UK losing £20-30bn to 'information bomb', claims defence minister

UK defence chief uses presentation at French Cyber Symposium 2015 to identify Russia as a key cyber threat

The UK economy is losing "in the order of £20bn to £30bn a year" to cyber attacks, according to British Defence Secretary Michael Fallon. These figures represent a tripling of financial losses to the British economy over the past year, he said.

Fallon - Secretary of State for Defence since 2014 - made the claims during a speech at the Cyber Defence Symposium in Paris, comparing UK losses to cyber attacks to the "£10.7bn for drugs supply" (sic) and "£8.9bn for organised fraud". He did not explain the nature of the cyber attacks or of the associated losses, which would seem to have a £10bn margin of error.

"One hundred years ago we stood together at the frontline of a Great War," Fallon told the audience at the École Militaire. "Today we stand in the frontline of a virtual war."

The difference is the position of former ally Russia, which Fallon described as "revanchist" (determined to reverse territorial losses). Indeed, in his speech Fallon went out of his way to bracket Putin's Russia with "evil ISIL" in the ongoing cyber war. He called out Russia's use of "cyber" to gain military advantage, and ISIL for using technology to radicalise people and spread misinformation.

The cyber war "threatens our civilian infrastructure, our transport networks, our energy networks, our banking systems, and our economy as a whole," said Fallon.

China - long suspected to be behind a number of cyber attacks on the US and other Western countries - was not mentioned in the speech, perhaps because the UK government is courting Chinese investment in UK infrastructure projects, including nuclear power.

C'est la bombe!

Fallon quoted French cultural theorist Paul Virilio's concept of the "information bomb": "La bombe informatique nécessitera, au XXIe siècle, une nouvelle dissuasion, une dissuasion sociétaire, pour parer aux dégâts de l'explosion de l'information généralisée." ("In the 21st century, the information bomb will necessitate a new social deterrence to ward off the destructive effects of the explosion of generalised information.")

However, Fallon's use of the quote suggests that he had perhaps misunderstood Virilio's point, which was related to the spread of ignorance, not cyber attacks.

(Virilio - who has himself been criticised in France for "monumental confusions and wild fantasies" - also warned that technology has a distorting effect on our perceptions of the world, including of warfare. He noted that our increasing reliance on technology leads to a loss of deep knowledge and a focus on imaginary horizons.)

Underlying joint UK and French cyber defence activities is "a real sense of urgency: an awareness of the scale, diversity and complexity of the challenges we face." continued Fallon. "That is why cyber is now hardwired into UK defence's DNA and why these days we're fitting cyber capability as standard to our tanks, ships and planes.

"Fifth-generation tech, such as the F35 Lightning II... gives pilots enhanced network connectivity, allowing them to send real-time information, untainted and unseen by others, from the battlefield to the back office, up to ministers, and back again.

"Not only are we enhancing our kit, but we're upgrading our training, testing out our cyber capabilities in a virtual environment. And we're supporting our future leaders in learning more about cyber," he said.

Fallon didn't address the question of whether those tanks, planes, and ships are now vulnerable to cyber attack themselves, along with the back office connected to them, or, indeed, the (doubtless technologically advanced) ministers who are apparently in the same "cyber" chain. To an untrained observer, these would appear to be multiple new points of weakness.

Where's the money?

Critically, all this activity is underpinned by investment, added Fallon. "We believe it's better to invest in digital now than pay the penalty later on. So, as the headline writers are fond of writing we're ‘putting our money where our mouse is' [by] channelling more than £860m [a figure representing only 2.86 per cent of claimed UK losses to cyber attacks] into our National Cyber Security Programme.

"The UK government is sending out the right signals by committing to a basic [sic] level of cyber security, improving the resilience of core government ICT networks to cyber attacks through authentication and ID assurance, and building a new Public Sector Network [sic] to create a new security model for the sharing of services."

In fact, Fallon is overstating the case, as well as being alarmist and indiscreet. The Public Services Network (formerly the Public Sector Network) is hardly a nationwide investment programme into cutting-edge infrastructure and services; it's a money-saving scheme to force government departments, local authorities and public sector organisations to pool existing, underused network resources, many of which have existed for years. [External link]

"We must continually adapt," said Fallon, who said that there needs to be a culture of "cyber resilience" across all of society. Indeed.