Chancellor Philip Hammond has launched UK government’s new five-year National Cyber Security Strategy in a bid to become one of the “safest places in the world to do business.”According to the World Economic Forum’s 2016 Global Risks Report, cyber-security is recognised as one of the greatest threats to business worldwide, and the global cost of crimes in cyberspace is estimated to be $445bn.
Ben Gummer, Minister for the Cabinet Office & Paymaster General, said: “No longer the stuff of spy thrillers and action movies, cyber-attacks are a reality and they are happening now. Our adversaries are varied – organised criminal groups, ‘hactivists’, untrained teenagers and foreign states.
A new Civil Nuclear Cyber Security Strategy has been issued by the Department for Business, Energy and Industrial Strategy in the UK. BEIS says the strategy helps ensure the UK has a secure and resilient energy system “by ensuring that the civil nuclear sector is able to defend against, recover from, and is resilient to evolving cyber threats”.
The concerns have also been raised about the threat to Nuclear power plants from both conventional cyber-criminals and nation-state actors. And SCADA legacy equipment – that is, computers and electronics that play a part in running nuclear plants but were developed prior to the advent of the internet – are widely regarded as dangerous because they lack robust online security systems. A blended attack is another scenario that it is concerned about, in which an adversary uses a cyber-attack to enable or reinforce a physical attack
“The first duty of the Government is to keep the nation safe. Any modern state cannot remain secure and prosperous without securing itself in cyberspace. That is why we are taking the decisive action needed to protect our country, our economy and our citizens.”
On February 14, 2017, the United Kingdom officially opened its National Cyber Security Centre (“NCSC”). The NCSC, will be part of the Government Communications Headquarters (“GCHQ”), the UK’s intelligence and security arm akin to the National Security Agency in the United States.
The NCSC is designed to be the UK’s single, central body to manage cybersecurity incidents in the country and will be the UK’s hub for interagency cooperation. The NCSC expects to take the lead in responding to the most serious cybersecurity incidents, especially on critical national infrastructure, but also plans to help raise the security capability in the UK against day-to-day malicious activity.As part of the NCSC’s operation, the UK government plans to invest £1.9 billion ($2.4 billion) in cybersecurity over the next five years.
The strategy has been broken down into three areas: defence, deter and develop.
Defence, the chancellor said government will reorganise its own defences, dealing with the plethora of government departments’ IT security arrangements and shortcomings in cyber-security. “We will develop a series of measures to actively defend ourselves against cyber attacks. These national capabilities, developed and operated by the private sector, will reinforce the UK’s reputation for being one of the safest places in the world to do business.”
“We all have a role to play in protecting computers, networks and data. We will improve the way government protects its data by applying appropriately high standards of cyber security to government systems, introducing stronger defences for our systems and maintaining public confidence in our online government services. We will build a new secure, cross-government network to improve joint working on sensitive cyber issues.”
One company the government is highlighting here is Netcraft for “automated defence techniques to reduce the impact of cyber-attacks by hackers, stopping viruses and spam emails ever reaching their intended victims for example.”
“We will improve our national ability to respond quickly and effectively to cyber attack. We will create a new National Cyber Centre to lead this response. Operating under GCHQ leadership, it will manage our future operational response to cyber incidents, ensuring that we can protect the UK against serious attacks and minimise their impact.”
On deterrence, “UK will not only defend itself in cyberspace but would also be prepared to “strike back against those that try to harm our country”. “And we will continue to invest in our offensive cyber capabilities, because the ability to detect, trace and retaliate in kind is likely to be the best deterrent. ” Primarily based in the Government Communications Headquarters (GCHQ), these capabilities will enable us to match the pace of technological change,” said government’s 2015 Strategic Defence and Security Review.
Finally, on the develop strand, the government will place strong emphasis on research and development and education. “We will invest in capabilities to detect and analyse cyber threats, pre-empt attacks and track down those responsible. To that end, the government will recruit over 50 cyber-crime investigators for the National Cyber Crime Unit (NCCU). This is part of the government’s plans to invest tens of millions of pounds in cyber-crime law enforcement at local and national level.
A new Cyber Security Research Institute – a virtual collection of UK universities – will look at ways to increase the security of smartphones, tablets and laptops. In addition, the UK’s first cyber security Innovation Centre will be created in Cheltenham and the UK will launch a Cyber Innovation Fund next year to help develop new technology.
“The Government will ensure that our Armed Forces have strong cyber defences, and that in the event of a significant cyber incident in the UK, they are ready to provide assistance. We will provide the Armed Forces with advanced offensive cyber capabilities, drawing on the National Offensive Cyber Programme which is run in partnership between the MOD and GCHQ.”
We will continue to help NATO and other allies to protect their networks using our intelligence and technical insights, and we will use our advanced capabilities to enable the success of coalition operations.
Chancellor of the Exchequer, Philip Hammond said: “Britain is already an acknowledged global leader in cyber security thanks to our investment of over £860m in the last Parliament, but we must now keep up with the scale and pace of the threats we face. Our new strategy, underpinned by £1.9 billion of support over five years and excellent partnerships with industry and academia, will allow us to take even greater steps to defend ourselves in cyberspace and to strike back when we are attacked.”
Ben Gummer, Minister for the Cabinet Office & Paymaster General, said: “The first duty of the Government is to keep the nation safe. Any modern state cannot remain secure and prosperous without securing itself in cyberspace. That is why we are taking the decisive action needed to protect our country, our economy and our citizens.”
References and Resources also include: