- UK, and France, hosting 35 nations at inaugural conference to tackle proliferation and irresponsible use of commercial cyber intrusion tools and services.
- Deputy Prime Minister Oliver Dowden will launch new international agreement, signed by participants, to take joint-action – the ‘Pall Mall Process’.
- States will be joined by big tech leaders, legal experts, and human rights defenders, alongside vendors involved in developing and selling cyber intrusion tools and services.
The Deputy Prime Minister, Oliver Dowden, will today call on governments and businesses to address the proliferation of commercial cyber intrusion tools and services by developing better safeguards and oversight.
Concerned states, industry and civil society representatives will come together in an inaugural two-day conference. Over the course of the event participants will, for the first time, discuss joint action to address the commercial market for cyber intrusion tools and services and the threat they pose to international security, human rights and the stability of cyberspace.
As well as attendees from over 35 states, representatives from business and tech companies leading in cyber will also be in attendance. This includes companies such as Apple, BAE Systems, Google and Microsoft.
The National Cyber Security Centre’s (NCSC) assessment is that the commercial cyber intrusion sector is doubling every ten years. Where these tools are used maliciously, attacks can access victims’ devices, listen to calls, obtain photos and remotely operate a camera and microphone via ‘zero-click’ spyware, meaning no user interaction is needed. The NCSC estimates this is almost certainly happening at scale, with thousands of individuals targeted globally each year.
Further threats include hackers-for-hire carrying out corporate espionage or services and tools being accessed by hostile states and individuals who threaten UK national security.
Responding to this threat, Deputy Prime Minister Oliver Dowden will open the conference by announcing the launch of a new international initiative to be signed by participating states and businesses, the Pall Mall Process. Signing the declaration at the conference, states and other attendees will commit to taking joint-action on the issue, including meeting again in Paris in 2025.
While recognising the legitimate role cyber intrusion tools play in keeping the nation safe, such as supporting national security and law enforcement, attendees will consider measures to discourage irresponsible behaviour as well as ways for all parts of the ecosystem to improve accountability, transparency and oversight to protect our collective security and freedoms.
The Deputy Prime Minister, Oliver Dowden commented on the event, “As the threat from malicious use of cyber tools grows, working with like-minded partners is essential to tackle an issue which does not respect borders. I am proud that the UK is building on its existing capabilities and taking action as a world-leader on cyber threats and innovation.”
The UK and France are longstanding security partners and have demonstrated their commitment to taking an international approach to the threats posed by developing technologies. At the 2023 UK-France Summit they committed to working together on cyber and later in 2024, France will host the second in-person AI Safety Summit, following the UK’s inaugural Summit in November 2023.
NCSC Director of Operations Paul Chichester said
The proliferation of commercially available cyber intrusion tools is an enduring issue, with demand for capability to conduct malicious cyber operations growing all the time.
It’s powerful to see such a broad community come together to discuss how we can make the commercial intrusion sector work better for security and society.
We need a thriving global cyber security sector to maintain the integrity of our digital society, and by working together to improve oversight and transparency in how this capability is being developed, sold and used, we can reduce the impact of the threat to us all.