Close

MI5 Director General Ken McCallum gives his Annual Threat Update

Introduction

Good morning everyone. Thank you for coming. 

Our nation has been through an utterly extraordinary year. The pandemic has brought massive shifts in how we’re living and working – and accelerated many wider global trends. The Integrated Review published by government in March described an increasingly contested world, and the importance of growing our national resilience. Today I want to share my take on what it all means for MI5 – and what 2021’s covert threats mean for the British public. 

This is part of the commitment I made in my first speech as Director General – that MI5 would reach out in new ways to the public we serve. Keeping secrets secret, but communicating more of ourselves as an organisation. My commitment to you is to share the things we can share without compromising your safety. Why? Because we serve you and you deserve to know what shapes our priorities. Because increasingly, the threats we face can touch all of our lives. Because we believe that if you know more of who we really are as people, more of you will decide to explore careers with us – and to be successful we need the best people, drawn from the whole of the UK workforce. And finally because I am incredibly proud of MI5’s people. They do not seek and cannot receive individual recognition but they couldn’t do their jobs without the trust and support of the British public.

And so, in the year since I took over we’ve been on that journey of responsible opening up. We’ve launched on social media, hoping to bust a few myths and encourage diversely talented people to see a career for themselves in MI5; I did my first Instagram Q&A a couple of weeks back. I did an extended radio interview jointly with Assistant Commissioner Neil Basu, reflecting together on the deep professional partnership that has been built between MI5 and policing. In the months ahead I’ll likely say more on science and technology, which lies at the heart of how MI5 maintains its edge through the 2020s… and at the same time is opening up new vulnerabilities in our society.

Today I’ll begin with the challenges increasingly posed by State Threats. I’ll move on to terrorism – still the national security threat of greatest concern to the public. I’ll conclude on one of the responsibilities I feel most keenly as Director General: leading MI5’s perpetual drive to learn, to adapt and to strengthen the UK’s defences against hidden threats.


State Threats

Let me start, then, with State Threats. The global context described in the Integrated Review translates, day-by-day, into threats which directly touch many more members of the public than we’re used to. Let me explain what I mean by that. To put it plainly, why should you care about the covert activities of certain foreign States?

The first and most visceral concern is physical threats to life. As the nerve agent attack in Salisbury showed, some hostile actors are prepared to come to the UK to kill. Others are more cautious, and seek to lure or coerce individuals to travel out from the UK to other countries, where they can be detained, abducted or harmed. Such threats are normally targeted at specific individuals viewed as dissidents or enemies by their country of origin. The UK will not tolerate such activity. It’s about standing up for our values. And it’s also because the practical reality is that aggressive and reckless activity can present wider risks on our streets – as shown so horribly at Salisbury in the tragic death of Dawn Sturgess and the effects on others.

Alongside such sharp but comparatively infrequent risks, sit threats which are less graphic – but have the potential to affect us all. In 2021, we all live much of our lives online – and the functioning of our society heavily dependent on digital infrastructure. Disruptive cyber-attacks such as ransomware can bring down everything from national institutions to your local hospital. The consequences range from frustration and inconvenience, through loss of earnings, potentially up to loss of life, such as in cases where healthcare services are affected. If it ever was, cyber is no longer some abstract contest between hackers in it for the thrill or between states jockeying position in some specialised domain; in the 2020s, cyber consistently bites on our everyday lives.

And then there’s espionage. Governments seeking to spy on certain other governments is as old as the hills. That still happens and still matters. Yet increasingly, the UK victims of espionage on other states range way wider than just government. We see the UK’s brilliant universities and researchers having their discoveries stolen or copied; we see businesses hollowed out by the loss of advantage they’ve worked painstakingly to build. Given half a chance, hostile actors will short-circuit years of patient British research or investment. This is happening at scale – and it affects us all. UK jobs, UK public services, UK futures. 

As just one illustration, on professional networking sites we’ve seen over 10,000 disguised approaches from foreign spies to regular people up and down the UK, seeking to manipulate them. To speak directly: if you are working in a high-tech business; or engaged in cutting-edge scientific research; or exporting into certain markets, you will be of interest – more interest than you might think – to foreign spies. You don’t have to be scared; but be switched on. The ‘Think Before You Link’ campaign really means what it says. As a nation, we need – and we want – to trade and to collaborate internationally; but to do so on a level playing field, we need to have our eyes open.

We also need to have our eyes open to interference. States are always looking to influence each other; that’s what embassies and diplomats are for. But alongside those healthy engagements sit attempts at malign interference: seeking hidden relationships with politicians or other public figures to get them to push another country’s line; hack-and-leak operations intended to achieve political effect; troll farms using social media to sow divisions – or more often, to deepen existing divisions – within our society. 

