UK doubles spending on overseas cyber security projects

The UK government’s conflict, stability and security fund doubled its spending on overseas cyber security programmes last year, in a sign of the growing threat to peace posed by online hackers.

Baroness Lucy Neville-Rolfe, Cabinet Office minister, told the Financial Times that spending by the cross-Whitehall fund, led by her department, rose to £25mn in 2022-23 as overseas governments asked for help in hardening their cyber resilience and fighting cyber crime.

“The cyber risk in fragile states is obviously very significant,” she said in an interview, describing how British money and expertise had been channelled to Ukraine to boost its resistance to Russian cyberattacks over the past two years.

The UK’s assessment is that the vast majority of cyber crime threats worldwide originate from Russian-speaking groups.

Neville-Rolfe said ministers in foreign governments had raised ransomware attacks, where computer systems are paralysed unless a payment is made, as a particular cause for concern. The UK worked with India on the issue last year.

Britain also bolstered the cyber security capability of administrations in Georgia, Iraq, the Indo-Pacific, the Commonwealth and Africa, she added.

The UK has deployed national security officials and paid contractors, including defence group BAE Systems, to deliver the CSSF’s cyber programmes overseas, picking up knowledge that benefited domestic strategy.

“The flow has to be two-way,” Neville-Rolfe said, noting that a “successful” scheme implemented in one place could be replicated elsewhere.

Alongside cyber programmes, the CSSF finances projects tackling terrorism, drug smuggling and other organised crime, as well as a range of peacekeeping initiatives. Last year it funded programmes in 90 countries.

Neville-Rolfe, a Tory peer since 2013, defended the government’s plan to overhaul the CSSF this year, as it aims to better integrate the safeguarding of domestic and international security. In April it will be renamed the Integrated Security Fund.

A cross-party committee of MPs and peers warned in September last year that the move risked diluting the fund’s “distinct identity” as an “agile and responsive” entity that took on projects “other funders would often deem too high-risk”.

Neville-Rolfe said the principles of the fund would “remain the same” after the rebrand, arguing that it facilitated “good crack teams at the heart of government and in the embassies” to experiment and countered the perception among some members of the public that “civil servants don’t want to take risks”.

The Joint Committee on the National Security Strategy also warned in its report of the “false economy” of deep cuts to the aid-funded portions of the CSSF. It said the move had shifted the fund’s emphasis away from peace building and conflict prevention.

While the CSSF’s budget topped £1.26bn in 2020-21, it fell to £859mn in 2021-22 after then prime minister Boris Johnson’s government slashed the aid budget from 0.7 per cent of gross national income to 0.5 per cent. Last year the fund spent £830mn, according to provisional figures.

Neville-Rolfe acknowledged the fund’s budget had “fallen a little bit”, but said its model included financing risky programmes that, once proven effective, could be moved to the budget of the Foreign, Commonwealth and Development Office. She cited a “game-changing” initiative on clearing landmines that followed this route.

A former Tesco supermarket executive, Neville-Rolfe has held a series of government jobs, including postal affairs minister.

After being appointed to that role in 2015, she ordered the incoming chair of the Post Office to commission a review by an external lawyer into the Horizon IT system, which the High Court later found to be at fault in the prosecution of hundreds of sub-postmasters.

Neville-Rolfe said the scandal — which has prompted a public outcry in recent weeks — had been an “appalling miscarriage of justice”.

“The victims should be compensated and the [Post Office Horizon IT] inquiry has rightly been established to decide whether anything further needs to be done,” said Neville-Rolfe, adding that she expected to be called to give evidence to the inquiry.