From online shopping to Twitter to email, in just two decades the internet has revolutionised our working and social lives. The growth of the web has reduced barriers to trade and is a major driver of growth. In the UK our internet-related market is now worth £82bn a year and rising.
The internet allows people right across the world to communicate and co-operate. We have far greater access to information, whether we want to find out what our government is up to or when the next bus is coming. The internet is undoubtedly a force for good in the world. Yet at the same time our increasing dependence on it has also transformed the risks we face. Cyber attacks are one of the top four threats to national security in the UK. Cyber crime costs our economy billions of pounds a year. We cannot stand still in the face of these threats.
The government is taking this threat very seriously. We have rated cyber attacks as a Tier 1 threat and committed £650m to our National Cyber Security Programme to bolster the UK’s cyber defences. Just over a year ago I launched the UK government’s Cyber Security Strategy to ensure we can manage the risks and harness the great benefits of cyberspace. This strategy sets out four key objectives, against which we have already made considerable progress.
Our first aim is to make the UK one of the most secure places in the world to do business in cyberspace. That’s why we are sharpening the law enforcement response to cyber crime – particularly through the creation of the National Cyber Crime Unit (NCCU). The private sector is by far the biggest victim of cyber crime with IP theft and cyber espionage taking place on an industrial scale. A major part of our work is to ensure that industry protects its vital information assets and recognises cyber security as a board-level responsibility. For the first time we have produced amalgamated guidance from the Government Communications Headquarters (GCHQ), the Security Services, and the Department for Business, Innovation and Skills (BIS) on the simple steps to be taken to manage the cyber threats to a business. Industry and government must work together hand-in-hand to tackle these threats.
In the last year we have developed a Cyber Security Information Sharing Partnership, which provides a trustworthy environment for government and the private sector to exchange information on cyber threats and manage responses to cyber attacks. So far over 160 companies have been involved in the pilot scheme from a wide variety of sectors including the defence, finance, energy pharmaceutical and telecommunications sectors.
Our second objective is to make the UK as a whole more resilient to cyber attack and better able to protect our interests in cyberCounter measures Cyber attacks are one of the top four threats to national security in the UK by Francis Maude The government is investing heavily in cyber programmes and policies aimed at increasing security, strengthening resilience and building capabilities against attack CYBER SECURITY space. We have invested heavily in new and unique capabilities for GCHQ which is doing ground-breaking work to identify and analyse cyber attacks to protect our core networks and services. GCHQ has evolved to meet these new challenges, broadening its engagement across government and industry, and maximising our ability to protect our core networks and services.
Our third objective is to help shape an open, vibrant and stable cyberspace that supports open societies. Cyber threats know no geographical boundaries so we need the people we connect to to be secure as well. International dialogue on the key challenges we face in cyberspace is vital and we are actively engaging with a wide range of international fora to promote our approach, such as via our new centre for global cyber-security capacity-building, which was announced in October last year.
Our final objective focuses on building the UK’s cyber security knowledge, skills and capability. The UK as a whole needs to become more cyber savvy if we are to prosper in tomorrow’s digital world. Information technology has become central to how we live yet today most of us only know how to work a device – not why it works. To counter this we are working with industry and academia to enhance skills and education in cyber security across the UK. For example, GCHQ has awarded Centre of Excellence status to eight UK universities conducting cyber security research, while £6m has been set aside for two new research institutes.
Our achievements in the first year have been considerable, we are in a stronger position now and more aware of the risks we face – but we cannot afford to be complacent. There is still much work to do and we have developed a strong plan for the coming year.
Our national approach to cyber incident management, particularly in the light of the successful Olympics, is being reviewed. We are establishing a UK National Computer Emergency Response Team that will improve national co-ordination of cyber incidents and provide a clear focal point for international sharing of technical information on cyber security.
We will continue to build a crucial partnership with business. We have already launched a quality-assured Cyber Incident Response scheme, where organisations can turn for assistance when they have suffered a cyber security incident. This will become fully operational in 2013. We will also be working closely with the private sector and standards bodies to support the development of industry-led “organisational standards” to ensure there is clarity about what good practice looks like for an organisation trying to manage its cyber risk. This will not only give companies clear steps to follow in managing their cyber risks – it will also give customers and investors a clear indicator of whether it is taking these risks seriously.
We recognise as well that cyber security presents an opportunity for UK industry, as demand in the UK and globally grows for vibrant and innovative cyber security products and services. To support this, the government will launch a Cyber Growth Partnership in conjunction with Intellect – the ICT members organisation – to identify how to support the growth of the UK Cyber security industry with an initial focus on boosting exports.
We will also continue to work in partnership with academia to develop skills in cyber security. To underpin the work of the UK’s next generation of doctoral-level cyber security experts we are providing 80 PhD student sponsorship awards thanks to funding from GCHQ, the Engineering and Physical Sciences Research Council, and BIS. We are also working to build cyber security into undergraduate university degrees, in partnership with the Institution of Engineering and Technology (IET). This is being piloted at De Montfort University, the University of Worcester, and Queens University Belfast. From 2015, education in cyber security will be a mandatory component of software engineering degrees accredited by the IET.
The Ministry of Defence is taking forward the development of a Cyber Reserve, allowing the Services to draw on the wider talent and skills of the nation in the cyber field to secure our vital networks. The MoD is also working hard to mainstream cyber security to ensure the coherent integration of cyber activities across the spectrum of defence operations.
On the international front, we will continue to find ways of establishing mutual trust in global cyberspace. The UK has just signed the World Economic Forum’s new set of principles on cyber resilience and they in turn endorsed our cyber security guidance for business as an example of best practice. We will continue to take opportunities to help shape the future of cyberspace in the year ahead, particularly at the international Cyber Conference in Seoul and through the work of OSCE (Organisation for Security and Co-operation in Europe) on confidence building measures and internet governance in the lead-up to the World GCHQ: the home of “ground-breaking” research into cyber threats and resilience Summit on the Information Society in May.
Raising public awareness will remain a key priority for government. We have already backed initiatives such as The Devil’s in Your Details campaign by the National Fraud Authority which highlighted the threat of online fraud to more than four million people, while this spring, in partnership with the private sector, we will launch a package of initiatives aimed at increasing cyber confidence and measurably improving the online safety behaviour of consumers and SMEs.
Clearly cyber security is not an issue for government alone and cyber threats cannot be addressed in isolation. We are all invested in its success, and cyber crime affects us all. The UK is in a much stronger position than it was a year ago, but it is only by building mutual trust and stronger partnerships at home and abroad that will we beat the cyber threat and protect the internet for everyone.
Francis Maude MP is minister for the Cabinet Office