Automatic defences to stop hackers hijacking websites or spoofing official domains will get a boost from a £1.9bn government cybersecurity strategy.
Chancellor Philip Hammond said that hostile “foreign actors” were developing attacks that threatened the UK’s electrical grid and airports. He added that to defend itself Britain must have ways to retaliate in kind. He also addressed a need to tackle cyber-scammers, including finding fresh ways to intercept booby-trapped emails. “If we do not have the ability to respond in cyberspace to an attack which takes down our power network – leaving us in darkness or hits our air traffic control system grounding our planes – we would be left with the impossible choice of turning the other cheek, ignoring the devastating consequences, or resorting to a military response,” Mr Hammond said as he introduced the National Cyber Security Strategy in London. “That is a choice we do not want to face and a choice we do not want to leave as a legacy to our successors.”
The strategy will also help enlarge specialist police units that tackle organised online gangs.
In addition, some cash will also go towards education and training of cybersecurity experts. “If we want Britain to be the best place in the world to be a tech business then it is also crucial that Britain is a safe place to do the digital business,” the chancellor added. “Trust in the internet and the infrastructure on which it relies is fundamental to our economic future.”
Sir Tim Berners-Lee – the inventor of the web – told the BBC that it was “absolutely right” that the government was concerned about the issue. “Whether it’s script kiddies sitting in their garage or it’s a state actor – clearly we’ve seen the internet can be attacked and has been attacked in all kinds of different ways,” he told the Today programme. “The United Kingdom needs to have a strong but responsible and accountable police force, and [cyber-intelligence agency] GCHQ needs to have the tools to be able to defend us and defend the open internet.”
Mr Hammond’s speech coincides with a warning from MI5 that Russia poses an increased cyber-threat. “It is using its whole range of state organs and powers to push its foreign policy abroad in increasingly aggressive ways – involving propaganda, espionage, subversion and cyberattacks,” Andrew Parker, the domestic security agency’s director general told the Guardian.
Teens And Foreign States
The National Cyber Security Strategy will set out action needed to protect the UK economy and the privacy of British citizens, and will also encourage industry to ramp up efforts to prevent cyber-attacks.
Mr Hammond said Britain “must now keep up with the scale and pace of the threats we face”, including those carried out by foreign perpetrators who then try to deny their involvement. “The ability to detect, trace and retaliate in kind is likely to be the best deterrent,” he added. “We will not only defend ourselves in cyberspace, we will strike back in kind when we are attacked.”
Ben Gummer, paymaster general, said in a statement: “No longer the stuff of spy thrillers and action movies, cyber-attacks are a reality and they are happening now. “Our adversaries are varied – organised criminal groups, ‘hacktivists’, untrained teenagers and foreign states.”
The £1.9bn to pay for the national strategy was allocated last year and will fund the programme until the end of 2020. In its strategy, the government explained what some of the money has been spent on already. With the aid of industry, it has set up automated systems that limit how much malware and spam reaches UK citizens. Other projects have helped the government verify where emails come from to thwart specific tax fraud campaigns aimed at the UK.
Future spending plans involved cash for recruiting more than 50 specialists who will work at the cybercrime unit at the National Crime Agency. These will help tackle organised gangs and aim to raise the cost of engaging in hi-tech crime to make it much less attractive.
The cyber-plan will also involve the creation of a Cyber Security Research Institute – “a virtual network UK universities” that will co-ordinate research into efforts to improve defences for smartphones, laptops and tablets. Security-based start-ups will also get help via an innovation fund that will commercialise work on novel tools and defences.
A national scheme will also be set up to retrain “high-aptitude professionals” as cybersecurity experts.
Prof Alan Woodward, a computer security expert from the University of Surrey, said he hoped the government spent cash on the “high volume, low sophistication attacks” that plague people and cause the majority of financial losses. “I hope the £1.9bn will be spent in growing talent,” he said. “The government talk about 50 recruits here and 50 there. I’m afraid we need many more.”
Prof Woodward said it was getting “increasingly difficult” to persuade young people to study computer science and getting them to try cybersecurity was “a real headache”. “I would really like to see money put into reaching young people early enough to influence the subjects they decide upon at school and pairing an image for them of just how interesting and rewarding a career in cybersecurity can be,” he said.