Investing In Cybersecurity: The UK Leads The Way

In the wake of a stunning attack where hackers used everyday devices to launch a botnet attack across the EU and US, we are reminded once again of how precarious cyber security can be.

The attack came late in October, and was described by The Guardian as a “huge attack on global internet access, which blocked some of the world’s most popular websites, [and] is believed to have been unleashed by hackers using common devices like webcams and digital recorders.”

The mechanism used by the hackers was a sophisticated version of a Distributed Denial of Service attack (DDoS), which overwhelms servers with “bot” requests sent from consumer devices that had been infected with a malware code. The fact that all it took to launch such a massive assault on cyber security was common consumer electronics, rather than highly sensitive and specialized equipment, should be a huge red flag to anyone worried about cyber security. And furthermore, the fact that the websites affected were hugely popular, consumer-focused sites that nearly everyone uses, including Twitter, Paypal, Spotify and several other hugely popular media sites, seemed to drive the point home even more firmly. After the dust had settled it was reported that “The cyber-attack that brought down much of America’s internet last week was caused by a new weapon called the Mirai botnet and was likely the largest of its kind in history, experts said.”

Indeed, for many governments it seems the attack has been something of a wake-up call for how much investment is needed to protect citizens and governments from the vulnerabilities of a weak cybersecurity infrastructure. As more and more of our lives go online, we are unwittingly putting ourselves at risk each and every day if we don’t demand more protections from the companies and politicians we place our trust in.   

In line with that thinking, the UK’s Chancellor of the Exchequer Philip Hammond just announced a £1.9 billion package to address cyber issues in the UK. He said that the measures are intended to “keep up with the scale and pace of the threats we face” and insisted that the new funding will “allow us to take even greater steps to defend ourselves in cyberspace and to strike back when we are attacked”.

This investment is almost double the amount previously invested in this issue by the UK several years before, something which indicates that officials are beginning to see the gravity of this situation. The announcement included the fact that the spending would be focused on “defence, including protecting critical infrastructure such as energy and transport,” with cabinet office minister Ben Gummer remarking that: “Our adversaries are varied – organised criminal groups, ‘hacktivists’, untrained teenagers and foreign states. The first duty of the government is to keep the nation safe. Any modern state cannot remain secure and prosperous without securing itself in cyberspace.”

So are other nations following suit? After the most recent attack, the US Department of Homeland Security released a statement saying “We are aware of one type of malware potentially used in this incident. The NCCIC is working with law enforcement, the private sector and the research community to develop ways to mitigate against this and other related malware. The Department has also been working to develop a set of strategic principles for securing the Internet of Things, which we plan to release in the coming weeks.”

One thing is clear: concerned cyber citizens who are concerned about the state of cyber security need to demand more investment and resources from their lawmakers into the issue. This is something that affects every device-owning citizen and, as the most recent attack indicated, it’s only going to get worse.