UK government calls on all sectors to play a role in cybersecurity

"Everyone needs to accept that the cybersecurity measures applied at work apply equally at home," he told attendees of the National Security 2011 conference in London.

It is not only the members of the armed forces that need to be aware that anyone could be watching what they are doing in cyberspace because of the work they do, he said.

In the digital age, changing behaviour is key to national security, said Harvey, and not only does every citizen have the responsibility of keeping information close, but also of helping to keep the internet safe by following basic cyber hygiene at home, as well as at work.

"Much of the threat can be eliminated by following simple cyber hygiene - keeping software up to date, scanning machines for malware regularly, not opening suspicious e-mail attachments and not posting potentially sensitive information online," he said.

Just as UK citizens have become aware of the need to be on the lookout for suspicious packages and to report them to the authorities, it must become second nature to act safely in cyberspace, Harvey said, with internet service providers, online retailers and business all having a role to play in getting the message across.

Strategy for tackling high-level cyber attacks

Cyber hygiene, however, will not be enough to counter the sophisticated cyber attacks that target critical national infrastructure. It is at this level, he said, the government, business and the technology industry need to form strategic partnerships to tackle the threat.

"Information technology systems underpin the functioning of government, finance and business, so we need to be smart about what we protect, ensuring we include all the systems upon which components of our critical national infrastructure rely," said Harvey.

Security of the national infrastructure extends beyond the physical and requires a new security partnership between government, business, academia and citizens, he added.

"But I don't believe we yet have a full picture of what all the threats and defence capabilities are, and therefore the first step should be to improve information sharing across as many sectors of the UK economy as possible so that a combined response can be made," Harvey said.

While such an initiative would be supported by government, it should be led by industry and complemented with international efforts, he added.

"National security cannot be guaranteed without international action, but there is a lot of work to be done in developing a common understanding of the threats and how best to defend against them," he said.

International agreement for internet security

To that end the UK government is to host an international cyber conference in London in November to bring together representatives of 65 countries to begin the process of agreeing to the "rules of the road" in cyberspace.

The conference will provide the UK with an opportunity to take a leading role in cybersecurity, said Neil Thompson, director of the office of cybersecurity and information assurance (OCSIA) in the Cabinet Office.

"In parallel, there will be a non-government conference, because we believe that securing cyberspace is not the exclusive preserve of nation states," he said.

Thompson said that considering the advances the UK has made in recent months in terms of the national cybersecurity programme, the elevation of cyber issues within all government departments, improved cyber governance across Whitehall, and a joined-up approach to cyber policy, the UK is in a good position to help get the international process off to a strong start.

But he said there is still much to do, including tackling the important human dimension to cybersecurity to improve awareness and to change behaviour.

Thompson, like Harvey, emphasised that cybersecurity is not something that can be achieved by any one sector or nation alone, but requires the participation of all who seek to benefit from cyberspace.

"We have an opportunity before us to capitalise on the high level of interest and awareness around cybersecurity to achieve real change. Let's not waste it," he concluded.

This story was first published by Computer Weekly

What’s Hot on Infosecurity Magazine?