I'd like to thank the CER for inviting me this evening and for giving me this opportunity to talk to you about my work.
I am conscious of the fact that, not far from where we are having dinner tonight in this splendid room, eleven members of the armed forces, most of them bandsmen, died in twin bomb attacks on Hyde Park and Regent's Park in 1982. London was repeatedly attacked by the IRA from 1971 to 2001. Since then, jihadist-inspired terrorists have added to the capital's death toll. But for people of a certain age – and I am sure I am not the only person present to feel this – it has become commonplace to reflect that London, the UK and Europe are in the grip of a security threat which has not felt so chilling for decades.
Statistically, we are in a better place now than back in the dark days of the 70s and 80s. So why is it that we don't feel safer now? The first explanation is that the sense of insecurity and threat today is reinforced by the vast range of technological advances available to those who wish to harm us.
The catch-all word for this phenomenon is 'cyber' – I am afraid we shall be hearing a lot more about it in future. And I am sorry too that we seem to have reached the end of an age of innocence about technology and that we must prepare ourselves for an age in which we all will be required to be more clear-eyed about its costs and benefits. Technology brings huge benefits and positive opportunities. But the cyber age represents a paradigm shift in the way our enemies can harm us and therefore a big challenge for us to adapt to that threat.
We need to do this in three ways: by boosting our awareness of the multiplicity of jeopardies, which range from ransom-ware to false news; by building our resilience to cyber-attacks, at the personal level through to critical infrastructure; and – though less my subject tonight - by deterrence: in other words, by having the ability and tools ready to turn from defensive to offensive mode when faced by large-scale cyber-attacks which threaten cities and systems.
The second reason for our sense of insecurity is, I believe, the changing nature of the threat emanating from a crowded field of protagonists, motivated by an ideology fundamentally opposed to our values and which is not constrained by borders. It is the sense that nowhere feels truly safe. Those trying to do us harm can come from far away, or they can have grown up in our own communities, have been neighbours and apparently friends.
And there is a sense of frustration, that this threat is so difficult to counter, and so difficult to manage. And a feeling we could and should be doing better.
Sadly it's not that difficult to find the "what if" examples. The terrorist who murdered 12 people at a Christmas market in Berlin a few weeks ago was on the radar of both German and Italian security. We now know he was using as many as 14 different identities. What if information sharing had been better in early December?
One of the main culprits of the Bataclan Theatre attack in Paris was stopped at police checkpoints but allowed to go free because the officers examining his papers were not in the full picture about his terrorist links. What if those officers had been directed to check not just one database but several – would the subsequent attacks in Brussels have been thwarted?
Working with colleagues across the Commission, my role is to reinforce the effort that we are making on countering terrorism and serious and organised crime as well as the new threats posed by cyber.
They all clearly have a transnational dimension. Recent attacks demonstrate a network of activity across the European Union, which we can most effectively counter by working together. Member States remain in the front line to address these threats but the EU can and should support their work.
Across the Commission, we are working on two main fronts: first, to bear down on the space in which terrorists, cybercriminals and other criminals can act. Secondly, to reinforce our resilience to resist their attacks and to bounce back if, unfortunately, there are further attacks.
We have made progress over the last 18 months or so, both on fighting terrorism and the challenges of cyber. These are not risks you can eliminate. But on terrorism, we have strengthened our ability to know who is coming in and out of our countries by strengthening checks and controls at external borders and the exchange of information between our law enforcement and security agencies.
We established the European Border and Coast Guard Agency. We've agreed a revised Schengen Border code to systematically check all those coming in and out.
We can also do a lot better on implementing what has already been agreed. Let me give you one example: Prüm was established ten years ago to give countries access to one another's DNA, fingerprint and vehicle registration files. A number of countries have yet to take the final steps necessary to make it work. We are working to support them. But, if necessary, we can and will make further use of infringement procedures to get them to get a move on.
There is a new counterterrorism directive - travel to and from combat zones, training for the purposes of fighting and the financing of such activities will now be criminalised across the EU. The UK already has such rules in place, but our collective security is only as strong as our weakest link so it is essential that there are rules and standards in place in all EU countries. We are also toughening the rules on money laundering which helps finance terrorism and serious crime.
And we've agreed a deal on firearms which will remove the most dangerous military grade weapons from wider circulation, where they have no place.
So we are making it harder for terrorists to travel, to train, to finance themselves, and to acquire weapons and explosives.
And we are making progress on cyber too. We now have a directive on the security of networks and information systems which beefs up our resilience by requiring all member states to have a national cyber security strategy and an authority to run it and to improve European cooperation. We have stepped up our fight against cybercrime with a new specialist unit at Europol which has already scored a number of successes in dismantling international crime networks.
We are increasing funding support for innovation in the field of cyber security and also reinforcing international cooperation, because partnerships are vital if we are to build sufficient capacity to respond at the right level.
We are committed to learning the lessons of what works, and building on good practice. We are strengthening our cooperation with NATO. This summer we shall test our preparedness to deal with cyber incidents, and review how we are getting on building our resilience to possible hybrid attacks. We need to continue to plan for the future. Because threats in this field are not going away and don’t stand still.
Looking ahead, I also want to improve and modernise the architecture of our European law enforcement data systems, maintaining the highest standards of data protection. I want to make it easier for a front-line law enforcement officer, or indeed a border guard or immigration officer, to do their jobs.
But beating the terrorists isn't just about legal frameworks and databases. It must be about defending our values and society. We need to counter those who seek to radicalise people into committing acts of terrorism, whether that is through propaganda disseminated on the internet and social media, or through radicalising vulnerable young people in our communities.
We are working successfully with the big internet and communication service providers to tackle hate speech, incitement to violence and pernicious propaganda on the web. To identify it, take it down and stop it spreading. We are working with a growing network of civil society organisations and actors across Europe to tackle radicalisation in our communities.
I am convinced – and I base this partly on my own experience in a completely different setting, in Northern Ireland - that the most effective work to counter radicalisation in the community is not by the state, still less by Brussels; it is through grass-roots civil society.
To finish, given the unanswerable case for a collective response to the current global threats, perhaps I should say something about the elephant in the room.
The UK is leaving the European Union – we are just weeks away from Article 50 being triggered. I cannot speak for the UK authorities on their plans for future security cooperation and there are also things that we do not yet know about future relationships. But the UK’s decision late last year to opt-in to Europol's new regulation was, I believe, good for the UK and good for everybody.
Of course, terrorists and cyber criminals could not care less whether a country is in or out of Schengen or in or out of the EU. The interconnected world in which we live today offers unprecedented opportunities, including to criminals, terrorists, and hostile states. That is why it is essential to work together. The UK's departure from the EU will not change that reality. We are going to need to continue to have the highest quality security cooperation so we are ready for whatever the future holds.