Chancellor George Osborne has announced plans to double UK cyber security spending to £1.9bn a year by 2020 to combat the rise of terrorist groups including Islamic State, which are reportedly taking advantage of the internet to plan UK attacks.
“ISIL is already using the internet for hideous propaganda purposes, for radicalisation, for operational planning,” Osborne said in a speech at GCHQ in Cheltenham.
“They have not been able to use it to kill people yet by attacking our infrastructure through cyber attack. But we know they want it and are doing their best to build it. So when we talk about tackling ISIL, that means tackling their cyber threat as well as the threat of their guns, bombs and knives.
“It is right that we choose to invest in our cyber defences even at a time when we must cut other budgets. The internet represents a critical axis of potential vulnerability.”
The plans were outlined as Osborne prepares to announce the overall spending cuts facing Britain, which will be revealed in full on 23 November.
Osborne said that GCHQ is currently monitoring cyber threats from “high end adversaries” against 450 companies across industries such as defence, energy and finance.
“In protecting the UK from cyber attack, we are not starting from zero,” he said.
The chancellor also indicated that he intends to work alongside ISPs to help combat cyber threats.
“ISPs already divert their customers from known bad addresses to prevent them being infected with malware. We will explore whether they can work together, with our help, to provide this protection on a national level,” he said.
Emily Orton, director of UK security firm Darktrace, who was at GCHQ to hear the announcements, told V3 that the cyber investment is a clear sign of progress by the UK government, but that the private sector has a big role to play in making real change happen.
“The government has taken the lead in talking about the [cyber plan] structure but now businesses need to follow that lead. It’s not good enough government leading the way. We need the industry to follow because critical national infrastructure depends on both of them working together,” she said.
“We need to be active in our defence. We have had a status quo for a while now and we don’t need any more examples of the fact that threats are inside and are going to do damage.”
James Murphy, associate director for defence and security at TechUK, called the proposals “a clear indication” that the government is eager to stay on top of cyber threats.
“What was once considered a niche area in the wider national security debate has emerged front and centre in the government’s priorities. As the chancellor made clear, it is only with the support of the world class cyber companies based in the UK that his vision will be realised,” he said.
“We call on the government to work in partnership with industry to make our nation the most cyber capable in the world.”
Up to 1,900 further staff will be recruited to security and intelligence agencies in the UK, and Osborne announced that a National Cyber Centre will open in 2016 that will report directly to the head of GCHQ.
“The centre will make it easier for industry to get the support it needs from government. And make it easier for government and industry to share information on the cyber threat to protect the UK,” he explained.
“We will build in the National Cyber Centre a series of teams, expert in the cyber security of their own sectors, from banking to aviation, but able to draw on the deep expertise [at GCHQ] and advise companies, regulators and government departments.”
Prime minister David Cameron has outlined £2bn of extra military funding aimed specifically at tackling the threat of Islamic State, including investment in drones and special forces.
“We are choosing to spend two percent of our GDP on defence every year for the rest of the decade,” he said during the annual Lord Mayor’s Banquet.
Cameron stressed the importance of cyber funding in the fight against extremism, especially as terrorism increasingly adapts to the digital age.
The prime minister revealed that UK security agencies foiled seven terrorist plots in 2015 alone.
“We will invest in a new generation of cyber defences to block and disrupt attacks before they can harm othe UK. All these measures come from the choice that we make to spend on our security to deal head-on with the wide range of threats that we face today,” he said.
Cameron also referred to the recently revealed Investigatory Powers Bill, saying that he doesn’t believe its proposals infringe on civil rights and privacy.
“We have published a draft bill that will ensure that GCHQ, MI5 and our counter-terrorism police continue to have the powers to follow terrorist movements by tracking their online communications to intercept those communications under a warrant and to obtain data from computers used by terrorists and paedophiles,” he said.
“Now, of course, there will be those who criticise these measures as an infringement of civil rights. But I disagree. They are about protecting those liberties from terrorists who want to take them away.”
The increased investment is seen as a positive development by the security industry. Kevin Bocek, vice president of security strategy at Venafi, said: “It’s good to see the government increasing funding and making cyber security a top priority.
“In reality there is there is a clear and present danger that terrorists will hijack parts of the internet, and even more worryingly use the internet to take control of physical assets ranging from cars to planes to power plants.”
However, Catalin Cosoi, chief security strategist at Bitdefender, warned: “Adding £1.9bn a year to fight cyber crime is a step in the right direction, but this needs to be supported with an extensive review of critical infrastructure.
“A possible worst-case scenario is the crippling of all communication and critical infrastructures, ranging from mobile phones to water supply, electricity and gas. This could be co-ordinated alongside a physical tactical assault, as disrupting any form of communication or internet-connected technology could be used as a serious tactical advantage on the ground.
“It is conceivable that, although Islamic State might not have the necessary technical skills, it could potentially outsource these types of attacks to parties that do. The black market is riddled with such services, all waiting for the right buyer.”
The news of increased cyber investment comes as UK businesses are increasingly vulnerable to online attacks.
UK mobile and internet provider TalkTalk was the latest firm to be hit with a cyber attack, which resulted in the loss of millions of customer records and arrests spanning England and Northern Ireland.