More money and more cooperation are the building blocks to better Cyber Security in the UK, believes Tony Dyhouse, director of the Digital Systems KTN – Cyber Security Programme. He tells Mike Lowe what the UK might face if it was hit by a successful cyber attack

"When documents get leaked to the media from government, you never get the full story," says Tony Dyhouse.

Dyhouse is referring to a document recently leaked to The Register on Cyber Security. A report from the Cyber Security Operations Center (CSOC), the government's new protector of all things cyber, warned in a confidential briefing that public confidence could be shattered if a cyber attack is successful.

Whilst Dyhouse concedes that CSOC's job is to predict the worst, he says that the summary is exactly that – the worst.

"In the past the security industry has been accused of crying wolf and I think everything has to be put into perspective," he says.

"On occasions I wake up some mornings and I don't have internet access at my home. It's pretty annoying. At the worst case it can be extremely annoying, but is it catastrophic to me? No."

The facility of broadband, and its potential disruption, is not necessarily the important factor, Dyhouse explains, it is more the services that are utilised through the broadband connection. He uses the example of ordering a car tax disc online, saying that if the option was removed it could lead to someone being fined for an out-of-date disc as they were unable to get to a post office. For that person, that could be pretty catastrophic, he says.

Looking at the worst case, Dyhouse says a successful cyber attack could bring down the banking system, power or systems that control the flow of water.

He says: "What we're talking about there is cyber warfare. We're talking about rendering a particular part of the UK's critical infrastructure unavailable or ineffective.

"Traditionally we have looked at communications and things but not long ago we had a fuel strike and the result of that was that we could not get bread. Nobody made the link at the time, but it goes to show a country can be severely affected by its reliance on critical systems."

In his biography on the programme's website, it says Dyhouse is a big believer in collaboration between the public and private sectors. Unfortunately private sector companies are less keen on this level of cooperation when it involves revealing if they have been attacked, a secrecy which does nothing to help Cyber Security, he says.

He explains that the attacks are often against intellectual property and thus companies are worried an announcement may affect things like its share value. However, one of the best ways to learn is to learn from several companies who have been subject to the same attack as a universal solution could then be provided.

When asked what he thought of government efforts, Dyhouse says he is much happier with the public sector's contribution, saying the UK's work in Cyber Security has been very good to start.

"It's gratifying to see all the political parties taking this seriously, it's gratifying to see the creation of CSOC and the Office for Cyber Security (OCS)," he says.

"[But] I would say the UK has very limited resources. If you look at what the US is putting in to a similar sort of initiative, you start to realise the difference between the two nations. The UK is not a wealthy nation at the moment, but what really worries me is do these organisations actually have the resource to do what they need to do?"

He adds: "I am unconvinced at this moment in time that they have sufficient resources to impact in the long term."

Dyhouse says the government has also been discussing Cyber Security funding with industry too, in light of the fact that the private sector runs many of the nation's critical systems. But as government is unable to force them to enhance security, which would cost more money, there is no guarantee they will comply and funding is unlikely to come from government.

"Obviously Cyber Security is my field, so I'm always going to be clamouring for more money. But it has to be said we are heading for a digital society, with the increased convergence of mobile devices, ever more broadband, ever more services and we've got Digital Britain," he says.

"Whether the amount being spent takes that into account I would probably question mark. There's very little that a UK citizen does these days that does not involve Cyber Security in some shape or form. So I don't think it should be allocated such a small proportion of the budget.

"Digital Britain says the UK citizen should be able to go about their business with confidence, but confidence does not come cheap."

www.publicservice.co.uk