On 4 October 2012, Minister for the Cabinet Office Francis Maude made a speech on cyber security to Budapest Conference on Cyberspace.
Go back just twenty years and the internet was the preserve of a small group of academics, scientists, researchers.
Today there are over two billion people online - with billions more set to join them in the next decade. But it took this initial group of experts, internet evangelists as they’ve been called, to make it go global.
These were people who travelled overseas to make the first internet connections and the rest is history.
The growth of the internet has simply revolutionised our working and social lives in the last twenty years - which means that today we are all deeply invested in its continuing success.
And as you know we have a shared challenge - one that transcends national and organisational boundaries - to ensure all countries can continue to enjoy the wonders of the internet. In the UK we necessarily take cyber threats extremely seriously. 8% of our GDP is driven by the internet and this is increasing.
A key pillar of my government’s agenda for creating better and cheaper public services in a time of fiscal constraint is to make them digital by default.
Which means the UK like the rest of the world is increasingly reliant on the security and resilience of our inter-connected networks and systems operating in cyberspace.
In response we are raising our game, securing serious government investment on cyber-security. Our National Cyber Security Strategy published last year, aims to make the UK one of the safest places to do business online.
Government can’t do this alone of course - and our whole cyber security programme hinges on building an effective partnership between government, law enforcement agencies and the private sector. We’re also encouraging private organisations to work in partnership with each other.
One of our key initiatives has been the creation of a joint public/private sector cyber security ‘hub’ to allow us and the private sector to exchange actionable information on cyber threats and manage the response to cyber attacks. But this kind of sharing of information and resources to fight a common challenge isn’t just crucial on a domestic front. We also need to team up on an international front.
The cyber threat knows no geographical boundaries and it matters to every country that those we connect with are secure too.
It’s very clear that the faster cyber security capacity can grow globally the quicker our online community becomes more secure.
The UK is already working with a wide range of governments, international partners and the private sector to tackle cyber threats. For example our Serious Organised Crime Agency’s cooperation with international partners has enabled the recovery of nearly two million items of stolen payment card data since April last year, worth approximately £300million.
But while there are many initiatives for international collaboration on cyber security they are not yet as coordinated as other transnational threats such as terrorism and narcotics. What’s more while the online world has grown exponentially - cyber-security skills and capabilities are not increasing at a comparable rate. The demand and need is global - the skills, the knowledge, the resources needed are not being shared fast and widely enough.
A wide range of international organisations and bilateral aid are attempting to address this. As we know there are growing levels of effective private sector intervention - Ebay’s work with the Romanian police to counter cyber gangs and Microsoft’s work against botnets being prime examples. But clearly there’s more to be done - we need to do more to close the gap between supply and demand.
The UK’s response
The UK government will of course continue to support financially, politically and through experts’ involvement - the cyber security initiatives around the world.
And we will also consider additional funding to support these initiatives - but we will want to be confident of what capacity building is really working; and see improved, sustainable impact and value.
Which is why, on top of our existing commitments, we are creating a new fund of £2m per annum and out of this we will fund a new centre to drive Global Cyber Security Capacity Building. This centre will be based out of one of our leading Universities in cyber security expertise, comprising of specialist researchers and an outreach team to ensure that it will be used as an international resource. We’re not trying to duplicate the work of the many excellent schemes out there here - indeed that’s the last thing I would want to do. This centre is very simply about sharing what works - much faster.
So how will this work in practice?
Firstly the centre will operate like a kind of Trip Advisor for cyber security. It will map what’s out there. So whether you’re a developing country looking for independent advice, or whether you’re a business with an interest in backing a cyber safety initiative - you’ll be able to get a full picture of what’s available and work out which, of all the options out there, is the right one for you.
Secondly and linked to this, the centre will research and assess what does and doesn’t work. I’m a great believer in openness driving improvement and this centre will improve the metrics we use for assessing value for money in cyber security schemes and drive accountability. After all these are precious resources we’re talking about - we’ve got to spend them wisely.
Thirdly and finally we know what we’re doing at the moment isn’t enough. We need to do much more when it comes to identifying and plugging the gaps in the global provision of cyber security. This isn’t just about money. It’s about increasing access to and sharing our skills and knowledge. So the centre will bring together the people who have a stake in cyber safety and the people who are experts in tackling cyber crime. And it will build a virtual global community where governments and organisations can share best practise and lessons learnt, and team up to tackle particular threats that need more than a national response.
We all know that the internet is a great force for good in the world - driving growth, reducing barriers to trade and allowing people across the world to communicate and co-operate.
It has forced governments into greater transparency and helped give the unheard a voice. Falling costs mean accessing the internet will become cheaper and easier, allowing more people around the world to use it - driving the expansion of cyberspace further and the value of using it.
But now we’ve built the internet we need to protect it from those people who want to exploit it for their own harmful ends. It’s a race: to build sufficient global capacity to match the growing volume and dependence of our online economic, security and social interests.
Which is why this conference is so important. It’s a race we can only win if we work together, not limited by the legal and political boundaries of our states or the boundaries of commercial interests.
This is a shared challenge and we all share a responsibility to meet it.