Address at the Lord Mayor’s Annual Defence and Security Lecture by the Director General of the Security Service, Jonathan Evans.
1. My Lord Mayor, Secretary of State, Aldermen, Sheriffs, Ladies and Gentlemen. May I start by thanking the Lord Mayor for the kind invitation to give this Inaugural Defence and Security Lecture.
2. The Security Service has an excellent relationship with the City of London. National security and economic security are closely interlinked. They depend on the UK’s status as a stable, open, outward facing nation. They require us to assess and manage risk in a world more interdependent than ever before. They require investment in world class capabilities, technologies and skills. And they call for increased levels of international cooperation. And like the City, our ability to operate depends on having a framework that draws the right balance between regulation and flexibility.
3. The financial services industry is no stranger to national security risks. The 9/11 attack that included the World Trade Center has rightly lived on in all our minds. Some will also recall the first World Trade Center bombing in 1993 but as early as 1920 the Headquarters of JP Morgan in New York was seriously damaged by an anarchist bomb. And of course London has seen similar problems, most notably with the spate of IRA attacks on the City in the 1990s.
4. The close co-operation between my Service and the City of London Police dates from the 1990s and has stood us in good stead with the development of the Al Qaida threat in the last dozen years. And through our role in the Centre for the Protection of National Infrastructure (CPNI) we work with the wider security community within the financial services industry to make the City a safe and secure place to do business. As we look forward we see the City and the financial sector as important partners in tackling the challenges of cyber security and safeguarding the prosperity of our country.
5. The Olympics dominate much of our thinking in the security world at present, but the work of MI5 will continue once the sport has finished, so I thought that I would take this opportunity to talk about some of the national security threats we face domestically as we look to the Olympics and beyond.
6. Those of us who are paid to think about the future from a security perspective tend to conclude that future threats are getting more complex, unpredictable and alarming. After a long career in the Security Service, I have concluded that this is rarely in fact the case. The truth is that the future always looks unpredictable and complex because it hasn’t happened yet. We don’t feel the force of the uncertainties felt by our predecessors. And the process of natural selection has left us, as a species, with a highly developed capacity to identify threats but a less developed one to see opportunity. This helps explain the old saying that when intelligence folk smell roses they look for the funeral. Well, I can’t promise you a rose garden but I’ll try not to be too gloomy either.
7. So what are the risks that we have to address?
8. At the forefront of our minds are the Olympic and Paralympic Games. The security preparations for the Games have been long and thorough. Members of my Service have been involved in advising on the physical design and security of the sites, but also in the accreditation of those working at the venues and in ensuring that intelligence collection and analysis for the security operation can meet the increased demand. This is not a solo activity. We are working as part of a mature and well developed counter-terrorist community in the UK and with the close support and co-operation of friendly Services overseas, who have been extremely generous in their assistance. We are also anticipating an Olympic security legacy after the Games – better intelligence coverage of potential threats, better integration at the local and national level of security and intelligence effort, and new, closer and better developed intelligence co-operation at the international level. I hope and expect that this legacy will live on well after the Games themselves have closed.
9. The preparations have gone well. But planning for the future is always planning for uncertainty. The Games present an attractive target for our enemies and they will be at the centre of the world’s attention in a month or so. No doubt some terrorist networks have thought about whether they could pull off an attack. But the Games are not an easy target and the fact that we have disrupted multiple terrorist plots here and abroad in recent years demonstrates that the UK as a whole is not an easy target for terrorism. The national threat level at present is assessed to be SUBSTANTIAL – meaning that an attack is a strong possibility - one notch lower than has been the case for much of the last ten years. We are far from complacent. A lot of hard work still lies ahead and there is no such thing as guaranteed security. But I think that we shall see a successful and memorable Games this summer in London.
10. But terrorism will outlast the Olympics. The fact that there have been no successful al Qaida related terrorist attacks in Britain since 2005 is the result of a great deal of hard and creative work by the security, intelligence and Police services. That work continues today and will need to continue in the future if we are not to see a resurgence of threat. That is an important point – there is a perception in some quarters that the terrorist threat to this country has evaporated. Bin Laden is dead, Al Qaida’s senior leadership in Pakistan is under serious pressure and there hasn’t been a major attack here for seven years. That is all true. But we need to look more closely at what has actually been going on.
