Minister Chloe Smith delivered a speech at the Cyber Security Summit on 6 November 2012.
It’s a pleasure to be here this morning and to have this valuable opportunity to speak to you about the steps we have taken over the last year to deliver a pioneering Cyber Security Strategy for the UK that delivers security, innovation, skills and economic growth.
The internet is a massive force for good in the world - driving growth, reducing barriers to trade and allowing people across the world to communicate and co-operate; and today there are over two billion people online with billions more set to join them in the next decade.
The growth of the internet has revolutionised our working and social lives in the last twenty years which means that today we are all deeply invested in its continuing success.
In the UK we necessarily take cyber threats extremely seriously. The UK has a growing digital economy and the internet accounts for 8% of our GDP so it is important that we work together to maintain people’s confidence in doing business online.
But we can’t bury our heads in the sand when it comes to the darker side of the internet.
Cyber attacks are one of the top four threats to our national security and cyber crime is costing our economy billions of pounds a year. As businesses and government move more of their operations online and our networks and systems become more inter-connected, so the scope of potential targets will continue to grow.
So what is the government doing to address this?
We take the threat from cyberspace very seriously and in a tight financial situation we have secured serious government investment of £650m over 4 years from 2011 in the National Cyber Security Programme to bolster the UK’s cyber defences. Last year we launched the cross-government Cyber Security Strategy which sets out how we will support the UK’s economic prosperity, whilst protecting its national security and safeguarding the public’s way of life through building a more trusted and resilient digital environment.
Government can’t do this alone of course - and our whole approach hinges on building effective partnerships between government, law enforcement agencies, academia and the private sector; and we’re also encouraging organisations within these spheres to work in partnership with each other. But more on this later.
It has been about a year since we launched the strategy. We have made significant progress to date but government needs to maintain public and industry awareness of the threat from cyberspace. We must ensure that our response to it through the Cyber Security Strategy and our successes in delivering against the Objectives is continually explained and championed to the public, media, parliament, ministers and the Treasury. Francis Maude will deliver a statement to the House in December. However in the interim, I thought that I would outline some key achievements.
Law enforcement and security
In the Cyber Security Strategy we clearly stated that one of our key aims was to tackle cyber crime and make the UK one of the most secure places in the world to do business online. One of the principal ways we are seeking to deliver this is through investing in law enforcement and security.
In GCHQ we have world-class expertise on cyber security and so we are investing significant National Cyber Security Programme funding in GCHQ so we can better understand the threat to the UK, improve our ability to detect attacks and develop and sustain world class cyber capabilities in order to respond and give the UK a competitive edge in the global cyber security sector.
We have also boosted investment in cyber crime enforcement with £63 million of new funding and the government has invested in our law enforcement capability to detect and apprehend cyber criminals through increased staffing in the police e-Crime Unit and Serious Organised Crime Agency. Three new regional policing e-crime hubs have been launched to support the outstanding work of the Met Police’s specialist e-crime unit.
Working with academia
While the online world has grown exponentially, cyber security skills and capability are not increasing at a comparable rate. Our ability to defend ourselves in cyberspace depends upon a strong skills and knowledge base and the government has a long term aim to build these and develop a skilled workforce, starting now.
In the UK we have a world-class cyber security sector, and the current demand for young talent is set to grow. Unfortunately it will take a number of years to resolve the skills gap we currently have and government has put in place a series of short and long term measures within the private and public sector to address this.
Closing the IT skills gap must start in the classroom and we have already announced changes to the ICT curricula within secondary education. However there is also a need to address the immediate shortfall we need qualified individuals within the existing professions who are capable of bridging the skills gap in the short term. government is working with organisations such as the Cyber Security Challenge, e-Skills UK and the Institute of Engineering and Technology to look at how we can retrain people who are mid-career. We are in the first stages of looking at the development pathways that we can put into place so that these people can move into a cyber security career.
We are also looking at developing the community of cyber security research being carried out in the UK. In March of this year GCHQ awarded 8 UK universities “Centre of Excellence” status in recognition of the world class research in the field of cyber security that has been conducted.
The Centres of Excellence will help make the UK - government, business and consumers - more resilient to cyber attack by extending knowledge and enhancing skills in cyber security and in the longer term will position the UK cyber research community as the pre-eminent environment in which to conduct leading edge research. This in turn will attract the best academics and research students in the UK and from overseas
This was followed in September when the first Research Institute for the Science of Cyber Security was established and this again demonstrates how government, industry and academia is working together to make the UK more resilient to cyber attacks.
To help apprentices, the Foreign Secretary recently announced a new programme which will help to identify and develop talent in school and university age students and give opportunities to 70 new recruits in GCHQ and our other Intelligence Agencies.
