The UK Government has announced nearly £2bn to upgrade Britain’s cyber security defences. The National Cyber Security Strategy seeks to make the UK the “safest place in the world to do business,” by protecting critical digital infrastructure in a world increasingly at the mercy of hackers, both state-sponsored and anonymous collectives.
“Our new strategy, underpinned by £1.9 billion of support over five years and excellent partnerships with industry and academia, will allow us to take even greater steps to defend ourselves in cyber-space and to strike back when we are attacked,” the Chancellor Philip Hammond said.
This comes on top of £265 million already earmarked for cybersecurity vulnerabilities just at the MoD. The strategy is a welcome recognition that interconnected networks are increasingly vulnerable, and new efforts are needed to ensure a strong, secure digital economy.
The announcement of the strategy comes a year after the government first started to seriously talk about national cyber security defence. “No longer the stuff of spy thrillers and action moves” declared Ben Gummer, the Cabinet Office Minister; “tech is the future of the UK economy” the Chancellor announced. Thankfully, Whitehall has finally installed a much needed upgrade; tech is not the future of the economy, it is the reality. Neither is cyber security a movie plot, it’s one of the most serious threats facing British business today.
A large scale cyber attack on any part of Britain’s digital infrastructure would be catastrophic.
Lockheed Martin simulated the effect of a cyber attack on the power distribution network in South-East England. Rouge hardware is installed in 65 vulnerable substations, quickly triggering rolling blackouts across the region in winter, shutting down London, with the impacts spreading out to all parts of the country.
In the best case scenario, full power is restored only after three weeks, in the worst case its three months. The economic impact on the country could reach up to £500bn, or 2.3% of GDP. In the immediate term, 9 million people lose power, 1 million train journeys and 150,000 flights have to be cancelled every day. Financial services, retail, real estate, and professional service industries are the most affected, losing billions of pounds and setting back growth for years.
But cyber attacks are not some future ‘what-if’, they are hitting UK plc now. A study by Oxford Economics found that 60% of businesses had experienced a cyber attack in the last 12 months, with the average loss estimated at nearly £3m per attack. Intellectual property loss, compromising commercially sensitive information, and a loss of competitive advantage were the most common results of cyber attacks, resulting in an increased cost of doing business and disrupting long-term investment. Not to mention the danger untrained employees and poor password practices can have in contributing to the threat of a nightmare cyber scenario.
If this is the day to day impact of the current level of cyber attacks against British business, it is a chilling thought to consider the damage a concerted attack would cause if carried out by a sophisticated organisation or nation-state actor. Now more than ever, it should be clear that Western countries are under digital bombardment for the purpose of causing mass disruption. Hacking an election was the latest trick, does business really want to wait and see what the next one will be?