Government publishes cyber security strategy

Government sets out plans to strengthen national defences over the next four years.

cyber crime

The Cabinet Office has revealed the Government's nation cyber security strategy, which sets out its plans to strengthen national defences over next four years.

The plans are designed to enhance the Government's current cyber security capabilities, improve security collaboration with and support for business, and boost the UK's ability to fend off attacks.

Advertisement - Article continues below

Based around four objectives, the document published today sets out a strategy to make the UK a safer place to do business, while facilitating open access to cyberspace and public data, and building out government cyber security skills and knowledge.

Mark Prisk, Minister for Business and Enterprise, said that, with the UK's online economy valued at 100 billion a year, cyberspace is vital for the UK's economic prosperity.

"However as well as bringing opportunities for businesses and their customers, cyberspace also brings threats," he said. "That's why it's important that we help all companies, from big multi-nationals to our small businesses take some simple, practical measures to protect themselves and their customers online."

The strategy makes much of working more closely with businesses, including small and midsized enterprises (SMEs) to increase knowledge transfer and skills levels, as well as cyber crime reporting.

This will include setting an expectation that at least 25% of the value of Government cyber security contracts go to SMEs, echoing the IT procurement strategy plans announced earlier this week.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

A joint public/private sector cyber security hub' for exchanging cyber threat and response information will begin in pilot this December with five business sectors defence, telecoms, finance, pharmaceuticals and energy.

Action Fraud, the national fraud reporting and advice centre run by the National Fraud Authority will become the central portal for businesses and the public to make it easier to report financially motivated cyber crime.

The IT industry will receive increased support for security standards and skills, including the development of kitemarks' for cyber security software. A set of voluntary 'guiding principles' will be agreed with internet service providers (ISPs) and a scheme to certify cyber security specialists will be setup by March 2012.

The Centre for Protection of the National Infrastructure (CNI) will broaden its work with companies to ensure they take the necessary steps to protect key systems and data. It will increase its reach to companies that would not ordinarily be considered part of the critical infrastructure, but collectively they represent andimportant part of our economy, like those that innovate and develop new intellectual property, for example.

Advertisement - Article continues below

It also pledged to establish "centres of excellence in cyber security research and provide investment to plug any gaps" and boost the role of the public resource Get Safe Online by introducing a triage' system to diagnose cyber security issues and give them direct guidance.

Ross Parsell, director of cyber strategy at Thales e-Security, told IT Pro he had been working personally on the development of the strategy as part of government working groups.

Having been particularly involved in the Get Safe Online development, Parsell said: "This recognises that SMEs play a large part in the prosperity agenda. But where do they go when the screen goes blank? The triage system will help them on how to deal with that and we can help from a large company's perspective on what information would be useful."

Advertisement
Advertisement - Article continues below

Many of the Government's internal, organisational plans had already been outlined in the wider National Security Strategy announced in October last year. But James Brokenshire,Minister for Cyber Crime, restated plans to create a National Crime Agency (NCA) by 2013.

Advertisement - Article continues below

This new agency will merge specialist cyber law enforcement expertise at Scotland Yard's Police Central e-crime Unit (PCeU) with the international criminal intelligence remit of the Serious Organised Crime Agency (SOCA).

"The new National Crime Agency will share knowledge and expertise across law enforcement agencies, building on the pioneering work done by the Metropolitan Police and SOCA," Brokenshire stated.

The plans include expanding the PCeU's use of cyber-Specials,' by encouraging all police forces to make use of them, as well as involving experts from outside law enforcement to help tackle cyber crime as part of the NCA cyber crime unit. The government added that it would encourage the police and the courts to make more use of existing cyber sanctions for cyber offences.

New organisational plans also included a new Defence Cyber Operations Group in the Ministry f Defence, that will include a Joint Cyber Unit hosted by the UK Government Communications Headquarters (GCHQ). This will also look to share GCHQ expertise more widely for the economic benefit of UK Plc.

Advertisement - Article continues below

Graham Cluley, Sophossenior technology consultant, broadly welcomed plans he said were aimed at "beefing up the computer crime authorities, better communication between government and private sector, investing in national defences and critical infrastructure against cybercriminal attack, making it simpler to report attacks, and boosting awareness".

But Cluley highlighted there was no clear outline for how the 650m pledged earlier this year to support the four-year plans will be split: "It said this will be spent on the National Cyber Security Programme and the biggest benefactor, by far, is the Single Intelligence Account'."

The "Single Intelligence Account" is the main funding source for the MI5, MI6 and GCHQ. "The government is saying that the majority of the huge investment will help the UK detect and counter cyber attacks, based largely at GCHQ in Cheltenham, but details are classified,'" Cluley said.

He added that it also did not reveal how thesuccess of the plan will be measured."Measurement of progress is always going to be essential, without it you simply won't know how good a job you're doing at fighting cybercrime, and whether resources need to be augmented or put to work with different priorities," he concluded.

Featured Resources

Key considerations for implementing secure telework at scale

Identifying the security risks and advanced requirements of a remote workforce

Download now

The State of Salesforce 2020

Your guide to getting the most from Salesforce

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Rethink your cybersecurity strategy for the new world

5 steps to secure the enterprise and be fit for a flexible future

Download now
Advertisement
Advertisement

Recommended

Andrew Daniels joins Druva as CIO and CISO
Cloud

Andrew Daniels joins Druva as CIO and CISO

22 Jul 2020
University of California gets fleeced by hackers for $1.14 million
ransomware

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
Australia announces $1.35 billion investment in cyber security
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
CSA and ISSA form cyber security partnership
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

4 Aug 2020
UN report points to a 350% rise in phishing websites at start of 2020
phishing

UN report points to a 350% rise in phishing websites at start of 2020

7 Aug 2020