Digital Defence – The National Cyber Security Strategy

Chancellor Philip Hammond gave a speech at the Microsoft conference in October launching the National Cyber Security Strategy. He was clear that changing technology transforms our society and our economy dramatically. To illustrate this point, the Chancellor noted that in 1589 the British Inventor William Lee developed a knitting machine, and was denied a patent for it on the grounds that it would create unemployment. The Queen noted in her rejection of the patent that “It would assuredly bring them (her subjects) to ruin by depriving them of employment, thus making them beggars.”

This hostility towards new technology has not disappeared over time, and is especially prevalent in the current fourth-industrial revolution. The rise of automation and globalisation – a process driven by technology – has led to calls to close borders, impose tariffs, resist change and protect jobs in their current form. This is not progressive politics, it is a form of conservatism, although unlike the Conservative party it aims to protect jobs under threat. Labour is a progressive party and must employ fresh thinking for tackling the problems of the future. This means looking forward, understanding how the British economy will change and developing new policies for a new era.

Protecting the massively growing digital economy must be a priority. We need regulation that ensures IT goods must meet a level of security criteria and that imposes fines on companies that sell products with security vulnerabilities. The cost of inadequate protection from cyber security attacks is already a preventable drain on our economy. The Cabinet Office estimated in 2012 that the cost was £27 billion per annum. According to a PwC survey, 32% of companies have been affected by cybercrime. The Chancellor mentioned the recent attack on TalkTalk that left the records of 157,00 people at risk, costing £60m and losing them over 100,000 customers. This affected the UK’s critical infrastructure and the perpetrator was a teenager: imagine what a well-resourced state or criminal organisation could do.

Professor Alan Woodward, an expert in cyber security, has argued for Government spending to focus on recruiting and growing talent from an early age. He has also said that he hopes the Government puts resources into protection against “high volume, low sophistication attacks”, as these cause most financial losses.

Sir Tim Berners-Lee told the BBC today programme “The United Kingdom needs to have a strong but responsible and accountable police force, and GCHQ needs to have the tools to be able to defend us and defend the open internet.” He went on to speak about how the internet of things allows items such as kitchen appliances and webcams to be taken over as part of cyber-attacks, a growing danger as the demand for digitally connected products increases.

So while the strategy set out by the Chancellor is comprehensive, built on the ability to defend deter and develop, the resources don’t match up to the scale of the challenge recognised by the many experts in this field.

For example, £1.9 Billion of investment over five years is small in comparison to the £35 billion spent on defence each year. This commitment fails to reflect that cyber is listed as a ‘Tier 1’ threat by the strategic defence and security review, placing it in the same category as terrorism and international military conflict. A recent review noted that: ‘The volume and complexity of cyber-attacks against the UK are rising sharply, as are the costs to business.’. We can’t afford not to invest.

The strategy also doesn’t make it clear what we would do with offensive cyber capability. The Chancellor spoke of the possibility of an attack which “takes down our power networks leaving us in darkness, or hits our air traffic control system, grounding our planes” and the need to respond. The only indication of what form the response would take was the statement that “we will strike back in kind when we are attacked.” This is worryingly vague for a retaliation policy that would have far reaching implications.

Several cyber-attacks were used by Russia in the invasion of Georgia in 2008, as well as in Ukraine in 2015 to trigger regional electrical blackouts. Even more recently the Democratic National Convention was hacked to interfere with the US presidential election. The Chancellor went further than most other leaders have in pointing the blame for cyber-attacks towards Russia, without explicitly accusing the country he said: “A small number of hostile foreign actors have developed and deployed offensive cyber capabilities, including destructive ones.” He joked: “some security companies have ascribed to a state with a record of other recent high profile attacks – answers on a postcard to No10 Downing Street please.”

Hammond is not the only one to have spoken of the cyber threat posed from Russia; Former MI5 chief Andrew parker said in an interview with the Guardian that Russia was at work across Europe and in the UK, using military means, propaganda, espionage, subversion and cyber-attacks to achieve its foreign policy aims. He was clear about the reality of the threat from Russia, noting how varied it is. “We see it in places such as Ukraine and the appalling brutalities in Syria.”

However, neither the 2015 strategic defence and security review, nor the Chancellor in his speech point out how we would respond to cyber-attack from a foreign power nor how to build international consensus on the use of cyber space. At present the international community lacks the rules surrounding cyber warfare of the sort that exist for conventional warfare. Until there is a clearer understanding of the strategy that would be used in response to cyber-attacks, we run the risk of dangerously escalating attacks and damaging the digital economy as well as national infrastructure. The future of the economy is digital, and the future of defence must be too.

Alexander Brindle is a Labour Party activist and contributing writer at Future Labour. He tweets at @Brindle_Alex.

Leave a Reply

Your email address will not be published. Required fields are marked *