CYBER SECURITY – A MATURING MARKET
By Yvonne Headington
Targeting Resources
The political party conference season is a time for flag-waving and a stirring speech on Defence usually rallies the faithful. But as Defence Secretary Philip Hammond addressed the Conservative Party Conference on 29 September 2013, he was barracked by two senior retired Fusiliers criticising Army cuts. Philip Hammond, however, had a surprise of his own; having chosen, on the same day, to confirm that the UK is developing a new strike capability – in cyber space. The juxtaposition of these events serves to highlight the current shift in Defence and Security investment.
As part of this investment in cyber resources, the Ministry of Defence (MOD) is creating a Joint Cyber Reserve Unit which will see Reservists working alongside Regular personnel at Corsham and Cheltenham to protect computer networks and safeguard vital data. As announced by the Defence Secretary, recruitment for the new unit started in October 2013 and the MoD hopes to attract individuals with the necessary technical knowledge and skills (with or without military experience).
It was the Defence Secretary’s confirmation that the UK is developing a cyber ‘counter-attack’ and ‘strike’ capability which raised eyebrows. “In response to the growing cyber threat,” said Philip Hammond, “we are developing a full-spectrum military cyber capability, including a strike capability, to enhance the UK’s range of military capabilities.”
Investment
As pointed out in a Financial Times editorial of 2 October 2013, ‘a public declaration by a NATO member state that it is developing cyber offensive capabilities is a rare event.’ An announcement of such strategic import should arguably have been made to Parliament (rather than during a party conference) but Mr Hammond was doubtless playing politics – international as well as domestic.
Cyber capabilities may not have the same tangible ‘wiz bang’ appeal of warships, tanks and fighter aircraft but cyber is one of the few areas to receive priority funding. As the Defence Secretary said, “Increasingly our Defence budget is being invested in high-end capabilities such as cyber and intelligence and surveillance assets to ensure we can keep the country safe.”
Government work on cyber security is being delivered in the UK through a four-year National Cyber Security Programme (NCSP) as set out in the 2010 Strategic Defence and Security Review. £650 million is being invested in projects under the NCSP with the aim of transforming the UK’s cyber security skills and capabilities by 2015. The Defence Cyber Security Programme is receiving funds of £90 million under the NCSP, largely reserved for new strands of work.
Addressing the Issues
The Cyber sector is responding to what is being termed by some in Industry as a ‘maturing market’. This trend was reflected during this year’s Defence and Security Equipment International (DSEI) exhibition held at London’s Excel (10-13 September 2013). DSEI 2013 featured a dedicated Cyber Security Pavilion, within the Security and Special Forces Zone, showcasing the capabilities of information and communication technology specialists and niche players.
The exhibition seminar programme also included a day set-aside for cyber issues, attracting full-houses. Themes broadly focused on three areas: threats, impact and mitigation. Jeremy O’Connor, Client Industry Executive for Selex EX, addressed the main cyber threats facing nation states and industry. Drawing upon recent (June 2013) remarks by Keith Alexander, Commander US Cyber Command, Jeremy O’Connor noted that critical national infrastructure (CNI) vulnerability is a big issue. “The chance of attack is 70%” he said. “The ability to withstand is 30%.”
The situation is made more precarious by the privatisation of many elements of the CNI, since commercial companies are ‘focused on profit and are therefore prepared to take a degree of risk.’ Currently one