Public bodies told to arm their websites against ‘known bad addresses’ as chancellor announces plans for National Cyber Centre
Air traffic control and hospitals are among potential targets of cyber attacks by terrorists, the chancellor of the exchequer said today, unveiling a £1.9bn cyber plan that will form “a key part” of next week’s Spending Review.
George's Osborne's warnings came as he announced plans for a National Cyber Centre, a service to flag up bad internet addresses to government websites, and an increased capability for the National Cyber Crime Unit.
He said that the starting point for the strategy “must be that every British company is a target, that every British network will be attacked, and that cyber crime is not something that happens to other people”.
The plan would feature “stronger defences for government systems”. These will include a cross-government “IP Reputation Service”, warning government websites when they try to do business with known bad addresses. HMRC already uses such a service and has saved £40 million on fraud on a £1 million investment, he said.
Osborne said he has made provision in the Spending Review, to be fully announced next week, to almost double the investment to protect Britain from cyber attack and develop our sovereign capabilities in cyberspace. It involves making an extra £1.9bn over five years, which added to existing plans brings the total to more than £3.2bn.
Among other things, this will pay for a single National Cyber Centre, reporting to GCHQ, which will be set up in 2016. The centre will be “a unified source of advice and support for the economy, replacing the current array of bodies with a single point of contact”.
"It will give us a unified platform to handle incidents as they arise, ensuring a faster and more effective response to major attacks," he said.
The centre will bring together experts in cyber security from several sectors, including banking and aviation, along with government.
Osborne was speaking at Government Communications HQ. He is the first chancellor of the exchequer to give a public speech at the body, an organisation whose existence the government admitted only in the 1970s.
Promising more spending in the security services, he said: “It is right that we choose to invest in our cyber defences even at a time when we must cut other budgets. For our country, defending our citizens from hostile powers, criminals or terrorists, the internet represents a critical axis of potential vulnerability.”
Another measure involves investment in a National Offensive Cyber Programme, a partnership between the Ministry of Defence and GCHQ, to launch counter-attacks in cyberspace. Its capability will be developed over the next five years.
Today GCHQ is monitoring cyber threats from high end adversaries against 450 companies across the aerospace, defence, energy, water, finance, transport and telecoms sectors, he said. “We are not winning as often as we need to against those who would hurt us in cyberspace. The truth is that we have to run simply to stand still.”
Terrorists can exploit what he called “a painful asymmetry” between attack and defence. “It is easier and cheaper to attack a network than it is to defend it.” This asymmetry is growing, he said, now that all the elements of an attack can now be bought online. “The barriers to entry are coming right down, and so the task of the defenders is becoming harder.”
In summer 2014 GCHQ dealt with 100 cyber national security incidents per month: last year the figure was 200 a month.
Image from GOV.UK, Open Government Licence v3.0