Ill prepared, ill suited and irrelevant — that’s the conclusion a new report on Britain’s cyber defences. In a scathing analysis, the House of Commons Defence Committee’s demands the government take the cyber threat more seriously:
‘The Government needs to put in place — as it has not yet done — mechanisms, people, education, skills, thinking and policies which take it into both the opportunities, and the vulnerable, which cyber presents. It is time the government approached this subject with vigour.’
The constantly evolving threat from hackers has left the government struggling to stay one step ahead of hackers. Their last initiative — the Cyber Reservists — is less bringing in highly skilled experts and more a digital Dad’s Army. But what appears particularly concerning is the threat posed to our Army:
‘…the Armed Forces now so dependent on information and communications technology, should such systems suffer a sustained cyber attack, their ability to operate could be totally compromised.
When attacks have penetrated our defences at troop level, one would assume there would be plans to counter a serious attack on our critical national infrastructure. Again, the report suggests the government is lacking:
‘There is clearly still much work to be done on determining what type or extent of cyber attack would warrant a military response…we recommend the Government ensure that civil contingency plans identify the military resources that could be drawn upon in the event of a large-scale cyber attack’
The shadow defence minister Jim Murphy has jumped onboard to lambast the government, stating that ‘policy progress is falling behind the pace of the threat our armed forces face’ and urges the Ministry of Defence to ‘tackle vulnerabilities urgently’. More than just a preventative strategy is required, as the report suggests, ‘it is not enough for the Armed Forces to do their best to prevent an effective attack’.
Simply, the MoD needs to put more muscle behind defending the nation online. Where and how can this be done? The first obvious area is leadership. The Defence Committee criticises the lack of single minister or department responsible for cyber defences, though Cabinet Office minister Francis Maude comes the closest. The threats are so frequent and of such veracity there is now the need for ‘increased ministerial attention’. The other area is funding. Increasing investment in cyber defences would allow the Ministry of Defence to woo more people from the private sector, develop the skills of staff and help them to respond better to the shapeshifting digital environment.
But the whole government, not just the MoD, has very little room to spare on budgets so where the money will come from? Cutting front line defences is not an option, so the government is left with the unenviable task of reworking (already limited) budgets to fight new and complicated threats. If they fail, we’ll know soon enough.