating the silos led to effective cyber defence.
However, cooperation is not only necessary within and between NATO Allies, but also with private companies. I am grateful that many representatives are present here today. Because your technological ingenuity is the very basis of our strength in cyber.
By building a culture of cooperation, we prepare the ground for better sharing of information and best practices among Allies. That’s my second point.
When one of us faces a cyber incident, we need to swiftly inform all of our Allies. Cyberattacks know no borders.
What is already happening in my country might still be preventable for my Ally.
More information-sharing will also enable us to jointly attribute cyberattacks. Attributing a malicious cyber operation to a state is a national prerogative. But if we coordinate our activities in this regard, attribution could become a more powerful deterrence tool.
In order to achieve deterrence by attribution, we need to work on expanding existing channels of confidential communication between Allies.
Attribution increases the political cost of state-sponsored cyberattacks. It sends a powerful signal to other potential attackers: they will be named – and they will be held accountable.
In July 2022, NATO – together with the EU and other partners – managed to attribute a large-scale hacking attack targeting the Microsoft Exchange software to the Chinese Government.
That was only possible because we coordinated our efforts, pooled our knowledge and acted quickly in unity.
This brings me to my third point. In order to maximise the effectiveness of our cyber defence, we need to invest in our NATO partnerships.
We need to make sure our activities complement those of other organisations, such as the EU.
We know that if our close partners are vulnerable, we are vulnerable, too. This became clear when Russia, on the day it started its full-scale invasion of Ukraine, attacked the ViaSat communications network.
It not only caused an information blackout in parts of Ukraine. The effect spilled over into networks all over Europe. Renewable energy providers temporarily lost contact with more than 3000 wind power plants all over Germany.
As an Alliance, we can achieve resilience by partnership – by helping our close partners defend themselves. By supporting Ukraine with its cyber defence, we are also protecting ourselves.
Germany therefore provided Ukraine with 10,000 ground stations for an internet satellite system, similar to the one used in Kherson. And we are contributing to Ukraine’s cyber capacity by training cybersecurity personnel, as are many Allies in this room.
Undoubtedly, we also have much to learn from Ukraine. At this point, our Ukrainian friends probably have more experience with cyber defence than all of us combined. Investing in our partnership here also means building up our own capacity.
Cyber is nothing new.
But unlike the utopias from maybe 40 years ago, the advent of cyberspace did not usher in a world where military force has no role to play and conflicts are fought merely in front of computers.
In fact, reality turned out to be both more complex and more concerning.
British General Sir Patrick Sanders recently said: “You can’t cyber your way across a river.”
That is obviously true. Nonetheless, modern armies are digitised armies.
Digital radios, digital drones. Communication satellites, GPS and encryption – all of this is cyber.
So, while you cannot cross a river using just a laptop, cyber effects may still prevent you from getting there.
Cyberspace is the nervous system of our digital world.
It is all interconnected. This means that if we as an Alliance ensure our deterrence and defence posture in cyberspace, we protect and defend many parts of our economies and societies at the same time.
Our energy infrastructure. The personal data of our citizens. The integrity of our democratic voting processes.
Together, we have all the tools to be successful:
- To build a culture of cooperation beyond our bureaucratic silos, in order to unlock cyber’s full potential for our joint deterrence and defence.
- To improve our information-sharing to strengthen our deterrence by attribution.
- And to bolster our resilience by investing in our partnerships beyond NATO.
This is what lies at the heart of the Annual NATO Cyber Defence Conference, now and in the coming years.
To protect our citizens from harm.
In the material world. As well as in cyberspace.