This leads me to misinformation – the spreading, wittingly or otherwise, of inaccurate or distorted information. There’s a lot of it about. Most misinformation is not deliberate disinformation carefully crafted by foreign spies. But some of it is: some foreign states invest in capabilities to influence discourse in other countries; and they wouldn’t be doing so if they didn’t believe they were getting some benefit. So there is a focused role for organisations like mine to detect and call out any particularly damaging foreign-generated disinformation. But the larger national response must be to grow our collective resilience to the wider seas of misinformation: for each of us to be alert to the risks, to consume information intelligently, and to enjoy a rigorous, independent, plural media. 

For as long as it’s cheap and easy for hostile actors to try to access UK data; or to cultivate initially-unwitting individuals here; or to spread false, divisive information – they are bound to keep doing so. The UK’s response cannot be to hide under our beds, or refuse to engage with the world. Just like with terrorism, our response has to be proportionate and on twin tracks. First, there’s the operational response: MI5, working hand-in-glove with the people you’d expect in MI6, GCHQ, Defence, policing, and with our international allies, to go after the sources of the threat and reduce how much threat is coming at us. The second track is where we all have a part to play: the protective effort, making ourselves a harder target. We must, over time, build the same public awareness and resilience to state threats that we have done over the years on terrorism. 

This requires wide teamwork. Our adversaries are often adept at joining up multiple parts of their systems to probe potential UK vulnerabilities. Similarly, we need a whole-of-system response, joining up not only across government but also going much wider into industry and academia, and sometimes through to individuals. This is a generational challenge – essential to the UK’s future health and wealth – and MI5 is playing its part. The Centre for the Protection of National Infrastructure – through which MI5 has worked for years to protect critical infrastructure like power stations – increasingly does more than its name suggests, as it widens its scope to provide pragmatic security solutions and expert guidance well beyond the operators of critical infrastructure. I’ve already mentioned ‘Think Before You Link’; similarly, if you’re engaged in cutting-edge R&D, have a look at CPNI’s ‘Trusted Research’ guidance.

A further important step towards boosting UK resilience lies in refreshing our State Threats legislation. The Official Secrets Act 1911 – fully 110 years old – remains a cornerstone of our espionage legislation. I recently re-read Defence of the Realm, Christopher Andrew’s authoritative history of MI5’s first century, and enjoyed being reminded that in 1910, just six months into MI5’s existence, founding Director General Vernon Kell included in his first progress report a plea for strengthening the Official Secrets Act, as it was proving hard to prosecute espionage cases. Kell’s push led to the Official Secrets Act 1911. Funnily enough, it is now – obviously – hugely out of date and that’s why the forthcoming State Threats Bill, currently out to consultation, is so important. Today, it is not a criminal offence to be an undeclared foreign intelligence agent in the UK. Likewise, it is not currently illegal to be in a key position of influence in the UK and be secretly in the pay of a foreign state. That can’t be right. To tackle modern interference, we need modern powers. 

You’ll have spotted that I’ve majored on the types of activity we’re seeing, and how we have to respond – rather than concentrating on which states’ covert assets are posing these threats. That’s a deliberate choice; I’d like the focus to be on the response, much of which is agnostic of where threats come from. But if I fail to mention the source countries at all, you’ll rightly feel I’m ducking the question. So to be clear: the activity MI5 encounters day-by-day predominantly comes, in quite varying ways, from state or state-backed organisations in Russia, China and Iran. In all three cases these national security contests are taking place alongside wider UK engagement with those nations. Which is at it should be. We’ve just got to be pragmatic and robust about those places where we encounter damaging activity. Which we do, every day – in this growing, challenging, vital area of MI5’s work.


Terrorism

Turning now to terrorism, I’ll start, like my career started, in Northern Ireland. There is much to celebrate: the rejectionist terrorist groups are much smaller now, they hold no meaningful mandate from the communities they pretend to represent, and, while they remain determined to cause harm, they continue to be subject to skilled, effective, proportionate action by security authorities on both sides of the border. With partners we have succeeded in progressively reducing the capabilities of dissident Republican terrorist groups across recent years. But at the same moment as all this positive progress on constraining terrorism, late March and early April saw some of the worst public disorder for several years, driven by a complex range of factors. From my years working there I know Northern Ireland is always complex – and often poorly understood from a distance. I can’t say that current strains are all about the Protocol – they’re not. And neither can I say current strains have nothing to do with the Protocol – that wouldn’t be true either. What is clear is that leadership – and listening – on all sides is required to maintain the progress for which all communities have made compromises, and from which all communities have hugely benefited.

