The UK revealed a plan (PDF) to spend 1.9 billion pounds (roughly $2.3 billion USD) between 2016 and 2021 to bolster its cybersecurity.
This National Cyber Security Strategy is meant to help defend the UK from the growing threat of hacks, mass surveillance, and other digital mayhem. The strategy is supposed to be comprehensive: Its authors said that it “sets out proposed or recommended actions aimed at all sectors of the economy and society, from central government departments, to leaders across industry and the individual citizen.” This isn’t an empty gesture; it’s a real plan.
Defending an entire country from cyber threats is a tall order. The NCSS outlined threats ranging from terrorists and state-sponsored actors to hacktivists and so-called “script kiddies” who use tools created by other people. Governments don’t just have to worry about being attacked by other countries; they also have to worry that anyone who knows how to run basic software will be able to exploit any weaknesses in their system.
As the plan’s authors explained:
Malicious cyber activity knows no international boundaries. State actors are experimenting with offensive cyber capabilities. Cyber criminals are broadening their efforts and expanding their strategic modus operandi to achieve higher value pay-outs from UK citizens, organisations and institutions. Terrorists, and their sympathisers, are conducting low-level attacks and aspire to carry out more significant acts.
That’s why the UK plans to spend such a large amount of money–nearly 300 million pounds more than it spent between 2011 and 2016–to defend itself. Much of those funds will be used to establish a Cyber Security Research Institute and an Innovation Centre to invest in security companies. The funds will also be spent elsewhere to shore up the UK’s ability to defend itself from and respond to cyber attacks.
The UK’s National Cyber Security Strategy is comparable to the White House’s Cybersecurity National Action Plan revealed in February. That plan is even broader than the UK’s; the White House proposed a $19 billion investment in cybersecurity preparations for fiscal year of 2017. This is a 35% increase over the same period for 2016 and is almost 10x the amount the UK plans to invest in its own cyber defenses over the course of five years.
Here’s how the White House described the goal of its plan:
Through these actions, additional new steps outlined below, and other policy efforts spread across the Federal Government, the Administration has charted a course to enhance our long-term security and reinforce American leadership in developing the technologies that power the digital world.
Yet those figures seem almost tame in the wake of large-scale hacks that took down many popular websites like Twitter, CNN, and Reddit in October. Those distributed denial of service (DDoS) attacks were enabled by the Internet of Things–or the “Internet of Threats,” as Eugene Kaspersky called it–and they could become increasingly common if manufacturers don’t make their devices more difficult to crack and use as infected botnets.
This led Virginia Senator Mark Warner (D) to call on federal agencies to improve the security of IoT devices. In the meantime, countries are going to have to defend themselves from more of these attacks and other high-profile hacks, and so far the best solution they’ve found is to throw money at the problem. Whether it’s 1.9 billion pounds over half a decade or $19 billion in a single year, the cost of keeping people safe just keeps on going up.
