Government spending on cyber-defence is dangerously low

The poignant Remembrance Day ceremonies brought yet more media coverage of the poor funding of our armed forces and the increasingly diverse threats we all face today. I was struck by a statement from the President of France, Mr Macron, in a recent interview with French Radio Station Europe 1, when he talked about “re-emerging authoritarian powers” on Europe’s borders that were well-armed and had “attempted attacks in cyberspace and interference in our democratic lives”.

The pattern of UK defence spending since 1900 tells an interesting story. Over the last 120 years, it has ranged between 2.7% – 5.5% GDP in peace time, with obvious significant increases in war. Up to 6.4% in the Boer War, in the two world wars spending rose dramatically – 47% GDP in FY 1918 and a peak at 52% GDP in FY 1945 respectively.

Defence spending was pretty steady at 5.4-5.5% GDP in the 1970s, peaking at 5.95% GDP in 1982 and the Falklands War. Thereafter it declined to 2.63% in 2003. In the mid 2000s, defence spending was increased to 2.6-2.7% GDP, but since the 2000 Recession it has declined to about 2.3% GDP.

In comparison, Russia has consistently spent more – 4.9% GDP in 2015, rising to 5.5% in 2016 although it fell to 4.3% in 2017 due to the poor economy – and the first annual drop since 1998, according to new data from the Stockholm International Peace Research Institute (SIPRI).

What’s important is not just that Russia, (or North Korea @ 23%), is spending more, but what it is doing with this expenditure and how it impacts us.

With a nuclear war seeming unlikely, hostilities are focused on ‘economic wars’ through cyberspace and the huge disruption and damage that can be inflicted through viruses, ransomware and hacking etc on countries, companies and individuals. The “ransomware” called WannaCry, delivered via emails in May 2017 caused major damage in at least 16 health service organisations and many hospitals and GP surgeries in England and Scotland with at least 6,900 appointments cancelled.

Recently the British government said that Russia was behind a massive global cyberattack that hit major companies in June 2017. Foreign Office minister Tariq Ahmad said that the Russian military was responsible for the attack, which initially targeted computers in Ukraine but quickly spread beyond its borders. The attack — called NotPetya — hit companies including WPP, Merck and FedEx. Mondelez said shipment delays resulting from the attack caused its second quarter revenue to drop 2.7%. Britain’s National Cyber Security Centre, which investigated the attack, said it demonstrated a “high level of planning, research and technical capability.”

“The destructive attack masqueraded as ransomware, but its purpose was principally to disrupt,” the U.K. government said in a statement. “The decision to publicly attribute this incident reiterates the position of the U.K. and its allies that malicious cyber activity will not be tolerated.”

Fine words, but they need backing up.

The Ministry of Defence has called for an increase in defence spending and, in light of the fact that Russia, North Korea, Iran and China have been blamed for cyber attacks on the US and Europe in recent months it’s clear that we need to be able to defend ourselves.

The less visible side of national defence can have a very tangible impact on each of us. It’s becoming more important all the time and is developing fast and changing all the time. If we don’t invest in the people and technology, we will become increasingly vulnerable. Beware.

27 NovGovernment spending on cyber-defence is dangerously low