Is UK doing enough to protect itself from cyber attack?
internet news hass and associates review In 2010 the British government designated the protection of computer networks as one of the country's most important national security priorities. In its Strategic Defence and Security Review (SDSR) it pledged, "The National Cyber Security Programme will be supported by £650m of new investment over the next four years". What exactly has this investment bought, three years on? Speaking on and off the record to insiders - from the government, intelligence agencies and security industry - it is apparent that the achievements in defending the UK from this threat have disappointed many. Much of the available funding may actually have been directed at improving the UK's ability to target other countries' computer secrets. Some point out that even if everything had gone to plan, an investment averaging £162.5m per year over four years could only have a limited effect on such a huge problem. Security experts estimate that there are about 50 million cyber attacks a year in the UK, a number which they say is growing rapidly all of the time, and they put the damage to the UK economy at up to £27bn last year. Yet, even according to government plans, less than half the total money committed has so far been spent. There are suggestions that early strategising consumed many precious months and that the Cabinet Office, which is supposed to be giving overall direction to the project, has not yet allocated much of the money to specific projects. "Some people have… said we're saving money for a rainy day," Mark Phillips, who helped draught the government's strategy, and is now at the Royal United Service Institute (RUSI) think tank, says. "To which my response is that we already have a rainy day, we have a high threat already with cyber." Francis Maude, the minister responsible for cyber security, disputed this interpretation in a statement to BBC Newsnight, saying: "Far from abdicating our responsibility on funding, to date we have spent over one third in the first two years of the programme. We are on target and in line with our public spending forecasts. The rapidly changing nature of cyber threats to the UK demonstrates the need for a flexible cyber security response so we reassess our spending priorities on a regular basis as was always the case. This is a prudent, sensible, smart approach as we move forward into the final two years of the programme." Even if the full £650m is spent, as those close to the policy insist it will be, it is apparent that this will be done over five years rather than the originally promised four. The other striking thing about the capability that has been taking shape is its offensive character; official figures show that 59% of the planned spend is meant to go to the intelligence agencies. "We can achieve a tremendous amount these days through remote exploitation rather than face to face meetings with agents," says an MI6 officer referring to attacks on computer networks. "GCHQ's offensive capability gives the UK an edge," a former senior officer at the eavesdropping centre in Cheltenham told me, adding, "a large proportion of that money has [therefore] gone into those capabilities". John Bassett, now at RUSI and formerly GCHQ's Senior UK Liaison Officer in Washington, adds that much of the new government funding has gone on, "existing programmes... designed to get a really strong grip on global situational awareness".
READ FULL ARTICLE: http://www.bbc.co.uk/news/uk-22338204