The Chancellor, Philip Hammond has today (1 November 2016) formally launched the government’s new National Cyber Security Strategy, which will set out decisive action to protect the UK economy and the privacy of British citizens, while encouraging industry to up its game to prevent damaging cyber-attacks.
Almost doubling the funding commitments of the first strategy which ran from 2011, the new plan outlines:
- how the UK will use automated defences to safeguard citizens and businesses against growing cyber threats
- support the UK’s growing cyber security industry
- develop a world-class cyber workforce
- deter cyber-attacks from criminals and hostile actors
Cyber security is recognised as one of the greatest threats to business around the world, with the global cost of crimes in cyberspace estimated at $445 billion, according to the World Economic Forum’s 2016 Global Risks Report.
Measures within the new National Cyber Security Strategy to keep the UK’s cyberspace safe are therefore crucial to the future of the UK’s economy.
Outlining how cyber security underpins our daily lives such as through domestic devices in our homes and cars, air traffic control and power grids, the Chancellor reinforced how the threat of attacks invade our privacy and threaten our national security and set out how the government plans to deal with it.
The approach on cyber is a core part of the upcoming Industrial Strategy.
He explained how increasingly vulnerable society is to cyber-attacks thanks to the expanding range of connected devices which are creating more opportunities for exploitation; more demand for training and skills; old legacy IT systems used by many organisations in the UK and the readily available suite of user-friendly hacking tools which means everyone from the living room to the boardroom is exposed to malicious hackers.
The Chancellor also emphasised the responsibility that CEO’s have to make sure their organisations are secure against cyber-attacks and the additional support government will give industry and wider society through the new National Cyber Security Centre.
The National Cyber Security Strategy:
Underpinned by £1.9 billion of investment for dedicated actions through three key areas:
The strategy sets out how government will strengthen its own defences as well as making sure industry takes the right steps to protect Critical National Infrastructure in sectors like energy and transport. We will do this through working in partnership with industry - including companies such as the innovative SME Netcraft - to use automated defence techniques to reduce the impact of cyber-attacks by hackers, stopping viruses and spam emails ever reaching their intended victims for example.
The Chancellor pointed to the recent successes of government. Previously a website serving web-inject malware would stay active for over a month- now it is less than two days. UK-based phishing sites would remain active for a day- now it is less than an hour. And phishing sites impersonating government’s own departments would have stayed active for two days - now it is less than 5 hours. The Chancellor also pointed to the recent success of government in reducing the ability of attackers to spoof @gov.uk emails – extracting valuable information from duped receipts. Our recent work saw the spoofing of email@example.com go from 50,000 per day to effectively zero in the past 6 weeks.
Significant investment will go towards taking the fight to those who threaten Britain in cyber-space and relentlessly pursuing anyone who persists in attacking us. This will be done in part through strengthening our law enforcement capabilities to raise the cost of cyber-crime, building international partnerships and being clear that the UK will defend itself in cyberspace and strike back against those that try to harm our country.
This year alone we are recruiting over 50 specialist cyber-crime investigators and technical specialists working within the National Cyber Crime Unit, enhancing their ability to provide a powerful and highly visible investigative response to the most serious incidents of cyber-crime: pursuing cyber criminals at a national and international level. This is part of tens of millions of pounds of investment in our cybercrime law enforcement capability, locally and nationally.
The new plan places strong emphasis on developing the nation’s capabilities to keep pace with cyber threats. We will also increase investment in the next generation of students and experts.
The Chancellor also announced a new cyber security research institute - a virtual collection of UK universities which will look to improve the security of smart phones, tablets and laptops through research that could one day make passwords obsolete.
This builds on a range of cutting edge skills and education initiatives, including cyber apprentices, retraining schemes and an advanced cyber security teaching in schools, which are already being developed.
We are creating the UK’s first cyber security Innovation Centre in Cheltenham, will launch a Cyber Innovation Fund next year to develop innovate technologies and products and are funding training and support for cyber start-ups and academics to help them commercialise cutting edge research and attract investment from the private sector.
These actions will ensure that the UK continues to be the world leading digital nation, building on the successes of the previous strategy.
Chancellor of the Exchequer, Philip Hammond said:
Britain is already an acknowledged global leader in cyber security thanks to our investment of over £860 million in the last Parliament, but we must now keep up with the scale and pace of the threats we face. Our new strategy, underpinned by £1.9 billion of support over 5 years and excellent partnerships with industry and academia, will allow us to take even greater steps to defend ourselves in cyberspace and to strike back when we are attacked.
Ben Gummer, Minister for the Cabinet Office & Paymaster General, said:
No longer the stuff of spy thrillers and action movies, cyber-attacks are a reality and they are happening now. Our adversaries are varied - organised criminal groups, ‘hactivists’, untrained teenagers and foreign states.
The first duty of the government is to keep the nation safe. Any modern state cannot remain secure and prosperous without securing itself in cyberspace. That is why we are taking the decisive action needed to protect our country, our economy and our citizens.
We can be proud that the UK leads the world in cyber security.
Cindy Rose, UK CEO, Microsoft, said:
The mobile-first, cloud-first world holds enormous potential for organisations and individuals to generate new and exciting growth opportunities.
However, there is a corresponding risk that as people increase their technology usage they also increase their exposure to cyber security threats. It is critical for all organisations to strengthen their core security hygiene as well as creating a pervasive security culture through education and awareness.
All participants in the security ecosystem also need to work together to ensure everyone can trust the technology they use. The Chancellor’s announcement is the kind of initiative that the UK needs to protect British citizens from the growing threats we face. We welcome the government’s focus on tackling this significant issue which affects business and individuals alike.