The Chancellor of the Exchequer George Osborne has set out a national cyber plan. He said the Government would almost double spending against cyber attack, to total £1.9 billion over five years. He said: “If you add together the spending on core cyber security capabilities, protecting our own networks and ensuring safe and secure online services, the government’s total cyber spending will be more than £3.2 billion.” In 2016 the Government will establish a single National Cyber Centre, which will report to the director of GCHQ; its public face will ‘work hand in hand with industry, academia and international partners’.
In a speech at GCHQ, George Osborne said: “As Chancellor I know about the enormous potential for the internet to drive economic growth, but I am also acutely aware of the risk of cyber attack harming our economy and undermining the confidence on which it rests. And I also know that we can’t afford to build strong cyber defences unless they rest on the solid foundations of sound public finances.”
The Government will introduce a cross-government IP Reputation Service, to warn government websites when they try to do business with known bad addresses. He said: “We have done this already with HMRC, and saved £40m on fraud on a £1m investment.” While internet service providers (ISPs) already divert their customers from known bad addresses, to prevent them from being infected with malware, the Government will explore whether they can work together to provide such protection on a national level. And Government will create a £165m Defence and Cyber Innovation Fund, ‘to support innovative procurement across both defence and cyber security’. He added that the Government will work on an ‘offensive cyber capability’: “We reserve the right to respond to a cyber attack in any way that we choose.”
He said that citizens need to follow basic rules of keeping themselves safe – installing security software, downloading software updates, using strong passwords; and companies need to protect their own networks, and harden themselves against cyber attack. Mr Osborne said that GCHQ is monitoring cyber threats from ‘high end adversaries’ against 450 companies across the aerospace, defence, energy, water, finance, transport and telecoms sectors. “The starting point must be that every British company is a target, that every British network will be attacked, and that cyber crime is not something that happens to other people.
“From our banks to our cars, our military to our schools, whatever is online is also a target. We see from this place every day the malign scope of our adversaries’ goals, their warped sophistication and their frenetic activity. The stakes could hardly be higher – if our electricity supply, or our air traffic control, or our hospitals were successfully attacked online, the impact could be measured not just in terms of economic damage but of lives lost. ISIL’s murderous brutality has a strong digital element.”
In 2010 the then Coalition Government began a National Cyber Security Programme, and set up the Computer Emergency Response Team (CERT) for the UK, and the Cyber Information Sharing Partnership for companies. Cyber incident exercises have included the recent Resilient Shield, a joint UK-US exercise across the financial sector.
George Osborne said: “The truth is that we have to run simply to stand still. The pace of innovation of cyber attack is breathtakingly fast, and defending Britain means that we have to keep up. At the heart of cyber security is a painful asymmetry between attack and defence. It is easier and cheaper to attack a network than it is to defend it. And the truth is that this asymmetry is growing.” Last summer GCHQ dealt with 100 cyber national security incidents per month, he said; this summer, 200 a month. For the speech in full visit gov.uk.
Comments
Greg Sim, CEO of Glasswall Solutions, said: “It is very welcome that the Government so explicitly recognises the vital international cyber security role of innovative British born businesses such as Glasswall. We are delighted to be described as ‘an excellent British company’ by the Chancellor in his speech and to have been the first he mentioned. We have the skills to defeat cyber criminals and look forward to being in the vanguard of the world-wide campaign to defeat them.
“Organisations in the public and private sector need to acknowledge that what they currently have by means of protection and defence against cyber threats, simply isn’t working, and they need to understand why. The plans laid out this week by the Chancellor demonstrate that the Government is not just admiring the problem but instead approaching it logically. By forming relationships with technology innovators, the Government will benefit from a proactive approach based on known good standards rather than continuing to create reactive technologies that get out of date or are quickly compromised.
“The UK Secret Intelligence Services are some of the best in the world and these partnerships with private organisations such as Glasswall, will further help ensure every step possible is taken to maximise cyber security.”
At the audit firm PwC, cyber security partner Richard Horne said: “The threat from cyber attacks is constantly developing. New perpetrators can acquire capability or access to target organisations rapidly through the criminal market. The increased investment by the Government is welcome, but even more important is continuing to increase the focus and investment across the UK economy and society as a whole. In today’s digital world, we are incredibly interconnected and interdependent; one organisation’s weakness could be exploited to cause an impact elsewhere. Protecting ourselves from the impact of cyber attacks is a common endeavour for all organisations and for individuals too.”
And Dr Adrian Davis, Managing Director for EMEA, at the infosec industry body (ISC)2 welcomed the speech for raising the level of appreciation for cyber security requirements; putting the issues on an economic platform; and acknowledging its role in assuring prosperity as well as national security.
“However, while the Chancellor advocates a plan that acknowledges the priority of cyber initiatives, he places a huge reliance on everyone outside of government to do their part to ensure real impact. I say this because the funding investment over the next five years, although double previous commitment, is a fraction of what is really required to bring society up to speed. This is a plan that is all about catalysing action from stakeholders, partners and the broader business community. While more details are to come on Monday, it appears they continue to defer direct development toward specialist expert capability and technical innovation driven by the very focussed perspective that comes out of GCHQ. I am wary of having the management of the entire plan – from law enforcement to business support – centralised within a centre of excellence that reports to GCHQ. GCHQ is a valued and an incredible resource and there is no doubt that the new initiatives will have their value but to really catalyse action and investment, these plans must ensure broader input from the private, business and professional communities.
“On the skills front, the UK government has been a leader and it’s good to see that the UK government continues to recognise that expert capabilities are needed to match the developing threat through the National Cyber Security Strategy and that they are prioritising embedding knowledge at every level of education. There is a lot of work to do here and we remain committed to being a strong partner in this area of development. I would like to emphasise that this is a need that goes far beyond our own profession and that we need to work to embed cybersecurity across many disciplines, not just develop the experts.
“In short the Chancellor has done a great job of acknowledging the challenge, outlining the priority government has to put toward it, but I wonder if the broader call to action was clear enough to ensure all who need to take note actually do so.”
