GCHQ admits £1bn spend on cyber security 'hasn't worked'

"We've spent quite a lot of money, but still failed," admits CESG director Dewedney

GCHQ is losing the cyber security war, according to director of cyber security at CESG (Communications-Electronics Security Group) Alex Dewedney, who admitted that, despite a £1bn spend over the past five years, "the bottom line is it hasn't worked".

Speaking at the RSA security conference in San Francisco late last week, Dewedney also suggested a "more interventionist policy" may now be needed.

"I think the best way to sum up the challenge we face is that while we've done a lot over the past five years and spent quite a lot of money as a government, particularly in those years of austerity we've been through, the bottom line is it hasn't worked," Dewedney said.

While he said that he could "point to lots of achievements around understanding the threats much better", Dewedney maintained that the UK is "not winning the fight on cyber security".

Dewedney said "there's been something of a mantra in the UK that the solution to all of our problems is information sharing and partnerships".

"[People believe that] if we keep doing that, then somehow it will magically cause improvement to happen. That approach by itself is not sufficient," said Dewedney.

"We can't just pass information on threats to businesses and tell them to go and deal with it themselves," said Dewedney, who added that 90 per cent of UK enterprises suffered cyber security breaches last year.

Dewedney also criticised the UK government for "not... spending money on fixing legacy IT issues" that have left a situation that, he said, "is killing us".

"I've tried to make this argument to my bosses that surely you have to start [with legacy] before you try to do anything more sophisticated," he said. "But the response has been ‘I'm not spending cyber security programme money to subsidise other departments' IT budgets'."

While Chancellor George Osborne last November pledged to double cyber security funding to £1.9bn by 2020, chiefly to try to prevent "ISIL... using the internet for hideous propaganda purposes", Dewedney argued that funding is not the most pressing issue.

The problem is "not so much a money issue as it is a human resources issue", he said.