11. In back rooms and in cars and on the streets of this country there is no shortage of individuals talking about wanting to mount terrorist attacks here. We see them regularly in our intelligence investigations. And others in various parts of the world have the same ambitions. Some of them have appeared in the series of successful terrorist prosecutions that have been before the courts in the last few years. The Royal United Services Institute, the award-winning defence and security think-tank, maintains a database of terrorist events. It has identified 43 potential plots or serious incidents in the UK since 9/11. Our assessment is that Britain has experienced a credible terrorist attack plot about once a year since 9/11 – and before, since the first Al Qaida inspired plot here took place in 2000 - a year before 9/11. That pattern has held true up to the present time, including in 2010 and 2011. And in May of this year a plot by Al Qaida in Yemen to blow up an airliner over the Atlantic was narrowly averted. So the threat is real and remains with us today.
12. But at the same time the investment in counter-terrorism over recent years has worked. The UK counter-terrorist machinery – my Service but also critically our partners in SIS, GCHQ, the Police, as well as other Western and friendly intelligence services - is identifying, disrupting and suppressing terrorism before it succeeds. You could say that we are near to reaching a form of stalemate – they haven’t stopped trying but we have got better at stopping them. That is normally as much as security on its own can achieve. The underlying issues and circumstances can only be tackled through political effort – including the important counter- and anti-radicalisation work undertaken under the PREVENT strand of the Government’s counter-terrorist strategy CONTEST, led from the Home Office. But as was said after the Brighton bombing in 1984, the terrorists only have to get lucky once...
13. Terrorist problems have a long tail. They very rarely just stop. At best they can be exhausted by long and persistent pressure, together with political measures. It is essential that we maintain pressure on Al Qaida and its associates and squeeze the vigour out of the terrorist groups so that the risk of terrorism does not revive here. That will take perseverance. Developments in Northern Ireland, where the dissident Republican groups remain active many years after the Good Friday Agreement, demonstrate how important it is that the security forces remain engaged and alert to any resurgent threat. Recent successes against dissident Republican groups have demonstrated that continued intelligence led operations there are both necessary and effective.
14. But we do see a changing shape of the threat internationally. Whereas a few years ago 75% of the priority casework addressed by my Service had some sort of Pakistan and/or Afghanistan dimension, thanks to our efforts and those of our international partners that figure has reduced and now stands at less than 50%. We appear to be moving from a period of a deep and focussed threat to one where the threat is less monolithic but wider. Al Qaida affiliates in Yemen, Somalia and the Sahel have become more dangerous as Al Qaida in Pakistan has declined and we see increasing levels of cooperation between Al Qaida groups in various parts of the world. As the Foreign Secretary recently noted, Al Qaida is active in Syria. Repeated attempts by Al Qaida in Yemen to mount attacks on aircraft – as we have seen in the underpants bombs and the bomb found in a printer cartridge at East Midlands airport – could have caused mass civilian casualties to us and our allies. Some supporters of the Al Qaida-aligned Al Shabaab militia in Somalia are seeking to work with Al Qaida in Yemen and there are links across to Mali and down to West Africa where the UK has political, economic and demographic ties.
15. And meanwhile the Arab world is in radical transition. The Arab Spring offers the long term hope of a more pluralistic, democratic and flexible system in the Arab world that will respond to the aspirations of its population. If that happens it would ease some of the pressures that have spawned extremism in the region.
16. But a more immediate problem has emerged. Today parts of the Arab world have once more become a permissive environment for Al Qaida. This is the completion of a cycle – Al Qaida first moved to Afghanistan in the 1990s due to pressure in their Arab countries of origin. They moved on to Pakistan after the fall of the Taleban. And now some are heading home to the Arab world again. And a small number of British would-be jihadis are also making their way to Arab countries to seek training and opportunities for militant activity, as they do in Somalia and Yemen. Some will return to the UK and pose a threat here. This is a new and worrying development and could get worse as events unfold. So we will have to manage the short term risks if there is to be a longer-term reward from the Arab Spring.
