3rd annual Electrical Infrastructure Security Summit
Speech by Philip Hammond, Secretary of State for Defence
Introduction
It is a great pleasure to be here today at the 3rd annual EISS summit.
I am extremely grateful to James [Arbuthnot], not just for his work as Chair of the Defence Select Committee, but for the efforts he makes personally to ensure attention in the UK is focussed on the threats it needs to be focussed on.
He can take personal credit for opening my eyes to the problems we face in protecting the critical electrical systems and our critical networks.
One of the most positive aspects of this annual event is that it brings together people from very different professional backgrounds, with different skill-sets and different expertise, but who share a common interest:
Working together to make sure threats to our infrastructure, whether from natural or man made sources, are investigated, assessed, monitored and indeed mitigated.
Scientists and security analysts; energy experts and astronomers; the public and the private sector.
This is a multi-disciplinary problem, so it means all of us working together across traditional boundaries, including across government departments, sometimes the most difficult bit.
And it is a global problem, so it means countries working together across international borders.
I would like to give a particular welcome to the representatives from around the world who are gathered here today.
I understand representatives from 20 countries are here today, working together to address a complex set of problems, demanding a complex set of responses.
A part of the intricate web of threats we face.
Multi-layered, asymmetrical, unconventional.
Often requiring a defence and security response that is not based on traditional methods.
That cannot be met using infantry, or jet planes or destroyers.
Indeed, one of the big challenges we face as politicians, particularly at a time of limited resources, is to make the case for spending on defence and security solutions that cannot readily be seen by the taxpaying public who are financing this, that cannot be shown off on the parade ground - that sometimes cannot be talked about.
I want to talk today about the progress the UK government has made, since the EISS summit in Washington last year, in strengthening resilience in the face of specific threats to electrical networks.
As Secretary of State for Defence, I have a particular concern to ensure that we deter and prevent any prospect of a large scale malicious attack and that the UK’s armed forces have the ability to respond to such an event.
But let me first talk about the profile of the threat, because in an era of fiscal challenge, limited resources must be deployed with pinpoint accuracy.
That needs a deep understanding of the risks and the discipline to tailor our response rigorously and proportionately to those risks.
The scattergun is not an affordable weapon.
Vulnerability
In the developed world, our connected, high-technology societies are massively reliant on electronic networks, and becoming ever more so.
In the United Kingdom, electronic technology reaches into every part of government, every business, every home, and increasingly, with mobile and wifi technology, pretty much every pocket in the country. Dependence creates vulnerability, and connectivity compounds that vulnerability.
Take away the technology and our modern life-support system falters, it’s not just light and heat, it’s the digital computers and automated systems that help run many things we rely on, from health care to the transport system, from ATMs and EPOS terminals to the food distribution network.
A sustained blackout covering a large geographical area could have crippling consequences and do serious damage to the welfare of our citizens, as well as the functioning of our economy.
So the resilience of the systems that help run our society is a concern of our domestic civil contingencies organisation, and assessing the risks to those systems is a matter of national security.
In the United Kingdom, we take a holistic approach to risk assessment.
By working through the National Security Council, with its multi-disciplinary cross-government approach, we ensure or try to ensure that all avenues are explored.
The latest ‘National Risk Register for Civil Emergencies’ was published in January and the update of the ‘National Security Risk Assessment’, last undertaken as part of the 2010 National Security Strategy, will be completed later this year.
So we have a robust foundation upon which our plans are laid and resource allocation decisions are made.
For the purposes of today, I want to address two risks to our electrical infrastructure that I know are of concern, and which formed the basis of a recent House of Commons Defence Select Committee report, and set out how we are acting to mitigate them.
The first is man made and hostile: the employment of a nuclear weapon to generate a high altitude electromagnetic pulse, or HEMP, taking out electrical and digital systems over possibly thousands of square miles.
A threat in which I, as Defence Secretary, have an obvious and specific interest.
The second is natural and impossible to prevent: a severe electromagnetic storm caused by solar activity that has the capacity to cause significant disturbance to communication and power systems.
High altitude electro magnetic pulse
Let me deal first with the issue of a HEMP attack using a nuclear weapon.
And let me be crystal clear: A HEMP attack using a nuclear weapon against, or affecting, the United Kingdom, or our vital interests, or those of our allies, would be considered a nuclear attack on the UK.
The consequences for the perpetrator of a nuclear weapon being used as a HEMP device would therefore be severe and any potential aggressor should be aware that we will respond proportionately against any state that launches or enables such an attack.
The UK’s nuclear weapons are an important element of our capability so to respond.
But, although we must remain alert to the risk, we judge the likelihood of a HEMP attack against our homeland to be low.
It would require a combination of warhead and missile capabilities that is restricted at present to a few states, none of whom, we judge, currently have the intent to conduct a HEMP attack, and all of whom would understand the severe consequences of such aggression.