As I discussed with a range of people when visiting last month, I am and I remain a long-term optimist on Northern Ireland. The 1998 Belfast Agreement and the long process which led up to it, stands as one of the finest public policy achievements of my lifetime. It has enabled a whole generation to grow up substantially free of the scarring which haunted previous generations. The holding of multiple identities – British, Irish, Northern Irish – is a living reality for many people, in a way it was not in my youth. Those are deep shifts, which make a return to Troubles-scale terrorism highly unlikely. But many of the powerful aspirations of the Belfast Agreement remain unfulfilled; and the legacy of the past still casts a long shadow, hindering the reconciliation that Northern Ireland needs to move forward. For MI5’s part, we will remain vigilant, working with partners both to pre-empt specific attack plots, and to grind away at the underlying capabilities of the terrorist organisations. 

The second variety of terrorism occupying MI5 attention is Extreme Right Wing Terrorism, for which MI5 took on lead responsibility just over a year ago. This now comprises a substantial minority slice of the risk we’re managing by one in five of our counter-terrorist investigations in Great Britain are Extreme Right Wing. Of the 29 late-stage attack plots disrupted over the last four years, fully 10 have been Extreme Right Wing. We are progressively finding more indicators of potential threat. By way of example, last month a man in Somerset, Dean Morrice, was sentenced to eighteen years in prison, having been convicted of possessing explosives. He was seeking to use a 3D printer to manufacture a firearm. Morrice was stopped before he was able to carry out any attack, but before his arrest had been actively trying to draw others into his toxic ideology. Extreme Right Wing Terrorism is here to stay, as a substantial additional risk for MI5 to manage.

This threat has some challenging characteristics: a high prevalence of teenagers, including young teenagers where the authorities’ response clearly has to blend child protection with protecting communities. Frequently, obsessive interest in weaponry, presenting difficult risk management choices even when it’s not clear whether the weaponry is directly linked to extremist intent. And always, always, the online environment – with thousands exchanging hate-filled rhetoric or claiming violent intentions to each other in extremist echo chambers – leaving us and the police to try to determine which individuals amongst those thousands might actually mobilise towards violence. This needs new expertise, new sources , new methods.

And finally, Islamist Extremist Terrorism, still MI5’s largest operational mission. Alongside all the focus rightly being given to State Threats, Islamist Extremist Terrorism remains a potent, shape-shifting threat. The shape and scale of what we face in the UK continues to be heavily influenced by events upstream in theatres of conflict, and how they are presented online. Over the last decade the overseas location exerting greatest influence on the UK threat has been – and remains – Syria, with over 950 UK-linked extremists getting there… and Islamic State reaching back here with slick English-language online propaganda. 2021’s Islamic State is nowhere near the force that 2015’s was: that is the result of sustained pressure and hard-won progress by a broad international coalition. But much counter terrorism remains to be done.

With partners we’re also working to tackle re-emerging extremist threats in Africa, principally Somalia. Meanwhile in Afghanistan, twenty years of dedicated effort have had profound effect: the Al Qaida terrorist infrastructure we faced in 2001 is long since gone. I want to take this moment to pay tribute to the military colleagues whose heroism and sacrifice achieved those vital gains. As NATO and US forces now withdraw, terrorists will seek to take advantage of opportunities – including propaganda opportunities – to rebuild. For the US and for ourselves, the counter-terrorist task will transition. As we seek to illuminate potential threats to take disruptive action, we will have neither the advantages nor the risks of having our own forces on the ground. This form of counter terrorism is not new to us – it’s how we’ve always operated in Somalia, for instance; but from that experience we know it is challenging. 

Back in the UK, as we near the twentieth anniversary of 9/11, we’re still contending with large volumes of risk, presented to differing degrees by many thousands of live and closed subjects of interest – often coming at us faster and more unpredictably. Every week the police and I brief the Home Secretary on the most immediate threats to life with which we’re dealing. It requires constant vigilance. 

Week by week, my teams, working with their close colleagues in the police and other agencies, detect potential threats and make, at volume, difficult judgements. Which fragments of information seem most likely to be pointing towards real risk? Which fragments – usually the majority – are misleading; or exaggerated; or indeed accurately reflect terrorist discussions – but discussions which will forever remain aspirational, and never translate into concrete plotting? So many of the hardest decisions we take in MI5 come down to prioritisation. Every decision to investigate X is, in effect, a decision not to investigate Y or Z. We make these difficult, necessary judgements with the utmost seriousness, always conscious of the responsibility we carry.


Constant Learning, Adaptation, Improvement 

We know as an organisation it is impossible to get ahead of every single strand of threat. Our response must always be to do what we can to shave the odds further in our favour, against the terrorists and State aggressors. We’re constantly on that journey – but we’ve been on a particularly focussed version of it in recent years, including through implementing the recommendations of the Operational Improvement Review we conducted with the police and others in 2017, with independent scrutiny by Lord Anderson. We believe we are safer as a result of those changes; I’ve mentioned the 29 late-stage attack plots disrupted over the last four years, and we’ve had much success, visibly and invisibly, in constraining State Threats. Our duty is to keep improving the system. We owe it to the public. I think we particularly owe it to the victims of past attacks. In this forum, I want to extend our deepest sympathies to all those affected by terrorism or State aggression: those who’ve lost loved ones, those whose lives have been changed forever. We dedicate our professional lives to doing all we can to prevent such appalling things from happening. When appalling things do happen, we are devastated.

