Government pushes for international and industry collaboration in cyber security strategy
The government’s latest cyber security plan is focused on defence, deterrence and innovation, along with commitments to greater international cooperation to deal with global threats.
The UK wants to up global collaboration to tackle cyber crime - Photo credit: Pixabay
The five-year strategy, published yesterday, was announced by chancellor Philip Hammond at the Future Decoded conference. It will be funded with the £1.9bn investment for cyber that was announced at last year’s spending review and sets out three main lines of work for the UK.
These are: strengthening the UK’s defences in both the private and public sectors; deterring attacks with strong policies on cyber crime that are actively enforced; and developing the nation’s capabilities s it can keep pace with new threats.
“Active cyber defence”: UK’s first National Cyber Security Centre chief sets out strategy
UK cyber security centre promises to boost local government focus
Earning public trust in the age of cyber threats
In addition to these strands, the government emphasises the importance of international action and working with non-government bodies from academia, civil society and industry to address cyber crime. It adds that this will make the UK more trustworthy in the eyes of the public and a more attractive place for investment.
“If we can ensure security is designed and built in, by default, into commodity technologies, consumers and businesses would have less cause to worry about cyber security,” the strategy says.
“Should the UK consolidate its reputation as a secure environment to do business online, more global companies and investors will choose to locate here.”
The new strategy – which is a refresh of one that ran from 2011 – puts an emphasis on “active cyber defence”, which was first trailed by the National Cyber Security Centre’s chief executive Ciaran Martin at a conference in Washington in September.
He said at the time that too many large-scale, unsophisticated attacks were getting through and were doing “far too much damage”. To address this, the centre was looking at automated measures to make UK government networks the most secure, which will also act as a deterrent for attackers.
The strategy sets out examples of how it will do this, including minimising phishing attacks, filtering bad IP addresses and actively blocking malicious online activity, and stresses the need for this to be carried out in partnership with communications service providers, the Ministry of Defence and other stakeholders.
The cyber strategy also notes that the government has pledged to become digital by default and the importance of building public trust in online services. It says that the National Cyber Security Centre will “ensure that all new digital services built or procured by government are also ‘secure by default’”.
Further discussion of defence for government systems include a commitment to collaborate with the National Data Guardian for Health and Care on data security systems for the healthcare sector and work with the armed forces.
The section on defence also includes the only direct reference to local authorities in the document, saying that both councils and devolved administrations would be invited to participate in planned incident exercises and tests of government networks “as appropriate”.
Deter and develop
Meanwhile, the section on deterrence sets out the government’s plans to improve law enforcement capabilities and skills at national, regional and local levels to “pursue, prosecute and deter cyber criminals within the UK and overseas”.
It will also aim to better understand the “cyber crime business model” to help target interventions, and improve collaboration with the industry and finance sectors.
The third strand of the document is on developing the tools and capabilities to sustain its cyber security measures, which includes a strong focus on skills training to address the shortage of people with cyber and information security talent in government and the UK more broadly.
Measures include developing a cross-sector skills advisory group, boosting apprenticeships in relevant areas and creating a Defence Cyber Academy for government, as well as developing a cyber security profession with Royal Charter status by 2020.
At the same time, the chancellor also announced the creation of a virtual cyber security research institute looking at security measures such as smartphone, tablet and laptop security that “could one day make passwords obsolete”.
Finally, the strategy pushes for a greater amount of international collaboration, with global links mentioned repeatedly throughout the document.
This will include helping to create a “common understanding of responsible state behaviour in cyberspace” and working to tackle global threats with other countries.
“It is essential that we work closely with international partners to ensure the continuation of a free, open, peaceful and secure cyberspace that delivers these benefits,” the document states. “This will only become more important as the next billion users come online across the globe.”
Former Cabinet Office minister concludes that centralised functions should have a greater mandate to impose standards and spend controls
Auditors identify pattern of decisions being rushed and ill-informed, while digital leaders lack support
ICO takes PCs and other electronic equipment from two homes
Role comes with £100k-plus pay packet and remit to help lead transformation programme
PublicTechnology talks to Salesforce about why police forces need to adopt new omnichannel capabilities, offer the public channel choice and the benefits of doing so
It’s been one of the most challenging years for healthcare providers, but Salesforce sees lasting change from accelerated digital transformation