During their bilateral meetings in Washington, D.C. this week, President Obama and UK Prime Minister David Cameron have agreed to further strengthen and deepen the cybersecurity cooperation between their two countries, with a range of collaborative cyber-initiatives that include staging “war games” to test bank readiness.
The news comes in the wake of Obama unveiling a sweeping proposal on data breaches, hacking and information sharing; and after Cameron caused a stir by advocating a prohibition on encrypted communications.
Both world leaders addressed the surveillance piece during a joint press conference from the White House’s Oval Office on Friday, with Cameron reiterating the need to be able to intercept suspected terrorist communications (only in extremis and only with a warrant signed by the Home Office secretary).
Obama took a more lukewarm tactic, noting only the need to balance privacy needs with the US’s “ability to operate in cyberspace” with a rational, consistent framework. He also noted the role of tech companies, who would be called upon to establish back doors into customer accounts if governments were allowed to snoop inside encrypted communications. Businesses would need to be able to fulfill their pledges to their customers, Obama noted.
As far as the war games, the initial joint exercise will focus on the financial sector, with a program running over the coming year. The first war game of the set will target the City of London and Wall Street, and involve the Bank of England and commercial banks, which will be followed by "further exercises to test critical national infrastructure,” according to Downing Street.
The UK’s GCHQ and MI5 meanwhile will work with the US National Security Agency and the FBI to create “a joint cyber cell,” with an operating presence in each country. The cell will have colocated staff from each agency.
“[We] agree that the cyber-threat is one of the most serious economic and national security challenges that our nations face,” the White House said, in a statement. “Every day, foreign governments, criminals and hackers are attempting to probe, intrude into and attack government and private sector systems in both of our countries.”
In their joint statement on cybersecurity, both leaders agreed overall to bolster efforts to enhance the cybersecurity of critical infrastructure in both countries, strengthen threat information sharing and intelligence cooperation on cyber issues, and support new educational exchanges between U.S. and British cybersecurity scholars and researchers.
For instance, the two agreed to work with industry to promote and align their cybersecurity best practices and standards, including the US Cybersecurity Framework and the United Kingdom’s Cyber Essentials scheme. Meanwhile, the US Computer Emergency Readiness Team (US-CERT) and CERT-UK will collaborate on computer network defense and sharing information to address cyber-threats and manage cyber-incidents.
The two governments have also agreed to provide funding to support a new Fulbright Cyber Security Award, offering the ability to conduct cybersecurity research for up to six months. The first cohort is expected to start in the 2016-17 academic year, and the U.S.-UK Fulbright Commission will seek applications for this cohort later this year.
And also on the academic front, the Massachusetts Institute of Technology’s Computer Science & Artificial Intelligence Laboratory (located in Cambridge, MA) has invited the University of Cambridge in the United Kingdom to take part in a “Cambridge vs. Cambridge” cybersecurity contest.
“This competition is intended to be the first of many international university cybersecurity competitions,” the White House said. “The aim is to enhance cybersecurity research at the highest academic level within both countries to bolster our cyber defenses.”