UK's investment in cyber security is not embarrassing - £650m is enough, claims security director

'We should applaud the government for its work,' says Thales UK's Ross Parsell

The government is putting sufficient funds into tackling digital threats and its cyber security strategy should be applauded, according to Ross Parsell, director of security at defence systems provider Thales UK.

Parsell was responding to the views expressed to Computing by a panel of industry experts.

Bob Ayers, the former US intelligence officer at the department of defence, claimed that the £650m figure that the UK has invested from 2010 over a four-year period is "embarrassing" in comparison to the US, which had been spending $100m a year over 20 years ago on its cyber security programme.

The US has continued to invest in its programme, with the Obama administration's latest proposals suggesting that cyber security spending for the 2014 fiscal year would jump to $4.7bn (£3.1bn), up 20 per cent from the $3.9bn budget for 2013.

But Parsell hit back at critics of the UK government, stating it has moved forwards significantly thanks to the investment made.

He cited former White House cyber security co-ordinator Howard Schmidt, who told delegates at the recent cyber information-sharing partnership (CISP) launch that the UK had been able to do in two years what it had taken the US 17 years to do.

"To some extent that shows that whereas we haven't supplied a US budget approach and thrown lots of money at it, we have applied it in the right areas and made a culture shift to bring industry together with government," Parsell stated.

Parsell said that another £650m will most likely be made available in 2014 as part of the government's budget, but that this would not be something that the government would need to make a big announcement for, as the money is now part of the "day-to-day" running of public security.

Although Cabinet Office minister Francis Maude has said that cyber security is one of the most important issues that the UK faces, Parsell believes that £650m is an appropriate amount to be spent from 2014 to 2018.

"It's an appropriate amount for where we stand at this time. If we throw more money into it there will be more confusion and more people running around with cyber job titles, it would be embarrassing," he said.

It has been noted that there could currently be about 27 different entities within government that deal with cyber security, but Parsell believes that extra funding could mean that this would turn into 50 entities.

"Twenty-seven is already a large number, but they have specific areas [of cyber security] that they are looking at; more money would be detrimental," he said.

"I am supportive of what the government does and as the threat changes so fast, we should applaud the government for doing what it is doing because unfortunately the bad guys don't sit and wait for the budget to come along. I don't think £650m is embarrassing, it was a good number and well thought through," he added.