17. As we look forward, an important point of transition will come with the end of combat operations by our forces in Afghanistan, who have made a major and heroic contribution to the West’s counter-terrorist strategy over a long period. Their efforts have prevented Al Qaida using Afghanistan as a safe haven and so for almost 12 years have helped make the UK safer from terrorism. We all owe them a debt of gratitude and I pay tribute to them.
18. It will be important to ensure that in withdrawing from combat operations we do not lose sight of Afghanistan altogether. The intervention in Afghanistan in 2001 was forced on the West because the Taliban regime was affording Al Qaida the base it needed from which to plot catastrophic terrorism against us. It will remain important that terrorism can still be countered there after 2014, even if counter-insurgency becomes less prominent.
19. And as we approach the end of the Afghan campaign, as the Government’s Strategic Defence and Security Review set out, there will come the chance to reshape the UK’s military capability – both the standing and importantly the reserve forces - for the new environment. I am sure that many of the threats that my Service has traditionally addressed will continue to benefit from the unrivalled expertise and commitment of our military colleagues in future as it does now.
20. Before I move away from the subject of terrorism I should note that we also face uncertainty over developments in Iran. In parallel with rising concern about Iran’s nuclear intentions, we have seen in recent months a series of attempted terrorist plots against Israeli interests in India, Azerbaijan and elsewhere. The US authorities last year uncovered a plot by the Iran’s Islamic Revolutionary Guard Corps to mount an attack on the Saudi Ambassador in America, and of course the IRGC leads straight back to the Iranian leadership. So a return to State-sponsored terrorism by Iran or its associates, such as Hezbollah, cannot be ruled out as pressure on the Iranian leadership increases.
21. I would like to move on from a threat that has been with us for decades to one that has become more prominent in the last few years - malicious activity in cyber space. It is particularly appropriate for me to be addressing this issue here in the Mansion House. The front line in cyber security is as much in business as it is in government. Britain’s National Security Strategy makes it clear that cyber security ranks alongside terrorism as one of the four key security challenges facing the UK. Vulnerabilities in the internet are being exploited aggressively not just by criminals but also by states. And the extent of what is going on is astonishing – with industrial-scale processes involving many thousands of people lying behind both State sponsored cyber espionage and organised cyber crime.
22. This is a threat to the integrity, confidentiality and availability of government information but also to business and to academic institutions. What is at stake is not just our government secrets but also the safety and security of our infrastructure, the intellectual property that underpins our future prosperity and the commercially sensitive information that is the life-blood of our companies and corporations. And the threat to businesses relates not only to major industrial companies but also to their foreign subsidiaries, and to suppliers of professional services who may not be so well protected.
23. Much of the Security Service’s work in this area is undertaken through the Centre for the Protection of National Infrastructure, in which we have made a significant investment in recent years. Working in close collaboration with GCHQ, the Department of Business Innovation and Skills, the Department for Energy and Climate Change, and also with law enforcement, we are currently investigating cyber compromises in over a dozen companies and are working with many others that are of high economic value and that are potential future targets of hostile state cyber activity. But this is only a tiny proportion of those affected.
24. And the internet has developed from a communication network to what is called the “internet of things” – connecting via the internet the buildings we work in, the cars we drive, our traffic management systems, Bank ATMs, our industrial control systems and much more. This increases the potential for mischief and leads to risks of real world damage as well as information loss. We are contributing to the international process of ensuring that the appropriate IT security management standards are in place to manage some of these new risks. So far, established terrorist groups have not posed a significant threat in this medium, but they are aware of the potential to use cyber vulnerabilities to attack critical infrastructure and I would expect them to gain more capability to do so in future.
25. The Government’s National Cyber Security Strategy makes clear that success in this endeavour is only possible if it engages not just government but also the private sector in tackling cyber crime, making the UK more resilient to cyber attacks, shaping an open and stable internet and developing our skills base. Within Government much of the deep technical knowledge on these issues lies in GCHQ. But we are all potential or actual victims of cyber attacks and so the knowledge that we all have of the vulnerabilities and losses our own systems have experienced is relevant to finding the right solutions. Through our involvement with the CPNI we have for several years encouraged the development of information exchanges where companies in the same sector can share information on security vulnerabilities in a confidential environment. These are chaired from the private sector and enable safe sharing in a non-competitive environment. A number of companies represented here tonight belong to these information exchanges. They are the object of some interest in other countries which have not developed the collaborative models to support them.
