So, the police are going be allocated £63 million from the £650 million made available to 'beef up' Britains cyber defences.
My question is: Is this an appropriate organisation to be tasked with this role? I suspect it is not. Now the money has fallen into the police budget, it will offset other spending cuts applied by the government austerity measures. In short, those police personnel that would have been made redundant may now find themselves assigned to cyber defence work, whether they are suitable or not.
I believe the full £650 million should have been assigned to a new organisation tasked with cyber security, with the sole purpose of blocking cyber attacks and, wherever possible, identification and prosecution of offenders. With the police having the funding assigned to them, there is an imperative to retain and retrain staff for the role rather than employing suitably trained and experienced personnel who are ready to commence the tasks required.
A full UK Cyber Defence Organisation could be provided with the authority and access to identify those organisations that are actively being exploited with a view to contacting them directly and perhaps even offering a commercial service to allow said organisations to employ them to secure their systems against such further attacks.
Naturally, such an organisation would require an unprecedented level of access to Internet traffic and there would be immediate privacy concerns over what is viewed by them but surely, it would be better for this to be in the hands of an independent service rather than the police who will have other issues to deal with and might want to leverage the access afforded to facilitate additional investigations, drawing further resources away from the primary objective.
It's not an easy task and the levels of funding being suggested are appropriate to tackle the task at hand but in no way adequate to completely irradicate the threat - no level of funding could be.
I will watch closely how the remaining 90% of the £650 million will be distributed. I'm sure the MoD will be allocated a portion of the funding and the same issues will apply with regards to redeployment of staff, retraining and scope creep. I'm sure that CESG will receive a good dollop and, while I respect the ability of CESG and the issues of conflicting priorities will be lessened, there is the ever-present issue that CESG has an incredibly hard time retaining suitably cleared and experienced staff who, once they have attained the clearance and received the training that CESG provides, are tempted away to high-paying consultancy and contract positions, often returning to their previous job but costing CESG up to ten times as much. Many of the issues at CESG are down to their stringent vetting requirements but that is a post for another day!