Today the Secretary of State for Business, Innovation and Skills, Vince Cable, hosted a summit bringing together regulators for the financial, water, energy, communications and transport sectors with ministers and senior officials from the security and intelligence agencies to discuss working in partnership to address cyber threats to our essential services. The group was briefed on the cyber threat and on the role already being played by the Bank of England and OFCOM, before agreeing a range of common actions to be taken forward by all participants.
At the first summit of this kind, Vince Cable said:
Cyber attacks are a serious and growing threat to British businesses, but it is particularly important that those industries providing essential services such as power, telecommunications and banking are adequately protected to avoid disruption to our everyday lives.
We can only achieve this objective through a partnership between government, the regulators and industry. Today’s event marks the next step in highlighting the important role of the regulators in overseeing the adoption of robust cyber security measures by the companies that supply these crucial services.
Andrew Bailey, Deputy Governor Prudential Regulation, Bank of England and CEO of the Prudential Regulation Authority stated:
As we noted at the event today hosted by the Secretary of State for Business, it is essential for financial stability that the UK financial system and its infrastructure continues to work towards improving its ability to withstand cyber-attacks. To support this, the Bank of England will also publish today the findings of Waking Shark II, an exercise which tested the response of the wholesale banking sector to a simulated cyber-attack, which is part of the ongoing work recommended by the Financial Policy Committee to improve and test resilience.
Today’s meeting is an important opportunity, bringing government and regulators together, in partnership, to discuss the nature and extent of cyber threats to their respective sectors. The role that regulators such as the Bank of England and OFCOM are already taking to embed cyber security in their sectors is vital, as set out in a joint communique outlining steps that government and regulators agree to undertake to help manage cyber risk across each sector.
Notes to editors
The joint communique outlines steps that government and regulators agree to undertake, such as:
- exercises to test procedures and resilience (similar to the Waking Shark I and II exercises conducted by the financial sector)
- the adoption of security standards and auditing against best practice such as Ten Steps to Cyber Security
- information sharing through initiatives such as the CISP (Cyber Security Information Sharing Partnership)
The CISP was launched in March 2013. It is funded by the National Cyber Security Programme and brings together The Cyber Security Information Sharing Partnership (CISP). It delivers a key component of the UK’s cyber security strategy in facilitating the sharing of information on cyber threats between government and industry. The CISP currently has around 300 companies across a range of sectors and includes the introduction of a secure virtual ‘collaboration environment’ where government and industry partners can exchange information on threats and vulnerabilities in real time. The Cyber Security Information Sharing Partnership is complemented by a ‘Fusion Cell’ supported on the government side by the Security Service, GCHQ and the National Crime Agency, and by industry analysts from a variety of sectors. They will work together to produce an enhanced picture of cyber threats facing the UK for the benefit of all partners. The CISP was involved in the financial sectors’ Waking Shark II Cyber Security Exercise run in November 2013.
The National Cyber Security Strategy, published in November 2011, provided government with a framework and objectives in tackling cyber threats, promoting awareness and providing a growing platform of strong private sector partnership. The strategy is supported by £860 million of funding from the National Cyber Security Programme which has helped put in place new initiatives and structures as part of the government’s response to growing threats in cyberspace.
In December 2013, government published the second annual report on progress against the strategy, achievements and spend on the NCSP as well as forward plans.
The NCSS has 4 objectives:
- to make the UK one of the most secure places in the world to do business in cyberspace
- to make the UK more resilient to cyber attack and better able to protect our interests in cyberspace
- to help shape an open, vibrant and stable cyberspace that supports open societies
- to build the UK’s cyber security knowledge, skills and capability
The NCSS sets out how the UK will support economic prosperity, protect national security and safeguard the public’s way of life by building a more trusted and resilient digital environment. It makes clear how the investment through the National Cyber Security Programme is being used and which departments are responsible for which actions, and it outlines how the government will take the opportunity to promote growth and minimise the economic impact of cyber attacks by cementing a new partnership with the private sector.
The £860 million programme funding provides backing for work to improve the UK’s cyber security capability but government can’t do this alone. Our whole approach hinges on building effective partnerships between government, law enforcement agencies, academia and the private sector. We’re also encouraging organisations within these spheres to work in partnership with each other.