Any serious career in MI5 includes searing moments that stay with you for a lifetime. Late-night calls, typically from our police colleagues, when news breaks of an incident. In those early moments you don’t know the full facts; but you know something inhuman has taken place. These moments devastate us – and they serve as our burning motivation. The most important response we can give is to do all in our power to reduce the risk of future attacks. We do not rest. One part of that is MI5 participating fully in whatever inquests or inquiries are conducted, as we did recently on Fishmongers’ Hall and as we are doing at the ongoing Manchester Arena Inquiry, from which I am committed to learning any lessons necessary. Likewise, we respond to the ongoing independent scrutiny from the Intelligence and Security Committee of Parliament, and from the Investigatory Powers Commissioner. Crucially, those important formal processes sit alongside our own resolve to continuingly learn lessons, pushing ourselves day-by-day and year-on-year to adapt, to innovate, to improve.

We’re taking some massive further steps. The Counter Terrorism Operations Centre was announced by government in the Integrated Review. Designed around the needs of the public not the convenience of institutions, the Centre brings together in one flexible facility all the agencies whose distinctive knowledge and skills combine to keep the public safe. As we face evolving terrorist and State threats in the coming years, this multi-agency Operations Centre will be a crucible for bringing together new data flows, diverse talent, deeper and wider partnerships, and harnessing technology innovation at pace. It will be central to MI5’s ability to continue to keep the country safe through the 2020s.


Encryption

I can’t conclude without touching on encryption. I know we’re repetitive on this one – but it remains the case that we are drifting towards danger. End-to-end encryption, done in the way Facebook is currently proposing, will hand a gift to the terrorists MI5 has to find and tackle – and a gift to the child abusers our colleagues in the National Crime Agency have to find and tackle. The CEO of WhatsApp, Will Cathcart, recently branded government objections to end-to-end encryption as “Orwellian”, akin to demands that video cameras be placed in every living room. If it were true that that was what we were asking for, that would indeed be Orwellian. But that’s not what we’re asking for. Let me tackle this mischaracterisation head-on – and explain the much more limited duty the tech companies have an obligation to meet, for the safety of their users, our citizens.

Let me be clear: we support strong encryption and we support privacy for the population. The only point of contention is around what has to be possible in the case where we have strong grounds to believe that an individual is plotting grave crimes. We have to face the scenario where – to use Facebook’s own language – a living room is being used to build a bomb, or to organise the sexual exploitation of children. In the case of a physical living room, MI5 would submit a warrant application to a Secretary of State and a senior judge, explaining why we believed it was necessary and proportionate to monitor that room. UK public opinion is clear: terrorists, paedophiles and serious criminals should not enjoy an absolute right to privacy. The same must hold true online in virtual living rooms. In cases of exceptional threat, where a Secretary of State and an independent judge have signed a legal warrant, we should be able to present that warrant to the company and request the relevant content. That’s not about “back doors” or fatally weakened encryption. If you must pick a door, it’s the front door.

I want to make a public plea to tech companies to engage seriously with governments – or with me if they like – on the necessity of designing in public safety alongside designing in privacy. Over the last decade UK governments have had constructive discussions with tech companies on the removal of harmful content from their platforms, and the companies have taken important steps, to which I gladly pay tribute. Encryption should not be falsely presented as binary privacy or safety: the public needs the tech companies to find solutions which both maintain users’ privacy and support everyone’s safety. That means lawful access, on an exceptional warranted basis, to the content of the tiny minority of people who are cynically using the tech platforms to harm the rest of us. These tech companies are brilliant at what they do; it seems to me they have solved harder problems, when they really want to.


Conclusion 

So that’s my 2021 survey. The variety of what we face is huge: from sophisticated nation states, drawing on the entire apparatus of government to undermine our security; through to misguided teenagers, espousing a warped and racist ideology, bent on killing those different to them. MI5’s task is to find, prioritise, and tackle them all. We must always keep a sense of proportion; none of these threats is capable of destroying life as we know it in the UK. But they can kill; they can ruin lives; they can corrode the fabric of our society, and limit the life chances of the rising generation. These are threats worth standing up to. I am proud to lead an organisation full of committed, courageous people who get out of bed every morning to do just that. And constantly, constantly, to ask ourselves how we can do it even more effectively. Thank you.

MI5 © Crown Copyright 2021

Leave a Reply

0 Comments
scroll to top