UK Gov will double cybersecurity funding to fend off ‘ISIS cyber attacks’
Chancellor also announced support for cyber start-ups and skills development
The government will launch cyber attacks against ISIS as it attempts to thwart the terrorist group's alleged plans to hack UK hospitals and other vital infrastructure.
To fight ISIS effectively, Whitehall will double cybersecurity funding over the next five years to reach 1.9 billion, Chancellor George Osborne said in a speech at spy agency GCHQ today.
"ISIL's murderous brutality has a strong digital element," he said. "At a time when so many others are using the internet to enhance freedom and give expression to liberal values and creativity, they are using it for evil."
While British intelligence does not indicate ISIS has the ability to cause harm to UK infrastructure through cyber attacks yet, Osborne warned they "are doing their best to build it".
He added: "From our banks to our cars, our military to our schools, whatever is online is also a target.
"The stakes could hardly be higher if our electricity supply, or our air traffic control, or our hospitals were successfully attacked online, the impact could be measured not just in terms of economic damage but of lives lost."
The announcement follows the latest terror attack, in Paris on Friday, when 129 people were killed in bars and restaurants, as well as a concert venue and stadium, in an incident ISIS claimed responsibility for.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
Meanwhile, Downing Street has authorised spy agencies to recruit another 1,900 staff to combat terrorist threats.
The extra funding stands against a backdrop of a 24 per cent cut in central departments' funding by 2019-20.
What would an ISIS cyber attack look like?
Bitdefender's chief security strategist, Alexandru Catalin Cosoi, warned that an ISIS cyber attack could have devastating consequences for British businesses and infrastructure.
"A possible worst-case scenario is the crippling of all communication and critical infrastructures, ranging from mobile phone to water supply, electricity, and gas," Cosoi said.
"This could be co-ordinated alongside a physical tactical assault, as disrupting any form of communication or internet-connected technology could be used as a serious tactical advantage on the ground."
The terrorist organisation could turn to allies to outsource cyber attacks, Cosoi added, and called on the government to couple its extra investment with a review of Britain's critical infrastructure.
"There have been several incidents where industrial SCADA systems have been found plugged directly to the internet and accessible by anyone. If this doesn't change, we are leaving the door open for any organised attacker, including ISIS," he said.
National Cyber Centre
Elsewhere in his speech, Osborne announced plans to establish a National Cyber Centre in 2016, reporting to the director of GCHQ.
The centre will be "a unified source of advice and support for the economy", Osborne claimed, helping businesses get cyber threat support from the government.
Over time the centre will develop specialist cyber security experts for each industry, advising companies, regulators and government departments.
Jonathan Luff, co-founder of cyber security accelerator Cyber London, said: "The National Cyber Security Centre is an important step forward for our national capability, and a unified approach from the government will help enable businesses to access the best cyber security tools.
Addressing the cyber skills gap
Whitehall will also try to train more cybersecurity experts, after this year's Global Information Security Workforce Study estimated that this workforce shortage will widen to 1.5 million worldwide by 2020.
A 20 million competition will seek to build an Institute for Coding, with Whitehall taking bids from universities and businesses who could make the project a reality.
The institute would train higher education students in computer science skills in a bid to close the tech skills gap, while the government will also create a retraining programme for highly skilled workers who want to move into cybersecurity.
Adrian Davis, EMEA MD for security industry body (ISC), said: "It's good to see that the UK government continues to recognise that expert capabilities are needed to match the developing threat through the National Cyber Security Strategy and that they are prioritising embedding knowledge at every level of education. This is a need that goes far beyond our own profession. We need to work to embed cybersecurity across many disciplines, not just develop the experts."
Cyber start-ups
Osborne also singled out praise for cybersecurity start-ups like Glasswall and Digital Shadows, and welcomed Paladin Capital's creation of a cyber fund in London.
The government aims to help spur cybersecurity start-ups' development with the creation of two cyber innovation centres, one to be based in Cheltenham.
Osborne said: "We will be establishing two cyber innovation centres - places where cyber start-ups can base themselves in their crucial early months, and which can become platforms for giving those start-ups the best possible support."
Defence and Cyber Innovation Fund
Another 165 million will be channelled into "innovative procurement" in the defence and cybersecurity spaces via a Defence and Cyber Innovation Fund, Osborne confirmed.
"If the lights go out, the banks stop working, the hospitals stop functioning or government itself can no longer operate, the impact on society could be catastrophic," he warned.
He added: "So government has a responsibility towards these sectors, and the companies in those sectors have a responsibility to ensure their own resilience.
"It will mean that we support our cyber sector at the same time as investing in solutions to the hardest cyber problems that government faces."