Government Appoints New Head Of Cyber Defence

The minister for the armed forces, Nick Harvey, has announced the appointment of a “very senior military officer” to lead the government’s Defence Cyber Operations Group, which is at the heart of its cyber-defence strategy.

Speaking in the House of Commons earlier this week, Harvey reiterated the government’s focus on cyber-defence, set out in its Strategic Defence and Security Review, published last year.

“Since I last updated the House in December, we have made considerable progress in this area,” he said. “Our new global operations and security control centre is now up and running, and we have commissioned a new monitoring system to detect cyber-attacks against our defence systems.”

A new approach

Harvey did not name the “very senior military officer,” but it is rumoured to be major general Jonathan Shaw, who is currently assistant chief of the defence staff for international security and policy. The person appointed will be tasked with transforming the unit’s approach over the next four years, using the £650 million earmarked by the government for cyber security, in close collaboration with the Cabinet Office.

“The House will understand if I do not comment further on the detail of the measures we take to protect our systems, but we are not complacent – we must outmatch a rapidly changing threat,” said Harvey.

Graeme Stewart, public sector business development director at security firm Sophos, has welcomed the announcement, but also expressed concern about what the brief will be for the newly appointed role.

“Presenting this kind of role to someone who is not a professional in information security could have potential positives and negatives,” said Stewart.

“If the appointed person has no experience in this field, they will have the ability to apply a pragmatic approach to the task at hand, that is not coloured by dogma or industry hype. They’ll also be able to draw upon previous experience from the military, such as the handling of mission critical information, and they will understand the cost of poor information handling and the real cost of system (both procedural and IT) failure.

“The potential negative, however, is that information and cyber security is a highly specialised topic requiring a great deal of technical knowledge and understanding. It’s a complicated subject to get to grips with,” he added.

Cyber-defence funding

Stewart also raised questions about how the government funding will be used, urging the new head of cyber operations to focus on the wider requirements of cyber-defence.

“It is essential that spending is distributed across the entire government network – from central government to local councils and police forces – as outlying systems on any network become the easiest point of entry,” he said.

Cyber security is one of the few areas of the public sector that has received increased funding over the last year, amid widespread government cuts. This is largely because cyber attacks were highlighted in the Strategic Defence and Security Review as being one of the greatest threats the the UK, alongside terrorism.

Funding will be raked back through the cutting of wasteful IT projects, such as national ID cards and the NHS National Programme for IT, as well as the rationalisation of general IT spending. Cabinet Office minister Francis Maude claims to have saved £402 million already by scrapping ID cards, and expects to save a further £800m by renegotiating contracts with major government suppliers.