As International Trade Secretary, I meet regularly with business and political leaders across the world. One topic that is regularly raised is the way that technology has changed the way we have traditionally thought about our borders. This technology revolution, however, has been something of a Pandora’s Box. While it has allowed information to thrive, it has also been an opportunity for exploitation – changing the nature of crime before our eyes. Threats to cyber security are increasingly organised and transnational with no respect for geographical borders.
That’s why it’s the responsibility of government, to lead the field in our global cyber security standards and to promote the UK’s world-leading expertise and strengthen capabilities in the UK and allied countries.
Over the last year, we have seen a significant increase in the scale and severity of malicious cyber activity globally. In the UK, we have seen the impact of major cyber security incidents, such as the WannaCry attack that affected 48 NHS Trusts.
This was not targeted at the health service or the UK, but does demonstrate the borderless and often indiscriminate nature of the threat. We saw that too in the destructive NotPetya cyber attack in June last year. That was targeted at Ukraine – showing a disregard for their sovereignty – but its reckless release also disrupted organisations across Europe. This cost hundreds of millions of pounds, including here in the UK. The threat is only going to increase, so our resolve to stay ahead must be unrelenting.
The UK has been clear that it will not tolerate such malicious cyber activity and will seek to impose consequences on those who wish to undermine the rules-based international order in this way. Alongside our allies we attributed NotPetya to the Russian military and WannaCry to North Korean actors.
These attacks have real-world impacts – from a patient missing a cancelled hospital appointment to the small business owner losing daily takings. A cyber attack on one of our most well-known Internet Service Providers cost £60m and the loss of 95,000 customers. It is therefore no surprise that CEOs and other leaders are taking this increasingly seriously.
It is absolutely crucial that the UK is protected against this threat and it is the something the government is determined to get right. To meet this challenge, the government has put in place our National Cyber Security Strategy 2016-2021, supported by £1.9bn of transformational investment.
Our vision for 2021 is that the UK is secure and resilient to cyber threats, while prosperous and confident in the digital world. At the heart of the strategy are three core pillars. Defending our people, businesses and assets across the public and private sectors, be they states, criminals or hacktivists – and developing critical capabilities to build skills, support growth and stimulate science and technology. This includes support for UK firms to export to existing and new markets.
Alongside this we are committed to working with our EU and international allies to tackle these unpredictable global threats effectively and partners to build cybersecurity capabilities; as demonstrated by the recent Commonwealth Cyber Declaration and the Prime Minister’s commitment to invest £15m to help Commonwealth countries strengthen their cyber
security capabilities.
We have also created the National Cyber Security Centre, the world-class cyber arm of GCHQ – a leading technical authority on cyber security. The NCSC offers unrivalled real-time threat analysis, defence against national cyber-attacks and tailored advice to victims when incidents do happen.
Since its work began in October of 2016, the NCSC has responded to more than 800 incidents and its Active Cyber Defence has prevented more than 54 million malicious emails spoofing government being sent.
Just recently, the Department for International Trade launched a new Cyber Security Export Strategy setting out how the government will support the UK’s world-leading cyber security firms to take advantage of opportunities not just in protecting the UK’s infrastructure and businesses, but those around the world.
The UK has an established, expert and innovative cyber security sector made up of around 800 companies across a full range of capabilities, with exports of £1.5bn in 2016. As an international economic department we are working to support firms to export their capability to new and existing markets across the globe.
Working with others, the government will do this through a range of activity, including acting as a trusted advisor to support UK companies bidding for major opportunities and having dedicated cyber security representatives at our embassies overseas in priority markets.
We will also promote the financial support for cyber security exports that may be available through UK Export Finance, which works to ensure that no viable UK export fails for lack of finance or insurance.
This is good for our national prosperity through increased exports, but also improves our own national security by ensuring that we have a viable and resilient domestic cyber security industry that is able to help defend the UK from those who would do us harm.
Having good cyber security is a challenge that governments and businesses around the world are becoming increasingly alive to. The pressing need to invest in having the right people, processes and technology with dedicated attention from company boards is crucial for national security and prosperity. My department is at the forefront of showcasing the UK’s world-leading expertise in meeting this vital challenge.