Working with the private sector
In government we’re preparing the groundwork for building a more trusted and resilient cyberspace but as I stated earlier clearly we can’t do this alone - the private sector is the largest victim of economic crime and espionage, perpetrated through cyberspace and much of the infrastructure we need to protect in the UK is owned and operated by the private sector.
Partnership between the public and private sector is therefore crucial - working together to make the UK one of the most secure places in the world to do business. There are challenges to delivering this but I would like to highlight a few of the areas where there have been real successes
The launch of the Cyber Security Strategy heralded a new era of unprecedented cooperation between the government and industry on cyber security and we have been working closely with industry to raise awareness of the threat to reputation, revenues and intellectual property from cyber attack and identify ways in which this can be mitigated.
One of our key initiatives to address this has been the creation of the joint public/private sector cyber security forum which allowed government and the private sector to exchange actionable information on cyber threats and to manage the response to cyber attacks.
The hub was set up on the back of the Prime Minister’s meeting with top businesses and included organisations from a range of sectors. After a successful pilot, the forum is now moving towards full operational capability. Membership will be expanded to include other organisations and sectors and this will further strengthen the UK’s position as a secure place to do business.
In September government launched the Cyber Security Guidance for Business at an event attended by FTSE 100 CEOs and Chairs, Ministers from the Department for Business, Innovation and Skills (BIS), Foreign Office, Cabinet Office, Home Office and senior figures from the intelligence agencies. The new guidance, produced by the CESG (the Information Security arm of GCHQ), BIS and the Centre for the Protection of National Infrastructure (CPNI), will help the private sector minimise the risks to company assets.
It offers some high level questions to assist board-level executives and support them to determine their critical information assets, aid them in their strategic level risk discussions and help them ensure that they have the right safeguards and cultures in place. Accompanying documentation focuses around key points of risk management and corporate governance and includes some anonymous case studies based on real events. The Guidance may be downloaded from the BIS website.
The private sector also has a key role to play in raising awareness and a prime example of this is Get Safe Online - a joint public and private sector initiative with significant private sector support which does important work in improving awareness of cyber security amongst the general public and small businesses. Tony Neate is speaking later this morning so I won’t steal his thunder but Get Safe Online recently completed its 7th annual Get Safe Online Week - promoting simple advice and information to people about how to stay safe online and I did my bit to help in recording a tip as part of their “click and tell” campaign to pass on good advice on staying safe online and met Tony and his team when they were in London as part of the week.
Another example of the partnership approach is Cyber Security Challenge UK - a government, industry and academia supported initiative aimed at improving skills and capability in cyber sector. The Challenge uses innovative approaches to recruit new and young talent into the security sector to bridge the skills gap and this benefits both public and private sectors. Since its launch in 2010, hundreds of competition entrants have met the country’s leading employers at face to face competitions and networking events, over £130,000 of career enabling prizes have been awarded to competition winners and we know of at least 20 candidates who are now in jobs as a direct result of playing the Challenges’ competitions.
This sharing of information and resources that is a key part of our approach to cyber security isn’t just important on a domestic front. The cyber threat knows no geographical boundaries and so international co-operation is also crucial.
The government has led the international debate on cyber security and in November 2011 we hosted The London Conference on Cyberspace which marked the beginning of an international dialogue for building a secure, resilient and trusted digital global environment. It aimed to initiate a worldwide conversation on the future of the Internet and how we might establish certain norms of behaviour in cyberspace.
This was followed up by a further conference in Budapest earlier this month where we announced £2m funding for a Global Centre for Cyber Security Capacity Building which will enable industry to back initiatives to tackle cyber crime and improve cyber security across the globe.
The Centre will be based within the network of UK University Centres of Excellence and will provide a credible source of information for industry and government organisations, bringing together those who have an interest in improving cyber security globally. This is simply about sharing what works in one country and identifying where it could work in another.
This international dialogue will continue in Seoul in 2013 and officials are already working with the South Koreans on building upon the achievements of London and Budapest.
It is almost one year since we launched the UK Cyber Security Strategy
We need to get ourselves into a position where law enforcement is beating cyber criminals; businesses and citizens know what to do to protect themselves; and threats to our national infrastructure have been confronted.
In the 12 months since the launch of the Strategy we have taken steps, some significant, towards this position and Francis Maude will be making a statement later this year on our progress against the objectives of the Strategy one year on.
But we still have to work together - to share our resources, skills and intelligence. Only through strong partnerships between government, industry and academia, can we continue to enjoy the many and still emerging benefits of a networked world.
I would like to thank you again for this opportunity to talk to you about the government’s approach to delivering cyber security for the UK and I wish you a successful and informative Summit.