Chancellor Philip Hammond must develop an effective strategy for spending the £1.9 billion cyber-security war budget left by his predecessor
While some will ponder whether even such mind-boggling figures are ever going to be enough to do anything but skim the surface of the cyber security problems facing the UK, others are more concerned with semantics. “This is largely a question of where you draw the line concerning what is cyber security and what isn’t,” says Robin Wilton, technical outreach director for privacy and identity at the Internet Society. “The citizen’s interests are better served by a clearer and more restrictive definition of cyber security.”
To get the linguistic ball rolling, Mr Wilton defines cyber security as having two goals. One is protecting those parts of the critical national infrastructure that make the internet possible and the other is protecting the parts critically dependent on the internet to operate. In this latter category, Mr Wilton means the parts which could be disabled by an internet-borne act. “If malware targeted at supervisory control and data acquisition or SCADA-compliant systems were able to shut down the water and waste systems of a large part of the UK,” he argues, “I would view that as a cyber-security issue.” The point of drawing such boundaries is that without them the number of calls on Mr Hammond’s budget that could be made under the heading of cyber security are endless.