Just a few days after the ISIS attacks in Paris, George Osborne announced that UK spending on cybersecurity would be doubled to £1.9 billion over five years.
Dr Paul Stephens, Director of Computing, Digital Forensics and Cybersecurity, explains why doubling the investment in cybersecurity is so important, and not just for tackling the growing threat ISIS poses to the UK’s cybersecurity:
“Islamic State is plotting deadly cyber-attacks – George Osborne” (BBC), “Osborne raises spectre of Isis cyberattacks on UK” (Financial Times), “Isil plotting deadly cyber-attacks against Britain, George Osborne warns” (The Telegraph) and “Islamic State ‘Plotting Deadly Cyber Attacks’” (Sky News), were some of the headlines, but for me this wasn’t where the focus needed to be. Whilst the Chancellor did say that ISIL are currently using the Internet for recruitment, planning and propaganda purposes he stated quite clearly that they did not have the capability to carry out a cyber-attack but would be looking to do this in the future. This in itself is of course worrying, but the rest of what he said made a much more convincing case for why a doubling of investment in cybersecurity made sense.
George Osborne reiterated what the Prime Minister had stated just after the Paris attacks: that this year, our intelligence services had prevented seven terrorist attacks. He also asserted that GCHQ are dealing with 200 national cybersecurity incidents per month, up from 100 per month just last summer. This suggests that while ISIL does not yet have the capacity to carry out cyber-attacks there are plenty of others that do and that the dramatic increase in these attacks warrants the doubling of the budget allocated to blocking these activities.
There was also a message for computer users everywhere to follow basic cybersecurity guidelines such as those the published by the HM Government supported Get Safe Online which encourages users to use security packages, keep software up-to-date and utilise strong passwords. Businesses are also advised to harden themselves against attackers. This can be done with the advice provided in the Ten Steps to Cyber Security but also through the Cyber Essentials Scheme, which in addition to the measures needed for companies to protect themselves also provides certification to those enrolled and thereby assurance to their customers that a threshold level has been reached in protecting their data. The Chancellor also announced a single, unified source of support to businesses through the establishment of the National Cyber Centre in 2016.
Another interesting aspect, particularly to those who teach computing in higher education, was the commitment to education. £20 million has been set aside for opening an Institute of Coding, bids would be invited from interested parties (such as universities) to encourage the hard computer science skills required for careers in cybersecurity. While Mr Osbourne did state that this money was to “…fill the current gap in higher education and train the next generation…” with the required skills, it was not clear to me whether the deficiencies he referred to were in the abilities of those currently studying in higher education or if it referred to a lack, at present, of those destined for a cybersecurity career. Either way there seems to be a focus on developing higher level computing expertise from an early age with 14 to 17 year olds to be offered mentoring, project work and summer schools. This should both boost the technical skills of the population and the number of people entering a career in computing.