Director Jeremy Fleming, Director GCHQ, also spoke at the event. Read the speech here.
You are all still standing so I’ll be brief.
Thank you Minister and thank you Jeremy.
This is a real moment of pride for me and the NCSC team.
Thanks to my colleagues from Government.
Sustained political support matters when you’re trying to do something as complicated as cyber security so thank you for your continued support.
Thank you to GCHQ.
Thank you to the team.
And thank you to all the partners here today.
It is my pleasure to welcome everyone here today to mark the second year of the work of the National Cyber Security Centre, the newest part of GCHQ, as we look to begin our second century of service to the people of the UK.
At the NCSC, our mission is to help make the UK the safest place to live and work online. I often think about what that means. Here’s what I’ve concluded about why our mission matters.
Compared with the rest of human history, those of us alive right now, in this part of the world, have become used to what others would see as enormous privileges and freedoms.
And the Internet not only grew out of these freedoms and these common values, but it gives us the opportunity to expand them in ways that were hitherto unimaginable to our predecessors and people in other, less fortunate parts of the world.
It gives us the opportunity to build communities as never before. The opportunity to connect at a global level. The opportunity to connect instantaneously. And the opportunity to create even greater prosperity.
But it is now clear that, just as in any other form of human activity, digital freedoms are hard won and hard to sustain.
We have to fight to secure them. Cyberspace is not automatically free, and it certainly isn’t automatically safe. And we need to try to fix that, in so far as we can.
That’s what motivates all of us at the NCSC. Like the Minister (Rt Hon David Lidington CBE MP) and Director (Jeremy Fleming - GCHQ), I hope – indeed I firmly believe – that we are making progress.
The Minister mentioned some of the things we are doing, led in terms of Government policy by our partners in the Department for Digital, Culture, Media and Sport, to help make technology automatically safer.
Director mentioned our Active Cyber Defence programme – which makes it far harder for a criminal to go online and pretend to be a British public servant in order to extort the extraction of personal details from a private citizen in order to take their money.
And if you put up a phishing site in the UK, the chances are that rather than it being up there for a day, it’ll be up for an hour. That’s progress.
Director mentioned the brilliant work over many, many years to prove that Russia was behind some of the most malign attacks on our way of life and those of our allies.
The NCSC, using GCHQ’s world-class intelligence capabilities, has not just been able to support Ministers in calling out such behaviour but has published detailed technical guidance, including with our friends in the US, about how to get rid of the lurking hostile presence on our country’s networks.
That sends out a message that if you attack the UK, we are going to hold you to account, and we are going to show people how to make your attacks less damaging. That’s progress.
I look with pride on the way that we now handle incidents. From being bystanders, the UK Government is now routinely the first in the world at advising our own citizens how major global cyber incidents affect them.
We get advice out literally within the hour. We have dealt with more than 1,100 incidents since the NCSC was formed.
I look with pride on the work we are doing to protect our critical services. I salute the work of our partners in organisations like the Bank of England with whom we work to secure the next generation of those critical financial systems.
Again, that’s progress – recognising that the best time to secure the things that matter most to our future is when the new systems are being built. But there is so much more to do.
I look with pride on our work with UK and global industry. On the big service providers who take our data and block nearly five million hostile emails targeting the UK every day. That’s progress.
But again more to do. And as technology changes we have to look robustly at how our supply chain works to make sure they are secure. As the minister said, that’s a huge area of focus for the NCSC in the coming year.
I look with pride on our international partnerships. I have just returned from Brussels where we continue to lead the way on international collaboration within Europe to protect the free and fair elections on which our democracies depend.
And I think we’re really honoured that my opposite number from Paris, Guillaume Poupard, is here today with us. His organisation, ANSSI, is one of our most important operational allies.
So together we, with other allies, have made huge strides over the past five years or so in combatting common threats. That is progress, but of course there is more to do.
These speeches, these anecdotes, this report – are a mixture of justified satisfaction with what we’ve achieved; impatience at just how much more there is to do; and caution about a constantly evolving threat. They are just a snapshot of where we’ve got to.
We strongly believe we’re on the right track in supporting the UK as a first rate, safe, digital power. So let me set out, to conclude, what we want to do to build on this. Let me look to the future.
It’s a prerequisite of being a safer digital nation that we need top end national security capabilities and intelligence capabilities so as to be able to detect and combat the most potent state threats against us.
It’s a prerequisite that we need to continue to improve the systems that matter most.
And rest assured, the NCSC will keep innovating to try to think up the next set of big ideas to make technology safer at source.
But let me finish by talking about another priority area where I think we need to turn up the volume.
We are now a nation where more or less everyone uses the Internet in some way on a daily basis.
That means literally hundreds of millions of decisions which, on aggregate, will decide how good we are as a country at cyber security.
We at the NCSC are the national technical authority for telling the country what ‘being safe online’ means.
To use a phrase beloved of GCHQ, we’re responsible for telling people ‘what good looks like’.
We have done some great work in this area.
We’ve led the world in making password guidance more sensible, for example.
We’ve led the world in telling organisations not to base their defences on relying on individuals to do the impossible and spot the fake emails in the hundreds they receive every day.
We’ve led the world in telling individuals and organisations to manage cyber security risk just like they manage complex risk in other aspects of their daily lives.
Now we need to go further.
We need to equip everyone in the UK with the facts and advice – useable advice – they need to make sensible, risk-based judgments about how they behave online.
So my focus, for the next phase of the NCSC, as well as being about our national security, will be about the cyber security of the citizen.
It’ll be about the practical message of the NCSC: not to be scared of cyber threats, but to take sensible and easy steps. And I want to make sure that message is heard loud and clear.
So, beginning with the launch of our new website next month, you will see, I hope, a renewed focus from us on the citizen.
When I stand here next year launching our next annual review, I hope a greater proportion of our fellow citizens will have heard that message.
And the year after that, I hope I will be able to say that cyber security in the UK is truly, genuinely a national effort, and that we are absolutely the safest place to live and work online.
So thank you, to our friends and our partners, for what we have achieved so far, and let us turn our minds to the task ahead.
Take me to the Annual Review 2018