Speech by Minister for Defence Peter Hultqvist at AFCEA TechNet Europe conference 2017
Upplands Väsby, 10 October 2017.
Check against delivery.
Ladies and Gentlemen,
The central theme of this year's conference is "Cyber Capabilities in Hybrid Warfare Scenarios".
The number of challenges in this arena is not small, and I will – from a political perspective - discuss some aspects of the topics that will be discussed during the coming days.
* * *
But first of all, I would like to put Swedish cyber security policy in the context of the broader Swedish defence policy. Our defence strategy focuses on two parts: first, to upgrade national military capability, and second, to deepen cooperation with other nations and organisations. Our government has, for the first time in more than two decades, decided to successively increase the defence spending with roughly 25% from 2014 up to 2020.
The key objective of the Swedish Defence reform for 2015 - 2020, is to strengthen military operational capability and to develop a modern total defence concept. The Swedish total defence concept is a combination of military and civil defence encompassing a wide range of agencies, authorities and representatives of civil society.
Cyber defence is an essential part of our national defence capabilities as well as a part of overall deterrence. And in order to ensure a strong cyber defence it is also necessary to have the ability to carry out active operations in the cyber domain. This was also part of the message from the Swedish Government and Parliament in the Defence Bill of 2015. We are therefore strengthening our capabilities in this area.
In addition to initiatives on total defence and cyber defence we have also decided to re-activate conscription for both women and men. This is a signal to adversaries and to our partners that we are taking security seriously.
We have re-established military presence on the strategic island of Gotland which is located in the middle of the Baltic Sea.
We have increased training and exercises. Just two weeks ago, we completed our largest national exercise in over 20 years, with contributions from the U.S., and neighbouring partners. The exercise involved almost 20,000 military personnel and over 40 agencies. In 2020 we will have our next large national exercise. It will focus on Total Defence and civilian defence. In this exercise, cyber security will likely be one component.
The Navy will maintain surface combatants and upgrade two corvettes. Two next-generation submarines are under construction. Additional investments will be made in anti-submarine warfare capabilities.
On the Air defence side, we will keep investing in a new generation of Gripen fighters and arm them with air-to-air missiles.
Our defence bill should be seen in the light of the shifting security environment in Europe and our vicinity. Russia's war in Georgia was a negative change to the European security environment. Russia's illegal annexation of Crimea and support of separatists in eastern Ukraine came to challenge what had been the European security order for 25 years.
Russia has been upgrading its military capability for almost a decade. Our neighbours and partners in the vicinity of Russia feel the pressure. Russia is increasing its military exercises and intelligence activities in the Baltic Sea. Russia exercises their nuclear capability. From time to time Russian officials also refer to nuclear weapons in their rhetoric.
The possible action of states, state-sponsored actors or other actors with similar capabilities constitutes the most serious cyber security threat against Sweden. Like all other nations we must do our outmost to protect our critical infrastructure.
Ultimately, cyber security is about safeguarding fundamental societal values and objectives, such as democracy, human rights and freedom, national sovereignty, security and right to autonomy and economic stability.
* * *
Cyber threat is very much real and growing. Cyber attacks are aimed at Swedish companies and agencies. Last year we saw over one hundred thousand cyber activities from foreign state actors - in one year. Those activities are attempts, probing's or outright attacks.
Cyber attacks are often used as a means to other ends. The reported events in the United States last winter could be one example of the power of cyber tools as part of influence campaigns in the hands of antagonistic actors.
Other examples, although with both similarities and differences, are Estonia in 2007, Georgia in 2008 and Ukraine from 2014.
During the last years, we have experienced a number of instances in Europe and beyond where possible state sponsored actors have engaged in systematic fabrications, deception and other harmful influences.
I have seen my own signature on falsified documents concerning armaments deliveries to Ukraine. This false document circulated in media all over the world.
Last month, Sputnik news falsified an article in English by twisting the truth and what my comments had been to a Japanese journalist whom had written an article in Japanese on Swedish defence reform.
Six or so fake Twitter accounts have been opened in my name.
