Entitled `The UK Cyber Security Strategy: Protecting and Promoting the UK in a Digital World’ the paper outlines the four main pillars of action it wants the private and public sector to adopt in the run-up to 2015.
Announcing the strategy plan, Francis Maude, the Minister for the Cabinet Office, said the growth of the internet has transformed our everyday lives.
“But with greater openness, interconnection and dependency comes greater vulnerability. The threat to our national security from cyber attacks is real and growing. Organized criminals, terrorists, hostile states, and hacktivists are all seeking to exploit cyber space to their own ends”, he said.
Maude added that, in order to support the implementation of the government’s objectives it has committed new funding of £650m over four years for a transformative National Cyber Security Programme (NCSP) to strengthen the UK’s cyber capabilities.
“One of our key aims is to make the UK one of the most secure places in the world to do business. Currently, around 6 per cent of the UK’s GDP is enabled by the internet and this is set to grow”, he said.
“But with this opportunity comes greater threats. Online crime including intellectual property theft costs the UK economy billions each year. So we must take steps to preserve this growth, by tackling cyber crime and bolstering our defenses, to ensure that confidence in the internet as a way of communicating and transacting remains”, he added.
The four main pillars of the government’s gameplan for cyberspace are:
For the UK to tackle cybercrime and be one of the most secure places in the world to do business in cyberspace.
For the UK to be more resilient to cyber attacks and better able to protect our interests in cyberspace.
For the UK to have helped shape an open, stable and vibrant cyberspace, which the UK public can use safely, and that supports open societies.
And for UK to have the cross-cutting knowledge, skills and capability it needs to underpin all our cyber security objectives.
Whilst the strategy plan has 2015 as a target date, the government says it will review various facets of the plan – and amend as appropriate – each year.
Reaction to the strategy plan has been a little critical, with Ash Patel, country manager for UK & Ireland at Stonesoft describing it as encouraging, although he said he is disappointed to see they are not committing to any research to better understand today’s threats in order to help combat them.
“Today’s hackers have more sophisticated attack methods than ever before, and in order to generate the outlook that the UK PLC in cyberspace is secure, which is obviously something the government is trying to achieve, they need to be working to either slow hackers down or working to build solutions which can protect companies against these advanced threats”, he said.
“If we don’t spend any time researching cybercrime, the cybercriminals will always be one step ahead”, he added.
Over at FireEye, Paul Davis, the firm’s director for Europe, said that the announcement that government wants to reach out to the private sector and cooperate on addressing cyber security issues is welcome.
“The exchange of information, leading to greater visibility, is the first step in seriously tackling this growing threat to the UK. Yet it is the lack of real understanding of the threat landscape, how quickly it’s evolving and the growing threat to UK PLC, coupled with actionable data, which is the biggest hurdle in progressing this initiative”, he said.
“There are a number of security professionals and companies both here in the UK and abroad that could make a significant contribution to this initiative. I trust the recognition of this `new’ threat brings with it a new approach in engaging with the industry. A cyber security hub centred on government but encompassing critical national infrastructure and potentially extending across key industries should be, and can be with the right political support, developed quickly”, he added.
David Harley, senior research fellow with ESET, was also mildly critical, noting that the initiative seems to show a real and justified concern about the level of attacks both the public and private sectors are now experiencing.
“However, my gut feeling is that the proportion of targeted attacks to run-of-the-mill untargeted attacks is probably overestimated. I welcome the fact that the government seems to be aware that the nation’s security is not restricted to those organizations formally recognised as part of the Critical National Infrastructure”, he said.
“It’s a good thing, on the whole, that more generalised cybercrime will be getting some attention as well as the more glamorous but very fluffy topic of cyberwarfare, as in practice it’s not always easy to separate the two”, he added.