MI5 Director General Ken McCallum Gave His Annual Threat Update

Ken McCallum, Director General of the UK’s MI5, spoke about the challenges posed by state threats, the current threat from terrorism, and MI5’s drive to learn, adapt, and strengthen the UK’s defences against hidden threats. He also reflected on the withdrawal of UK troops from Afghanistan and the ongoing challenge of encryption.

And then there’s Espionage.”

Governments seeking to spy on certain other governments is as old as the hills. That still happens and still matters. Yet increasingly, the UK victims of espionage on other states range way wider than just government. We see the UK’s brilliant universities and researchers having their discoveries stolen or copied; we see businesses hollowed out by the loss of advantage they’ve worked painstakingly to build. Given half a chance, hostile actors will short-circuit years of patient British research or investment. This is happening at scale – and it affects us all. UK jobs, UK public services, UK futures. 

As just one illustration, on professional networking sites we’ve seen over 10,000 disguised approaches from foreign spies to regular people up and down the UK, seeking to manipulate them. To speak directly: if you are working in a high-tech business; or engaged in cutting-edge scientific research; or exporting into certain markets, you will be of interest – more interest than you might think – to foreign spies. You don’t have to be scared; but be switched on. The ‘Think Before You Link’ campaign really means what it says. As a nation, we need – and we want – to trade and to collaborate internationally; but to do so on a level playing field, we need to have our eyes open.

We also need to have our eyes open to interference. States are always looking to influence each other; that’s what embassies and diplomats are for. But alongside those healthy engagements sit attempts at malign interference: seeking hidden relationships with politicians or other public figures to get them to push another country’s line; hack-and-leak operations intended to achieve political effect; troll farms using social media to sow divisions – or more often, to deepen existing divisions – within our society. 

This leads me to misinformation – the spreading, wittingly or otherwise, of inaccurate or distorted information. There’s a lot of it about. Most misinformation is not deliberate disinformation carefully crafted by foreign spies. But some of it is: some foreign states invest in capabilities to influence discourse in other countries; and they wouldn’t be doing so if they didn’t believe they were getting some benefit. So there is a focused role for organisations like mine to detect and call out any particularly damaging foreign-generated disinformation. But the larger national response must be to grow our collective resilience to the wider seas of misinformation: for each of us to be alert to the risks, to consume information intelligently, and to enjoy a rigorous, independent, plural media. 

For as long as it’s cheap and easy for hostile actors to try to access UK data; or to cultivate initially-unwitting individuals here; or to spread false, divisive information – they are bound to keep doing so. The UK’s response cannot be to hide under our beds, or refuse to engage with the world. Just like with terrorism, our response has to be proportionate and on twin tracks. First, there’s the operational response: MI5, working hand-in-glove with the people you’d expect in MI6, GCHQ, Defence, policing, and with our international allies, to go after the sources of the threat and reduce how much threat is coming at us. The second track is where we all have a part to play: the protective effort, making ourselves a harder target. We must, over time, build the same public awareness and resilience to state threats that we have done over the years on terrorism. 

This requires wide teamwork. Our adversaries are often adept at joining up multiple parts of their systems to probe potential UK vulnerabilities. Similarly, we need a whole-of-system response, joining up not only across government but also going much wider into industry and academia, and sometimes through to individuals. This is a generational challenge – essential to the UK’s future health and wealth – and MI5 is playing its part. The Centre for the Protection of National Infrastructure – through which MI5 has worked for years to protect critical infrastructure like power stations – increasingly does more than its name suggests, as it widens its scope to provide pragmatic security solutions and expert guidance well beyond the operators of critical infrastructure. I’ve already mentioned ‘Think Before You Link’; similarly, if you’re engaged in cutting-edge R&D, have a look at CPNI’s ‘Trusted Research’ guidance.

A further important step towards boosting UK resilience lies in refreshing our State Threats legislation. The Official Secrets Act 1911 – fully 110 years old – remains a cornerstone of our espionage legislation. I recently re-read Defence of the Realm, Christopher Andrew’s authoritative history of MI5’s first century, and enjoyed being reminded that in 1910, just six months into MI5’s existence, founding Director General Vernon Kell included in his first progress report a plea for strengthening the Official Secrets Act, as it was proving hard to prosecute espionage cases. Kell’s push led to the Official Secrets Act 1911. Funnily enough, it is now – obviously – hugely out of date and that’s why the forthcoming State Threats Bill, currently out to consultation, is so important. Today, it is not a criminal offence to be an undeclared foreign intelligence agent in the UK. Likewise, it is not currently illegal to be in a key position of influence in the UK and be secretly in the pay of a foreign state. That can’t be right. To tackle modern interference, we need modern powers. 

You’ll have spotted that I’ve majored on the types of activity we’re seeing, and how we have to respond – rather than concentrating on which states’ covert assets are posing these threats. That’s a deliberate choice; I’d like the focus to be on the response, much of which is agnostic of where threats come from. But if I fail to mention the source countries at all, you’ll rightly feel I’m ducking the question. So to be clear: the activity MI5 encounters day-by-day predominantly comes, in quite varying ways, from state or state-backed organisations in Russia, China and Iran. In all three cases these national security contests are taking place alongside wider UK engagement with those nations. Which is at it should be. We’ve just got to be pragmatic and robust about those places where we encounter damaging activity. Which we do, every day – in this growing, challenging, vital area of MI5’s work.

For a transcript of Director General of MI5 – Ken McCallum – full speech, click here