We do not expect that development of a HEMP capability would be a priority for a non-state actor when weighed against the other options they may have the capacity to achieve, such as a dirty bomb or other asymmetric methods.
UK focus is therefore aimed at preventing a HEMP threat becoming imminent and immediate, through deterrence, counter-proliferation and multilateral disarmament.
We also work to better understand and promote awareness of the threat, including internationally, supporting the International Electrotechnical Commission’s work on HEMP.
But we cannot discount the risk that a nuclear based HEMP threat to our vital interests will not emerge by 2050, which is our planning horizon.
So, while large nuclear arsenals and the possibility of proliferation exist, nuclear deterrence at a minimum effective level, will remain an important element in our national security.
There is no complacency and the significant resources we are investing in the UK maintaining and, in 2020s, renewing Trident are testament to that.
But the low likelihood of a HEMP threat arising means that extra resources may be better directed towards threats, for example, in the cyber domain, where an attack against our electronic arteries would be deniable, cheaper, have a more certain effect and therefore be more likely.
And that is just what the government is doing.
But while the UK considers a nuclear HEMP attack to be of low likelihood, we consider there is the significant possibility of a space weather event over the next 5 years that has the potential to cause disruption to the United Kingdom’s electrical infrastructure.
Space weather
With cyclical solar activity set to peak next year we should prepare for the possibility of some level of disruption.
The question is when and how much, not if.
Low level disruption due to solar activity is of course a fact of life.
The question is how we prepare for an event of sufficient magnitude that widespread damage is caused to satellite systems or electrical circuits, leading to the sustained interruption of power or communications.
We need to have in place monitoring systems and predictive models that deliver sufficient warning of severe events to enable us to take preventative action.
And we need to have a far better understanding of the vulnerabilities in our networks, better to deploy our mitigation effort.
This will enable systems to be hardened only where they need to be and for resources to be used wisely.
By focussing on the most critical systems we can minimise the cost and maximise the effect.
The UK has a world class scientific base, and so we are well positioned to contribute to the collaborative efforts taking place internationally.
The British Antarctic Survey has a leading role in the EU space weather forecasting project for satellite operators.
The British Geological Society is working with European partners to assess the threat posed by magnetic storms to power distribution networks in Europe.
The growing partnership between the UK Met Office and the US National Oceanic and Atmospheric Administration (NOAA) is particularly encouraging.
The Memorandum of Understanding signed between the Met Office and NOAA last year has paved the way for the creation of a space weather model capable of indicating where, when, and for how long, space weather effects will persist.
This summit can of course contribute greatly to the understanding of the issues we face in common and help to focus the work that is on-going.
In the UK, government departments have been working extensively with space weather scientists and engineers, industry and regulators to gain the best available quantitative assessment of the risk to UK infrastructure.
This is a broad and diverse programme of work.
The government has worked with external experts to review the National Risk Assessment to make sure new and emerging risks are detected and the understanding of current risks is right up to date.
The Energy Emergencies Executive Committee keeps contingency plans up to date and has provided the National Grid and the Department of Energy & Climate Change with a solid body of work to help analyse the impacts of space weather events and build predictive models that will improve contingency planning.
Supergrid transformer design requirements have changed as a result, and strategic reserve holdings of transformers are being increased.
The National Grid is working with the British Geological Survey to make sure there is robust real-time network monitoring in place.
The National Space Security Policy is due to be published later in the year and will look at all these risks in a much wider context, to make sure all parts of government are working effectively together.
Much of Britain’s military equipment is designed to work in challenging electromagnetic environments.
The shielding developed in this context, against interference, discovery or detection for example, can provide some protection against electromagnetic effects.
Critical military infrastructure can, of course, operate independently of the national grid.
The MOD’s Defence Science and Technology Laboratory has a great deal of expertise in working with industry hardening and assessing electronic systems.
And I want the MOD to contribute actively to the improvement of the UK’s civil infrastructure resilience.
There is quite a lot of information on EMP protection from the government and others that is already in the public domain, for example that published by the International Electrotechnical Commission, and the MOD itself.
The MOD will now explore with others in government whether there is more that we can share with civilian infrastructure providers, including, for example, sensitive elements of the defence standards on EMP.
Conclusion
Collectively, we have to change the way people think about defence and security. This is a challenge for us all. It is about recognising the new dependencies and vulnerabilities that flow from the way people now live their lives.
It is about recognising that the solutions may require committing resources to defences you can’t see or hear or touch. And persuading our taxpayers that it makes sense.
Protecting the hi-tech networks that power our global society is part of this new way of thinking, and new way of acting.
Predicting and monitoring; preparing and mitigating; nationally and internationally.
Assessing risk and responding proportionately.
I hope that today is another step forward in helping us banish any lingering complacency and that we can continue to work together to ensure that the dependence on electrical networks and digital control systems that has so enhanced our quality of life and standard of living, does not become our Achilles heel.