Chancellor Philip Hammond has launched the new UK cybersecurity strategy, built on developing future talent, protecting what we have, and identifying the malicious few.
Speaking at the Microsoft Future Decoded conference in London, Chancellor of the Exchequer Philip Hammond launched the government’s National Cyber Security Strategy for the next five years which he said is built on three core pillars: defend, deter, develop. “This is under-pinned by £1.9 billion of transformational investment,” he said.
Hammond confirmed that some UK services were tied up in the recent IoT-enabled attack on Dyn, but said that services were recovered fast, while attacks using spear phishing, on insecure code and weak cryptography were prominent.
“These attacks demonstrate serious consequences such as significant loss of data, financial costs, disruption of services, reputational damage and threats to the infrastructure of the state itself,” he said. “We have to respond to this threat and by addressing it here in the UK we start from scratch. In the last parliament we invested £860M over five years to significantly enhance our government networks, improve our incident response and tackle cybercrime.
“We must keep up with the scale and pace of the threat that we face. So today, I am launching the government’s National Cyber Security Strategy for the next five years.” He said that the three pillars are all supported by the new National Cyber Security Centre, which will offer a dedicated and outward-facing authority on cybersecurity issues.
Hammond said that trust in the internet is vital as without it, trust in all digital benefits will fall away. “We need a secure cyber-space and we need to work together to deliver it.”
Hammond said that government and critical national infrastructure will be strengthened, while working with industry taking a more active cyber-defense approach. “Supporting industry’s use of automated techniques to block, disrupt and neutralize malicious activity before it reaches the user; the public have much to gain from active cyber-defense and with the proper safeguards in place to protect privacy, these measures have the potential to be transformational and ensuring UK internet users are secure by default,” he said.
Hammond said the government will deter those who “seek to steal from us, threaten us or otherwise harm our interests in cyber-space”. This would involve boosting policing, and investment in offensive cyber-capabilities as there was a need to “detect, trace and retaliate in kind” as this was likely to be the best deterrent.” He said that “turning the other cheek” was not an option, and developing a full counter-offensive capability was needed, and it was the government's duty to demonstrate that they cannot act with impunity.
Hammond said that we will develop the capabilities we need in our economy and society to keep pace with the threat in the future, and investment will be made in the next generation of students, experts and businesses. “I can announce that we are creating our next cybersecurity research institute, a virtual network of UK universities that are dedicated to technical research and supported by government to focus on hardware and will look to improve the security of smartphones, tablets and laptops through innovative use of novel technology,” he said.
The strategy follows on from George Osborne’s announcement from November 2015, and Hammond called it a major step in the fight against cyber-attack. “It is a key component for the government’s ambition for Britain to be the best place in the world to run a tech business, and it sets out how we intend to deliver that partnership with business to achieve that objective,” he said.
Paul Briault, Director of Digital Security and API Management at CA Technologies, said: “The government’s plans to increase national cyber-defense efforts are a positive move, providing reassurance for businesses and consumers at the same time as bolstering our national security.
“Businesses and government agencies will need to work together to assess the security needs of enterprises and their responsibility for protecting customer data, without hindering the work that intelligence agencies need to do in order to protect the country from criminals and potential terrorist attacks.”
James Tolfree, UK Director at Cryptzone, said that talk of ‘Strike back’ represents quite a change in mindset, as this recognizes that the cyber-space is the new battleground.
“You can’t be in a battle space with only a defensive position, especially when dealing with state-sponsored cyber-attack strategies,” he said. “The reality is of course that cyber-defense is the responsibility of us all. Government should lead much of the initiative but the responsibility and cost needs to be borne by government, industry and us as individuals; in much the same way we expect government to lead on other areas of crime, but it is all our responsibility to make sure our homes are fitted with adequate locks and alarms, and that we use them.
“It is a little too early to say what this will mean for cybersecurity in the UK," Tolfree continued. "It is encouraging that part of the funding has been ear-marked for training cybersecurity professions as there is currently a noticeable skills-gap here in the UK. It is also encouraging that funding will be available to innovative start-up cyber security businesses. The UK has long been respected for its skills in this sector, but in order to maintain this position, strong investment from both government and industry is needed.”