'UK cyber fund for GCHQ offensive'
01 September 2011
Only a small percentage of David Cameron's £650m cyber security fund will be spent on defensive measures, with the majority being used up by UK intelligence operatives to conduct their own cyber attacks, a security expert has claimed.
Ross Anderson from Cambridge University told Computing.co.uk that government intelligence agency GCHQ would get around 90 per cent of the hundreds of millions announced by the coalition government for improving cyber security infrastructure.
He warned that a "mixed mission" within GCHQ was "a very bad policy", meaning that "defensive interests are always less important than an offensive approach".
Anderson reportedly said GCHQ staff were much more likely to exploit any security loopholes they found for attack rather than defence.
"Suppose you're a scientist at Cheltenham and you come up with a new exploit of Windows. Are you going to tell Microsoft, get it patched and protect 60 million Brits? Or are you going to keep quiet about it so you can exploit 1.2 billion Chinese and 1 billion Indians, for example?
"Because of the way incentives work within organisations, you always find the offensive mission dominating the defensive mission, even when that is to the detriment of national interests," he said.
With £63m announced by Home Secretary Theresa May to tackle cyber crime, the interview described an "imbalance" between the amount the government will be spending on cyber defence and cyber offence.
But others have said police are happy with their £63m. In an interview with Publicservice.co.uk, former Home Secreatray David Blunkett said the current government had not sidelined cyber security, and that their funding allocation was "very welcome".
And John Lyons, chief executive of the newly formed International Cyber Security Protection Alliance said the £63m announced to defend against cyber crime has "really upped the game" from the situation under Labour where police were "underfunded".
He told Publicservice.co.uk that his former colleagues in the police e-crime unit, and the Serious Organised Crime Agency were very happy with their £63m allocation.
"You can sometimes throw too much money at a single organisation, and they wouldn't have the time or the people to spend that money wisely," he said.