26. The Boards of all companies should consider the vulnerability of their own company to these risks as part of their normal corporate governance – and they should require their key advisors and suppliers to do the same. One major London listed company with which we have worked estimates that it incurred revenue losses of some £800m as a result of hostile state cyber attack – not just through intellectual property loss but also from commercial disadvantage in contractual negotiations. They will not be the only corporate victim of these problems.
27. If I may be allowed a Rumsfeld moment, there are of course the uncertainties we can be certain about – like terrorism, cyber security challenges and hostile intelligence activity by states. But there are also those things we remain uncertain about. There is not time tonight to do justice to all these, but it is right to consider how far the economic crisis in the Euro area is likely to lead to a rise of political extremism there or indeed here. There is some evidence of this in the results of the Greek elections. And anarchist groups in some European countries have been active and violent. But traditionally the British have been stolidly unimpressed by political extremists of left or right and I suspect that any problems we may have here will come from lone actors attracted to extremism and violence rather than an organised political movement. Nevertheless the BREIVIK case demonstrates how devastating a single individual can be if sufficiently determined and callous and for this reason my Service is working closely with the Police to monitor and understand trends in this area.
28. As I said earlier, in order to do our job of addressing these threats, we need to operate within a regulatory framework that is robust but flexible. Operational success for our Service increasingly depends not just on our own efforts but also on our ability to co-operate closely with others who are seeking the same goals. At home that means close co-operation with the Police Service, with whom the partnership that we have forged in the last ten years is viewed with envy by most other countries and is uniquely close and fruitful. It also means the closest co-operation with the UK’s other intelligence services, SIS and GCHQ, whose world class overseas capabilities are critical for our safety here at home. And it means that our own national security is inevitably enmeshed in that of other countries, with whom we must be able to collaborate and communicate freely.
29. The UK Intelligence community of necessity operates in secret. Our ability to safeguard this country from threats such as terrorism, espionage and extremism depends on our ability to keep secrets. Secrecy is essential if we are to avoid our opponents knowing whether they are on our radar and learning how we go about our work, and if sensitive sources are not to be put at risk. It is also essential to enable us to share intelligence with, and receive intelligence from, other intelligence services across the world. They must have the confidence that the information shared with us will be protected – and recent cases have cast doubt on our ability to deliver on our undertakings. But we are also accountable organisations that answer not just to government but also to the Intelligence and Security Committee of parliamentarians, to the Commissioners that oversee our work, and to the courts. We do not fear accountability, it’s an essential part of ensuring confidence in what we do and underpinning the values we uphold. At present our ability to account for our actions in the courts is constrained by the fact that sensitive national security related material relevant to civil proceedings can only be considered in open court. This means that such material cannot in practice go into court at all. This situation is bad for us, bad for the other party to proceedings and bad for the administration of justice.
30. I therefore welcome the recent proposals from the government to ensure that where sensitive intelligence-related material is relevant to a civil case it will be possible for the Judge to decide to consider it in a closed process. No material that is currently considered in public will be made secret under the new arrangements and the effect will be that more, rather than less, material will go before the courts. But the sensitive material will be protected. This will mean better justice and better accountability.
31. The government also proposes that the Intelligence and Security Committee should have a wider remit, with stronger powers to hear sensitive evidence and a more direct link to Parliament – again leading to better and more transparent accountability, which we welcome.
32. At the same time, the proposed legislation to ensure that communications data continues to be available to the police and security agencies in the future, as it has in the past, is in my view a necessary and proportionate measure to ensure that crimes, including terrorist crimes, can be prevented, detected and punished. It would be extraordinary and self-defeating if terrorists and criminals were able to adopt new technologies in order to facilitate their activities while the law enforcement and security agencies were not permitted to keep pace with those same technological changes.
33. In conclusion, I would admit that describing the threats from the perspective of a security service can appear either to be crying wolf or revealing our own blind spots. At least some of the areas of concern that I have highlighted tonight may turn out to be dogs that don’t bark. I hope that is the case! On the other hand, the dog you haven’t seen may turn out to be the one that bites you. But I hope that, by sharing these thoughts with as diverse and distinguished an audience as this, it may help you to make your own risk judgements more accurately, and better understand the security landscape in which you operate.