Government publishes cyber security strategy

Government sets out plans to strengthen national defences over the next four years.

cyber crime

The Cabinet Office has revealed the Government's nation cyber security strategy, which sets out its plans to strengthen national defences over next four years.

The plans are designed to enhance the Government's current cyber security capabilities, improve security collaboration with and support for business, and boost the UK's ability to fend off attacks.

Based around four objectives, the document published today sets out a strategy to make the UK a safer place to do business, while facilitating open access to cyberspace and public data, and building out government cyber security skills and knowledge.

Mark Prisk, Minister for Business and Enterprise, said that, with the UK's online economy valued at 100 billion a year, cyberspace is vital for the UK's economic prosperity.

Advertisement - Article continues below
Advertisement - Article continues below

"However as well as bringing opportunities for businesses and their customers, cyberspace also brings threats," he said. "That's why it's important that we help all companies, from big multi-nationals to our small businesses take some simple, practical measures to protect themselves and their customers online."

The strategy makes much of working more closely with businesses, including small and midsized enterprises (SMEs) to increase knowledge transfer and skills levels, as well as cyber crime reporting.

This will include setting an expectation that at least 25% of the value of Government cyber security contracts go to SMEs, echoing the IT procurement strategy plans announced earlier this week.

A joint public/private sector cyber security hub' for exchanging cyber threat and response information will begin in pilot this December with five business sectors defence, telecoms, finance, pharmaceuticals and energy.

Action Fraud, the national fraud reporting and advice centre run by the National Fraud Authority will become the central portal for businesses and the public to make it easier to report financially motivated cyber crime.

The IT industry will receive increased support for security standards and skills, including the development of kitemarks' for cyber security software. A set of voluntary 'guiding principles' will be agreed with internet service providers (ISPs) and a scheme to certify cyber security specialists will be setup by March 2012.

Advertisement - Article continues below

The Centre for Protection of the National Infrastructure (CNI) will broaden its work with companies to ensure they take the necessary steps to protect key systems and data. It will increase its reach to companies that would not ordinarily be considered part of the critical infrastructure, but collectively they represent andimportant part of our economy, like those that innovate and develop new intellectual property, for example.

It also pledged to establish "centres of excellence in cyber security research and provide investment to plug any gaps" and boost the role of the public resource Get Safe Online by introducing a triage' system to diagnose cyber security issues and give them direct guidance.

Ross Parsell, director of cyber strategy at Thales e-Security, told IT Pro he had been working personally on the development of the strategy as part of government working groups.

Having been particularly involved in the Get Safe Online development, Parsell said: "This recognises that SMEs play a large part in the prosperity agenda. But where do they go when the screen goes blank? The triage system will help them on how to deal with that and we can help from a large company's perspective on what information would be useful."

Advertisement - Article continues below

Many of the Government's internal, organisational plans had already been outlined in the wider National Security Strategy announced in October last year. But James Brokenshire,Minister for Cyber Crime, restated plans to create a National Crime Agency (NCA) by 2013.

This new agency will merge specialist cyber law enforcement expertise at Scotland Yard's Police Central e-crime Unit (PCeU) with the international criminal intelligence remit of the Serious Organised Crime Agency (SOCA).

Advertisement - Article continues below

"The new National Crime Agency will share knowledge and expertise across law enforcement agencies, building on the pioneering work done by the Metropolitan Police and SOCA," Brokenshire stated.

The plans include expanding the PCeU's use of cyber-Specials,' by encouraging all police forces to make use of them, as well as involving experts from outside law enforcement to help tackle cyber crime as part of the NCA cyber crime unit. The government added that it would encourage the police and the courts to make more use of existing cyber sanctions for cyber offences.

New organisational plans also included a new Defence Cyber Operations Group in the Ministry f Defence, that will include a Joint Cyber Unit hosted by the UK Government Communications Headquarters (GCHQ). This will also look to share GCHQ expertise more widely for the economic benefit of UK Plc.

Graham Cluley, Sophossenior technology consultant, broadly welcomed plans he said were aimed at "beefing up the computer crime authorities, better communication between government and private sector, investing in national defences and critical infrastructure against cybercriminal attack, making it simpler to report attacks, and boosting awareness".

But Cluley highlighted there was no clear outline for how the 650m pledged earlier this year to support the four-year plans will be split: "It said this will be spent on the National Cyber Security Programme and the biggest benefactor, by far, is the Single Intelligence Account'."

The "Single Intelligence Account" is the main funding source for the MI5, MI6 and GCHQ. "The government is saying that the majority of the huge investment will help the UK detect and counter cyber attacks, based largely at GCHQ in Cheltenham, but details are classified,'" Cluley said.

Advertisement - Article continues below

He added that it also did not reveal how thesuccess of the plan will be measured."Measurement of progress is always going to be essential, without it you simply won't know how good a job you're doing at fighting cybercrime, and whether resources need to be augmented or put to work with different priorities," he concluded.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now



Amazon will pass on 2% digital tax to sellers

16 Jan 2020
Policy & legislation

Government announces review of IR35 off-payroll changes

8 Jan 2020
data management

EU-US data transfer tools used by Facebook ruled legal

19 Dec 2019
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019

Most Popular

data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020

Dell XPS 13 (New 9300) hands-on review: Chasing perfection

14 Jan 2020
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020