Chancellor of the Exchequer Philip Hammond has formally launched the Government’s new National Cyber Security Strategy, which will set out decisive action designed to protect the UK economy and the privacy of British citizens, while also encouraging industry to ‘up its game’ in order to prevent damaging cyber attacks.
Almost doubling the funding commitments of the first strategy which ran from 2011, the new plan outlines how the UK will use automated defences to safeguard citizens and businesses against growing cyber threats, support the UK’s growing cyber security industry, develop a world-class cyber workforce and deter cyber attacks perpetrated by criminals and hostile actors.
Cyber security is recognised as one of the greatest threats to business around the world, with the global cost of crimes in cyber space estimated at $445 billion. That’s according to the World Economic Forum’s 2016 Global Risks Report. Measures within the new National Cyber Security Strategy to keep the UK’s cyber space safe are therefore crucial to the future of the UK’s economy.
Outlining how cyber security underpins our daily lives such as through domestic devices in our homes and cars, air traffic control and power grids, the Chancellor has reinforced how the threat of attacks invades our privacy and threatens our national security, and has duly set out how the Government plans to deal with the situation.
The approach on cyber is a core part of the upcoming Industrial Strategy.
Hammond explained how increasingly vulnerable society is to cyber attacks thanks to the expanding range of connected devices which are creating more opportunities for exploitation, more demand for training and skills, old legacy IT systems used by many organisations in the UK and the readily available suite of user-friendly hacking tools which means everyone from the living room to the Boardroom is exposed to malicious hackers.
The Chancellor also emphasised the responsibility that CEOs have to make sure their organisations are secure against cyber attacks and the additional support central Government will afford industry and wider society through the all-new National Cyber Security Centre.
Defence, Deter and Develop
The National Cyber Security Strategy is underpinned by £1.9 billion of investment for dedicated actions through three key areas: Defence, Deter and Develop.
The strategy sets out how the Government will strengthen its own defences as well as making sure industry takes the right steps to protect Critical National Infrastructure in sectors like energy and transport. The Government will do this through working in partnership with industry – including companies such as the innovative SME Netcraft – to use automated defence techniques in reducing the impact of cyber attacks by hackers, for instance by stopping viruses and spam e-mails ever reaching their intended victims.
The Chancellor pointed to the recent successes of Government. Previously, a website serving web-inject malware would stay active for over a month. Now, it’s less than two days. UK-based phishing sites would remain active for a day. Now, it’s less than an hour. Phishing sites impersonating Government’s own departments would have stayed active for two days. Now, it’s less than five hours.
The Chancellor also pointed to the recent success of Government in reducing the ability of attackers to spoof @gov.uk e-mails – extracting valuable information from duped receipts. Recent work saw the spoofing of firstname.lastname@example.org go from 50,000 per day to effectively zero in the past six weeks.
Significant investment will go towards taking the fight to those who threaten Britain in cyber space and relentlessly pursuing anyone who persists in attacking us. This will be done in part through strengthening our law enforcement capabilities to raise the cost of cyber crime, building international partnerships and being clear that the UK will defend itself in cyber space and strike back against those that try to harm the nation.
This year alone, the Government is recruiting over 50 specialist cyber crime investigators and technical specialists working within the National Cyber Crime Unit, enhancing their ability to provide a powerful and highly visible investigative response to the most serious incidents of cyber crime while pursuing cyber criminals at a national and international level. This is part of tens of millions of pounds’ worth of investment in the nation’s cyber crime law enforcement capability, both at the local and national levels.
The new plan places strong emphasis on developing the nation’s capabilities to keep pace with cyber threats. The Government will also increase investment in the next generation of students and experts.
The Chancellor has announced a new Cyber Security Research Institute: a virtual collection of UK universities which will look to improve the security of smart phones, tablets and laptops through research that could one day make passwords obsolete. This builds on a range of cutting-edge skills and education initiatives, including cyber apprenticeships, retraining schemes and advanced cyber security teaching in schools, all of which are already being developed.
The Government is creating the UK’s first Cyber Security Innovation Centre in Cheltenham, will launch a Cyber Innovation Fund next year to develop innovate technologies and products and is funding training and support for cyber start-ups and academics to help them commercialise cutting-edge research and attract investment from the private sector.
These actions will ensure that the UK continues to be the world-leading digital nation, building on the successes of the previous cyber strategy.
Scale and pace of the threat
Philip Hammond stated: “Britain is already an acknowledged global leader in the field of cyber security thanks to our investment of over £860 million in the last Parliament, but we must now keep up with both the scale and pace of the threats we face. Our new strategy, underpinned by £1.9 billion of support over five years and excellent partnerships with industry and academia, will allow us to take even greater steps to defend ourselves in cyber space and strike back when we’re attacked.”
Ben Gummer, Minister for the Cabinet Office and Paymaster General, said: “No longer the stuff of spy thrillers and action movies, cyber attacks are a reality and they’re happening now. Our adversaries are varied – organised criminal groups, ‘hactivists’, untrained teenagers and foreign states. The first duty of the Government is to keep the nation safe. Any modern state cannot remain secure and prosperous without securing itself in cyber space. That’s why we are taking the decisive action needed to protect our country, our economy and our citizens. We can be proud that the UK leads the world in cyber security.”
Cindy Rose, UK CEO at Microsoft, commented: “The ‘mobile first, cloud first’ world holds enormous potential for organisations and individuals to generate new and exciting growth opportunities. However, there’s a corresponding risk that, as people increase their technology use, they also increase their exposure to cyber security threats. On that basis, it’s critical for all organisations to strengthen their core security hygiene as well as creating a pervasive security culture through education and awareness.”
Rose continued: “All participants in the security ecosystem also need to work together to ensure everyone can trust the technology they use. The Chancellor’s announcement is the kind of initiative that the UK needs in order to protect British citizens from the growing threats we face. We welcome the Government’s clear focus on tackling this significant issue which affects businesses and individuals alike.”
Need for continuous investment
Commenting on the Government’s announcement, Mishcon de Reya’s cyber security lead Joe Hancock said: “Cyber crime is continuously evolving and, therefore, the issue needs continuous investment. Today’s sophisticated attack is tomorrow’s bulk annoyance. Given the threat that cyber crime poses, it would be ideal to see the Government commit to a figure that will be allocated to tackling cyber crime each year.”
Hancock went on to state: “With many malicious issues originating abroad, a similar fund from the Foreign & Commonwealth Office to encourage other countries to improve their security at source, rather than when they reach the UK, would be welcome.”
In conclusion, Hancock informed Risk UK: “This investment is a very positive step. However, greater investment in skills is needed in the police force and also in Action Fraud to enable them to take action, or at least direct a civil response. There’s a danger these national defences don’t show a genuine return for individuals and businesses who have been the victims of cyber crime. Success will be measured by the fraud and crime that remains, in addition to what has been prevented.”