The Russian military doctrine states that the 4th arena for warfare is the information and cyber arena. The strategy they are using is also combined with deception known as "Maskirovka". Russia trains its military extensively in this arena. Russia uses a combination of psychological warfare and military power in a hybrid combination, as we saw in the annexation of Crimea.
Disinformation and fabrication is something Russia uses systematically. The U.S. and Europe must counter this more effectively and smarter. Policy makers have to be more deliberate when it comes to both cyber policy and strategic communication against this type of attacks. We often fail to address Russia's activities for what they are.
* * *
Cyber attacks are becoming more common, sophisticated at times and damaging. Cyber attacks have entered a new realm where it is possible to create physical damage on, for example, critical infrastructure.
As concerns international law, cyber defence raises a lot of issues, such as:
- Under which circumstances a cyber attack can constitute an armed attack, thereby creating a right to self-defence?
- To what extent a cyber weapon is lawful? and,
- How the proportionality of the response can be assured?
The development of cyber technologies is continuous. Legal advisors therefore play an important role in ensuring that international law is respected in this area.
* * *
It is very important to see things for what they actually are. Some say that the Internet changed everything. I would say to some extent yes, but also no. Yes, it is a revolution in itself. And yes, we seek and share information, communicate and interact in new ways. But the fundamentals of security-, defence- and foreign policy remain rather unchanged. Some states and non-state actors seek to influence other states by alternative information and propaganda, with the goal to destabilise and establish strategic and tactic advantages. In that sense the cyber domain is "just" another domain, another tool, for ancient purposes.
Russian operations in the Ukraine gave rise to an impression that Russia had employed new concepts of armed conflict. This is not the case. Russian actions in the Ukraine have roots in ancient warfare and traditional Soviet tactics.
If you look closer at Russian military intervention in Ukraine, it was very much a conventional military war. The modernised Russian Armed Forces acted with support and with a combination of various forms of cyber tools, disinformation, propaganda, influence campaigns and other traditionally non-military means.
* * *
The growing antagonistic dimension in cyber space makes it necessary to develop and strengthen cyber defences, in addition to all other vital instruments to counter fraud, theft, espionage etc. An active cyber capability is necessary to give credibility and to raise the threshold for a potential attacker. We see Swedish cyber capabilities as a cost effective, long term and major asset to defend the nation.
A key challenge will be to ensure that our cyber defence capabilities are connected with other abilities and measures in our society. Even the most advanced attackers might just as well use simple methods to reach advanced goals.
For Sweden, our total defence concept is an integral part of how to meet all forms of antagonistic threats to our nation and its interests. However, when it comes to cyber defence, strengthening your capabilities on a national level is not enough. International cooperation is required. One of many important international initiatives in this field that Sweden is engaged in is the NATO Cooperative Cyber Defence Centre of Excellence in Tallinn. Sweden recently sent an expert to the centre in order to contribute to its work. The centre plays an important role as a training facility as well as a contributor to discussions on cyber warfare and international humanitarian law. During the EU defence ministerial meeting in September, defence ministers took part of a cyber table top exercise. It gave us all ample opportunity to discuss and learn from advanced scenarios and how they can unfold.
Another important part of the Swedish Defence reform is the development of a Psychological Defence adapted to modern conditions and challenges. Psychological defence is key to maintaining our open and democratic society with freedom of expression even in times of extraordinary conditions.
Propaganda and influencing operations are part of a wide spectrum of threats and challenges in peacetime as well as in war. The ultimate objective is to uphold our fundamental values and to improve the ability of our society to withstand pressure from potential antagonists and opponents. Swedish agencies are tasked to improve their capability to identify and develop relevant international cooperation. We have already established cooperation with NATOs Stratcom Centre of Excellence in Riga and we have joined the European Centre of Excellence for Countering Hybrid Threats in Helsinki.
Although I have emphasised that we are facing problems that are in essence not new, I do believe that we can only handle and counter these problems with new levels of cooperation; nationally, regionally and globally.
There are many lessons to be learned. The most important lesson we all need to grasp is that these challenges have to be met together. Good luck during the upcoming days at AFCEA.