November 21, 2016
People’s reliance on the internet in their everyday lives is such that good cybersecurity is not only about what individuals and organisations do to protect themselves, but what governments must do to ensure that national critical infrastructure is well protected.
Ben Gummer, the minister for the Cabinet Office, has highlighted the growing vulnerability of public services to cyber attack, and the chancellor, Philip Hammond, has committed £1.9bn over five years to bolster cybersecurity defences. The chancellor’s announcement, a re-announcement of the same figure by his predecessor George Osborne, is dwarfed by the amount of spending the US has earmarked – in 2017 along, it plans to spend 10 times the UK sum.
That said, Britain’s spend is almost twice the figure France has put aside over the next three years, and is slightly more than the European Commission’s €1.8bn investment in a new public-private partnership on cybersecurity.
But just how will this money tackle cyber-attacks and is it effective? Cath Goulding, head of IT Security at Nominet, the official registry for .uk domain names, says governments are looking to invest in capabilities that are required for potential cyberwars, but an offensive capability needs to be coordinated and consistent and a good defensive posture is paramount.
“The new NCSC [National Cyber Security Centre] has an agenda that details tangible outcomes,” says Goulding, who is a former security operations manager at Government Communications Headquarters. “Of course, there is no silver bullet but these should make a difference when it comes to analysis and defence.”
The NCSC, announced by then chancellor George Osborne in November last year, pools cyberexpertise to tackle cybersecurity issues in the UK.
The outcomes Goulding speaks about look to fix the underlying infrastructure that powers the internet but that can be subverted by cybercriminals to attack computers run by firms, governments and individuals.
Hackers normally infect systems with malicious software, known as malware, usually via an attachment on an email, which can then allow the criminals to take control of systems and steal information, such as bank details. In the case of countries, one country can steal intellectual property of industrial targets in order to gain economic advantages. A country with a lot of intellectual property will find itself a main target of such hackers.