Government publishes cyber security strategy

cyber crime

The Cabinet Office has revealed the Government's nation cyber security strategy, which sets out its plans to strengthen national defences over next four years.

The plans are designed to enhance the Government's current cyber security capabilities, improve security collaboration with and support for business, and boost the UK's ability to fend off attacks.

Based around four objectives, the document published today sets out a strategy to make the UK a safer place to do business, while facilitating open access to cyberspace and public data, and building out government cyber security skills and knowledge.

Mark Prisk, Minister for Business and Enterprise, said that, with the UK's online economy valued at 100 billion a year, cyberspace is vital for the UK's economic prosperity.

"However as well as bringing opportunities for businesses and their customers, cyberspace also brings threats," he said. "That's why it's important that we help all companies, from big multi-nationals to our small businesses take some simple, practical measures to protect themselves and their customers online."

The strategy makes much of working more closely with businesses, including small and midsized enterprises (SMEs) to increase knowledge transfer and skills levels, as well as cyber crime reporting.

This will include setting an expectation that at least 25% of the value of Government cyber security contracts go to SMEs, echoing the IT procurement strategy plans announced earlier this week.

A joint public/private sector cyber security hub' for exchanging cyber threat and response information will begin in pilot this December with five business sectors defence, telecoms, finance, pharmaceuticals and energy.

Action Fraud, the national fraud reporting and advice centre run by the National Fraud Authority will become the central portal for businesses and the public to make it easier to report financially motivated cyber crime.

The IT industry will receive increased support for security standards and skills, including the development of kitemarks' for cyber security software. A set of voluntary 'guiding principles' will be agreed with internet service providers (ISPs) and a scheme to certify cyber security specialists will be setup by March 2012.

The Centre for Protection of the National Infrastructure (CNI) will broaden its work with companies to ensure they take the necessary steps to protect key systems and data. It will increase its reach to companies that would not ordinarily be considered part of the critical infrastructure, but collectively they represent andimportant part of our economy, like those that innovate and develop new intellectual property, for example.

It also pledged to establish "centres of excellence in cyber security research and provide investment to plug any gaps" and boost the role of the public resource Get Safe Online by introducing a triage' system to diagnose cyber security issues and give them direct guidance.

Ross Parsell, director of cyber strategy at Thales e-Security, told IT Pro he had been working personally on the development of the strategy as part of government working groups.

Having been particularly involved in the Get Safe Online development, Parsell said: "This recognises that SMEs play a large part in the prosperity agenda. But where do they go when the screen goes blank? The triage system will help them on how to deal with that and we can help from a large company's perspective on what information would be useful."

Many of the Government's internal, organisational plans had already been outlined in the wider National Security Strategy announced in October last year. But James Brokenshire,Minister for Cyber Crime, restated plans to create a National Crime Agency (NCA) by 2013.

This new agency will merge specialist cyber law enforcement expertise at Scotland Yard's Police Central e-crime Unit (PCeU) with the international criminal intelligence remit of the Serious Organised Crime Agency (SOCA).

"The new National Crime Agency will share knowledge and expertise across law enforcement agencies, building on the pioneering work done by the Metropolitan Police and SOCA," Brokenshire stated.

The plans include expanding the PCeU's use of cyber-Specials,' by encouraging all police forces to make use of them, as well as involving experts from outside law enforcement to help tackle cyber crime as part of the NCA cyber crime unit. The government added that it would encourage the police and the courts to make more use of existing cyber sanctions for cyber offences.

New organisational plans also included a new Defence Cyber Operations Group in the Ministry f Defence, that will include a Joint Cyber Unit hosted by the UK Government Communications Headquarters (GCHQ). This will also look to share GCHQ expertise more widely for the economic benefit of UK Plc.

Graham Cluley, Sophossenior technology consultant, broadly welcomed plans he said were aimed at "beefing up the computer crime authorities, better communication between government and private sector, investing in national defences and critical infrastructure against cybercriminal attack, making it simpler to report attacks, and boosting awareness".

But Cluley highlighted there was no clear outline for how the 650m pledged earlier this year to support the four-year plans will be split: "It said this will be spent on the National Cyber Security Programme and the biggest benefactor, by far, is the Single Intelligence Account'."

The "Single Intelligence Account" is the main funding source for the MI5, MI6 and GCHQ. "The government is saying that the majority of the huge investment will help the UK detect and counter cyber attacks, based largely at GCHQ in Cheltenham, but details are classified,'" Cluley said.

He added that it also did not reveal how thesuccess of the plan will be measured."Measurement of progress is always going to be essential, without it you simply won't know how good a job you're doing at fighting cybercrime, and whether resources need to be augmented or put to work with different priorities," he concluded.

Miya Knights

A 25-year veteran enterprise technology expert, Miya Knights applies her deep understanding of technology gained through her journalism career to both her role as a consultant and as director at Retail Technology Magazine, which she helped shape over the past 17 years. Miya was educated at Oxford University, earning a master’s degree in English.

Her role as a journalist has seen her write for many of the leading technology publishers in the UK such as ITPro, TechWeekEurope, CIO UK, Computer Weekly, and also a number of national newspapers including The Times, Independent, and Financial Times.