UK, and France, hosting 35 nations at inaugural conference to
tackle proliferation and irresponsible use of commercial cyber
intrusion tools and services.
Deputy Prime Minister will launch new international
agreement, signed by participants, to take joint-action - the
‘Pall Mall Process’.
States will be joined by big tech leaders, legal experts, and
human rights defenders, alongside vendors involved in developing
and selling cyber intrusion tools and services.
The Deputy Prime Minister, , will today call on
governments and businesses to address the proliferation of
commercial cyber intrusion tools and services by developing
better safeguards and oversight.
Concerned states, industry and civil society representatives will
come together in an inaugural two-day conference. Over the course
of the event participants will, for the first time, discuss joint
action to address the commercial market for cyber intrusion tools
and services and the threat they pose to international security,
human rights and the stability of cyberspace.
As well as attendees from over 35 states, representatives from
business and tech companies leading in cyber will also be in
attendance. This includes companies such as Apple, BAE Systems,
Google and Microsoft.
The National Cyber Security Centre’s (NCSC) assessment is that
the commercial cyber intrusion sector is doubling every ten
years. Where these tools are used maliciously, attacks can access
victims’ devices, listen to calls, obtain photos and remotely
operate a camera and microphone via ‘zero-click’ spyware, meaning
no user interaction is needed. The NCSC estimates this is almost
certainly happening at scale, with thousands of individuals
targeted globally each year.
Further threats include hackers-for-hire carrying out corporate
espionage or services and tools being accessed by hostile states
and individuals who threaten UK national security.
Responding to this threat, Deputy Prime Minister will open the conference by
announcing the launch of a new international initiative to be
signed by participating states and businesses, the Pall Mall
Process. Signing the declaration at the conference, states and
other attendees will commit to taking joint-action on the issue,
including meeting again in Paris in 2025.
While recognising the legitimate role cyber intrusion tools play
in keeping the nation safe, such as supporting national security
and law enforcement, attendees will consider measures to
discourage irresponsible behaviour as well as ways for all parts
of the ecosystem to improve accountability, transparency and
oversight to protect our collective security and freedoms.
The Deputy Prime Minister, commented on the event, “As
the threat from malicious use of cyber tools grows, working with
like-minded partners is essential to tackle an issue which does
not respect borders. I am proud that the UK is building on its
existing capabilities and taking action as a world-leader on
cyber threats and innovation.”
The UK and France are longstanding security partners and have
demonstrated their commitment to taking an international approach
to the threats posed by developing technologies. At the 2023
UK-France Summit they committed to working together on cyber and
later in 2024, France will host the second in-person AI Safety
Summit, following the UK’s inaugural Summit in November 2023.
NCSC Director of Operations Paul Chichester said:
The proliferation of commercially available cyber intrusion tools
is an enduring issue, with demand for capability to conduct
malicious cyber operations growing all the time.
It’s powerful to see such a broad community come together to
discuss how we can make the commercial intrusion sector work
better for security and society.
We need a thriving global cyber security sector to maintain the
integrity of our digital society, and by working together to
improve oversight and transparency in how this capability is
being developed, sold and used, we can reduce the impact of the
threat to us all.
