Written by Rory Grieve, reporter for sister publication Pivotl
Cybersecurity hits are coming fast, with scarcely a week going by without a massive hack. To tackle this, the UK is doubling the amount it spends on cybersecurity over the next five years. This comes amid warnings that terrorist groups such as ISIS are working on building their capability to launch cyber-attacks.
‘We will defend ourselves’
“The threats to our country in cyberspace come from a range of places – from individual hackers, criminal gangs, terrorist groups and hostile powers,” said chancellor George Osborne at the government communications headquarters (GCHQ).
‘‘To all of them I have a clear message.’’
‘‘We will defend ourselves. But we will also take the fight to you too.’’
‘‘We are increasingly confident in our ability to determine from where attacks come. We are stepping up not just the means of defence, but also the means to ensure that attacks on Britain are not cost-free,’’ continued the chancellor, who laid out a new plan for an additional £1.9 billion cyber investment, and detailed seven more departments that have settled ahead of the Spending Review.
‘‘To those who believe that cyber-attack can be done with impunity I say this: that impunity no longer exists.’’
This comes after a major hack of UK telecoms firm TalkTalk, the latest in a long line of hacks and a wide range of companies. Dating site Ashley Madison had to suspend its IPO after hackers leaked its records leaked online, a disaster for a service that promised privacy.
Cyber-attacks are often extremely complex, making it hard for organisations to respond. Even in the case of the high-profile Sony hack the culprit is still unknown, despite fingers being pointed at everyone from North Korea to disgruntled former employees. For most companies the main threats are from criminals rather than nation states or terrorist organisations.
“The main threat remains organised criminality, crime is becoming cyber enabled crime,” says Ken Hall, partner at KPMG Cyber Security. “We see highly sophisticated attacks by transnational groups able to operate with a degree of impunity, supported by a black market in tools, techniques and hacking services.”
Osborne also says the UK is “building our own offensive cyber capability”. It’s not the first time the UK has said this.
Back in 2011, then UK home secretary William Hague told The Sun that it was prepared to “strike first” against online foes. Corporate hacks only seem to be getting bigger since then, hence the increase in funding.
Working with companies is seen as increasingly important as more and more business moves online. Now the government is investing £20m ($30.4m) to develop an institute of coding that will help train 14-to-17-year-olds in cyber skills.
“It creates a National Cyber Security Centre for the first time, bringing together functions which were spread across various agencies to provide a single focus for business, academia and international partners,” said Hall.
“The government is ramping up spending, launching new initiatives and borrowing interesting ideas from other countries such as Israel.”
IT security is big business, and as more of our lives move online securing data is only going to become more important. Part of these measures includes increased support for startups, with the UK government creating two cyber innovation centres.
“We will be establishing two cyber innovation centres – places where cyber startups can base themselves in their crucial early months, and which can become platforms for giving those startups the best possible support,” says Osborne.
Not all agree that the UK is good at cybersecurity, with a handful of startups even going abroad because of the government’s anti-encryption efforts.
Ind.ie is one firm that’s decided to leave the UK as the government’s hostility to secure encryption would compromise the integrity of its services. In particular it offers a social network and messaging service that promises privacy.
“We’re not going to stay in a country where we might be forced to backdoor our products and possibly not even be allowed to tell anyone about it,” says Ind.ie founder Aral Balkan in a blog post on its decision to leave the UK.
Eris Industries is especially sensitive to government moves on encryption as its business is industrial cryptography. The threat of the UK government moving to ban end-to-end encryption hostile to cryptography prompted Eris Industries to move to the US.
“Cryptography overwhelmingly protects legal businesses and ordinary people, not criminals and terrorists, from harm,” says Eris Industries COO Preston Byrne.
“From our new base in the US, which will be either temporary or permanent pending the outcome of the bill, we will continue to build useful, open source, and free-of-charge developer tools to enable a more secure, more efficient, and freer world.”