Ruth Edwards is MP for Rushcliffe.
The breach of the US Embassy in Iraq and the US retaliation in assassinating Qasem Soleimani are potent symbols of the increasing tensions between Iran and the West.
There are clear, visible signs of the Government moving to protect our people and assets in the region, with Royal Navy ships being sent to protect tankers in the Strait of Hormuz. But, unseen, there will also be huge amounts of activity in Security Operation Centres across the country to step-up our digital defences.
Suppliers of Critical National Infrastructure, such as my former employer BT, often face an increase in attempted cyber security attacks at times of high international tensions.
Cyber attacks are increasingly used by nation states to continue ‘war by other means’. Ten years ago, the Stuxnet virus was deployed against Iran to damage centrifuges being used in its nuclear programme and, last year, US officials claimed to have carried out a cyber attack which degraded Iran’s ability to target tankers in the Gulf.
We know that Iran has been developing its own cyber capabilities. Malware such as the Shamoon virus, which wiped out much of the digital infrastructure of oil companies like Saudi Aramco and RasGas, has been attributed to Iranian-backed sources.
We may not have yet seen a ‘C1’ cyber-attack against the UK – that’s an attack that cripples our critical infrastructure – but the UK’s ability and willingness to deploy both hard and soft ‘cyber power’ against nation state adversaries and organised criminal groups will be crucial as we redefine our role in international affairs post-Brexit.
This year’s Security, Defence and Foreign Policy review provides an excellent opportunity to reinforce Britain’s place as a leader in international ‘cyber power’.
As well as investment in hardware – ships, jets and kinetic weapon – the UK must prioritise investment in defensive and offensive cyber capabilities.
Yes, that means investing in the latest technologies, but it also means making sure we have enough people with the skills to defend infrastructure and businesses across the country. This is the most pressing issue.
Government research has found that 54 per cent of businesses in the UK lack the skilled people they need to protect themselves from cyber-attack. This is a global problem, with current estimates that we will have a global shortage of 1.8 million cyber security professionals by 2022.
Previous governments have rightly sought to address the shortage of talent coming through the pipeline, with initiatives such as CyberFirst encouraging young people to study cyber security at university. This has been an effective method of getting young people into the industry.
What we need now is a comprehensive strategy to help train and transfer people into cyber security roles mid-career. The £3 billion National Skills Fund, announced in the Conservative election manifesto, to help adults re-train and re-enter the workplace provides this opportunity. Sectors of strategic national importance, such as cyber security, should be prioritised.
Finally, we must project soft-power abroad. In the same way the UK helps developing countries build infrastructure through its international aid programme, we need to use our leadership in cyber security to help our friends and trading partners develop their capacity.
For example, the UK has made good progress in improving the infrastructure of the internet and making it harder for attackers to exploit, through its Active Cyber Defence Programme. It also has advanced information sharing practises between the public and private sector and has spent years developing a comprehensive strategic approach to tackling cyber threats. Helping others to build this capacity would strengthen cyber security across the world.
Cyber Power will be a defining characteristic of the ‘20s: the UK can, and must, lead in its deployment.