After the devastating events of last week in Paris George Osborne has been quick to find an extra £1.9 billion to almost double the amount the government will spend on cyber security by 2020 to around £3.2bn.
Prime Minister David Cameron wants to add 1,900 staff to the Government Communications Headquarters (GCHQ) in Cheltenham to help combat the threat of terrorism which will be announced as part of the Spending review due to be delivered, alongside the Autumn Statement, on November 25th. In response, GCHQ launched an innovative recruitment drive this morning, spray painting job ads on paving slabs around Shoreditch.
Osborne gave a speech at GCHQ yesterday in which he praised staff for their efforts, commenting “the public will never know your names, but you are the unsung heroes who never get the recognition you deserve by dint of the sort of work you do.” He thanked staff on behalf of the nation saying that this year alone GCHQ had helped prevent seven separate terrorist plots from taking place.
Osborne said that the spending review has succeeded in reducing spending across 11 government departments by 24%, funds which will be re-allocated to “key priorities like National Security”.
He also suggested that the internet, invented by a Briton, Sir Tim Berners Lee, represents “an enormous economic and commercial opportunity for our country”, and that “a far higher proportion of British retail is done online than in any other country in the world.”
National security and taking real measures against cyber criminals aimed at scotching the myth that it is a victimless crime must come first however, according to Osborne, who went on to discuss the ways in which the government has carried out its “duty to protect the country from cyber-attack” over the past five years, and outline his plans for the next five.
Referring to ISIL, Osborne said “They have not been able to use it (the internet) to kill people yet by attacking our infrastructure through cyber-attack, they do not yet have that capability. But we know they want it, and are doing their best to build it.”
He also suggested that the UK is currently monitoring cyber threats from high end adversaries against 450 companies across the aerospace, defence, energy, water, finance, transport and telecoms sectors.
Outlining the steps the government has taken since 2010 Osborne began by discussing the creation of the National Cyber Security Programme which has received £850m of funding, as well as the National Cyber Crime Unit, Computer Emergency Response Team, and Cyber Information Sharing Partnership.
He also mentioned the Cyber Essentials scheme for companies, which now has over 1,000 accredited companies, as well as attempts made to introduce cyber security into the education process through schemes like Cyber first and Cyber apprentices, as well as making reference to one of many secret exercises which take place in preparation for a cyber-attack, operation Resilient Shield, a joint UK/US exercise across the financial sector which took place last week.
Osborne suggested that there is an asymmetry between attack and defence when it comes to cyber security, it being far easier and cheaper to mount an attack than to defend one. He said that last year the number of cyber national security attacks doubled to 200.
The chancellor’s five year plan is also a 5 step one; the first stage is “to get to the point where all internet service providers will as a matter of routine divert known bad addresses, a scheme, he says, which has already saved HMRC £40 million on a £1 million investment.
Secondly Osborne wants to address the “Alphabet Soup” of agencies responsible for protecting Britain’s cyberspace. This will happen in the form of the establishment of a National Cyber Centre, reporting to the Director of GCHQ.
Thirdly, the government wants to widen the global cyber security workforce to 1.5 million staff by 2020, following advice from this year’s Global Information Security Workforce Study. This will involve identifying and training young people with cyber talent and offering them “a diversity of routes into cyber careers.” This will be done with the help of universities and higher and degree level apprenticeships as well as an ambitious programme for 14-17 year olds modelled on a highly successful Israeli programme.
The fourth element of the plan however is the part that will most excite the start-up community.
Citing examples such as GlassWall, Garrison, Digital Shadows and Titania, who were also present at the speech, along with the founders of Cyber London, Osborne praised the progressive nature of the UK’s start-up scene and thanked Paladin Capital for launching a dedicated cyber fund in London.
The government plans to establish two cyber-innovation centres – effectively cyber security start-up incubators for “their crucial early months”, which “can become platforms for giving start-ups the best possible support”. The chancellor confirmed that one of these centres will be based in Cheltenham.
He also announced the launch of a £165m Defence and Cyber Innovation Fund, “to support innovative procurement across both defence and cyber security”, suggesting that “Government can itself provide a huge boost for British cyber start-ups, if it can be smart enough to marshal its procurement in a coherent way. This should be a win-win – our cyber start-ups need endorsement, investment and first customers.”
Finally, Osborne suggested a shake-up of the cyber security regulatory framework was needed to ensure that the country can defend itself robustly, going as far as suggesting: “Strong defences are necessary for our long-term security. But the capacity to attack is also a form of defence” and adding that the government is building “a dedicated ability to counter-attack in cyberspace” through its new National Offensive Cyber Programme.
Overall, this was typically bullish stuff from Chancellor George Osborne, on the front foot and outlining the importance of national security, which accounts for 2% of GDP in government spending, the wars that will be played out in cyberspace, and the ways in which Britain can stay strong and face down any threats with help from its academics, techies, GCHQ staff, businesses, and the general public.
From a start-up perspective it serves to reinforce the already strong relationship between the current government and “Tech City” and the start-up community. Another £165 million in the investment kitty will be welcome and help make cyber security a popular area of focus for budding entrepreneurial talent. After witnessing the negative effects that a cyber-attack can have even on the biggest businesses, like Talk Talk and Sony, SMEs and corporates are likely to be taking cyber security far more seriously from now on.
Which is no bad thing – perhaps the ultimate goal here is to create disruptive, efficient and effective technologies that will not only protect businesses and the public but also help to reduce costs so that spending can be diverted into other government departments areas where funds are also much needed.