IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Government publishes cyber security strategy

Government sets out plans to strengthen national defences over the next four years.

cyber crime

The Cabinet Office has revealed the Government's nation cyber security strategy, which sets out its plans to strengthen national defences over next four years.

The plans are designed to enhance the Government's current cyber security capabilities, improve security collaboration with and support for business, and boost the UK's ability to fend off attacks.

Based around four objectives, the document published today sets out a strategy to make the UK a safer place to do business, while facilitating open access to cyberspace and public data, and building out government cyber security skills and knowledge.

Mark Prisk, Minister for Business and Enterprise, said that, with the UK's online economy valued at 100 billion a year, cyberspace is vital for the UK's economic prosperity.

"However as well as bringing opportunities for businesses and their customers, cyberspace also brings threats," he said. "That's why it's important that we help all companies, from big multi-nationals to our small businesses take some simple, practical measures to protect themselves and their customers online."

The strategy makes much of working more closely with businesses, including small and midsized enterprises (SMEs) to increase knowledge transfer and skills levels, as well as cyber crime reporting.

This will include setting an expectation that at least 25% of the value of Government cyber security contracts go to SMEs, echoing the IT procurement strategy plans announced earlier this week.

A joint public/private sector cyber security hub' for exchanging cyber threat and response information will begin in pilot this December with five business sectors defence, telecoms, finance, pharmaceuticals and energy.

Action Fraud, the national fraud reporting and advice centre run by the National Fraud Authority will become the central portal for businesses and the public to make it easier to report financially motivated cyber crime.

The IT industry will receive increased support for security standards and skills, including the development of kitemarks' for cyber security software. A set of voluntary 'guiding principles' will be agreed with internet service providers (ISPs) and a scheme to certify cyber security specialists will be setup by March 2012.

The Centre for Protection of the National Infrastructure (CNI) will broaden its work with companies to ensure they take the necessary steps to protect key systems and data. It will increase its reach to companies that would not ordinarily be considered part of the critical infrastructure, but collectively they represent andimportant part of our economy, like those that innovate and develop new intellectual property, for example.

It also pledged to establish "centres of excellence in cyber security research and provide investment to plug any gaps" and boost the role of the public resource Get Safe Online by introducing a triage' system to diagnose cyber security issues and give them direct guidance.

Ross Parsell, director of cyber strategy at Thales e-Security, told IT Pro he had been working personally on the development of the strategy as part of government working groups.

Having been particularly involved in the Get Safe Online development, Parsell said: "This recognises that SMEs play a large part in the prosperity agenda. But where do they go when the screen goes blank? The triage system will help them on how to deal with that and we can help from a large company's perspective on what information would be useful."

Many of the Government's internal, organisational plans had already been outlined in the wider National Security Strategy announced in October last year. But James Brokenshire,Minister for Cyber Crime, restated plans to create a National Crime Agency (NCA) by 2013.

This new agency will merge specialist cyber law enforcement expertise at Scotland Yard's Police Central e-crime Unit (PCeU) with the international criminal intelligence remit of the Serious Organised Crime Agency (SOCA).

"The new National Crime Agency will share knowledge and expertise across law enforcement agencies, building on the pioneering work done by the Metropolitan Police and SOCA," Brokenshire stated.

The plans include expanding the PCeU's use of cyber-Specials,' by encouraging all police forces to make use of them, as well as involving experts from outside law enforcement to help tackle cyber crime as part of the NCA cyber crime unit. The government added that it would encourage the police and the courts to make more use of existing cyber sanctions for cyber offences.

New organisational plans also included a new Defence Cyber Operations Group in the Ministry f Defence, that will include a Joint Cyber Unit hosted by the UK Government Communications Headquarters (GCHQ). This will also look to share GCHQ expertise more widely for the economic benefit of UK Plc.

Graham Cluley, Sophossenior technology consultant, broadly welcomed plans he said were aimed at "beefing up the computer crime authorities, better communication between government and private sector, investing in national defences and critical infrastructure against cybercriminal attack, making it simpler to report attacks, and boosting awareness".

But Cluley highlighted there was no clear outline for how the 650m pledged earlier this year to support the four-year plans will be split: "It said this will be spent on the National Cyber Security Programme and the biggest benefactor, by far, is the Single Intelligence Account'."

The "Single Intelligence Account" is the main funding source for the MI5, MI6 and GCHQ. "The government is saying that the majority of the huge investment will help the UK detect and counter cyber attacks, based largely at GCHQ in Cheltenham, but details are classified,'" Cluley said.

He added that it also did not reveal how thesuccess of the plan will be measured."Measurement of progress is always going to be essential, without it you simply won't know how good a job you're doing at fighting cybercrime, and whether resources need to be augmented or put to work with different priorities," he concluded.

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download

Recommended

Tory party delays leadership selection over hacking fears
hacking

Tory party delays leadership selection over hacking fears

3 Aug 2022
UK government puts Online Safety Bill 'on ice'
Policy & legislation

UK government puts Online Safety Bill 'on ice'

14 Jul 2022
Oracle to build sovereign cloud regions in the EU for 2023
data governance

Oracle to build sovereign cloud regions in the EU for 2023

12 Jul 2022
Online Safety Bill: Messaging apps 'forced to scan messages' for child abuse content in fresh amendment
Policy & legislation

Online Safety Bill: Messaging apps 'forced to scan messages' for child abuse content in fresh amendment

6 Jul 2022

Most Popular

Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022
Microsoft successfully tests emission-free hydrogen fuel cell system for data centres
data centres

Microsoft successfully tests emission-free hydrogen fuel cell system for data centres

29 Jul 2022