One year after its launch, minister for the Cabinet Office Francis Maude has praised the UK’s Cyber Security Strategy, claiming that ‘a great deal has already been accomplished’.
Some £650 million has been earmarked by the government to spend over a four year period in a bid to tackle cyber crime and make the UK one of the most secure places in the world to do business in cyber space.
“One year after the Strategy’s publication a great deal has already been accomplished in our aim of protecting UK interests in cyberspace and making the UK one of the safest places to business online,” said Maude.
“This is not an issue for Government alone. Industry has the potential to lose the most by not rising to these challenges, so together we must work to address cyber threats which could undermine our economic growth and prosperity.”
He added: “The past year has created an increasing momentum across the UK at varying levels and across all sectors in addressing a wide range of cyber security threats. We look forward to maintaining this pace, continually assess our progress as we go forward.”
Maude cited a number of successes over the past twelve months, including the Police Central e-Crime Unit, which has exceeded its four year operations performance target of averting £504 million of harm within the first year of the programme. According to the Cabinet Office, it has prevented £538 million of harm at a return on investment of £72 harm averted for every pound invested.
He also pointed to HM Revenue & Custom’s newly established Cyber Crime Team, which has been put in place to ‘enhance the department’s capability to tackle tax fraud by organised criminals’.
Maude said: “HMRC’s enhanced phishing capabilities are now leading to the interception of five major threats a day and have helped the department to shut down almost 1,000 fraudulent web site in the last 12 months.”
GCHQ was also praised for its work in tackling cyber security threats.
“Its work underpins our ability to contend with the many challenges of the cyber age that threaten our national security. We have invested in new and capabilities for GCHW to identify and analyse hostile cyber attacks in order to protect our core networks and services and support the UK’s wider cyber security mission,” said Maude.
“I cannot reveal details of this work, but it has broadened and deepened our understanding of the threat, helping us prioritise and direct defensive efforts.”
However, despite Maude’s claims, earlier this year former security minister Baroness Pauline-Neville Jones criticised the government for saying that the strategy’s implementation was too slow.
A senior government official also admitted to the Guardian this week that hostile foreign states have used cyberwarfare to map and attack parts of Britain’s critical infrastructure. The official said: “Yes. The owners of national infrastructure in this country are being supported and have been supported by the Centre for the Protection of National Infrastructure for many years in cyber and information security but also in physical security.”
However, Maude also outlined a number of initiatives that will be implemented over the next twelve months to further bolster the UK’s cyber defences.
For example, the government is developing a permanent information sharing environment for government and business called CISP (cyber-security information sharing partnership), which will be launched in January 2013.
He said: “This has been a joint industry/government design. Initially, this will be open to companies within Critical National Infrastructure sectors, but we intend to make membership available more broadly, including to SMEs, in a second phase.”
The government is also looking to develop a ‘Cyber Reserve’, which will allow the Ministry of Defence to draw on wider talent and skills of the nation in the cyber field. The services will engage additional experts to support the MoD’s work in defending against the growth in cyber threats.
A forward looking plan released by the Cabinet Office said: “These will be supporting roles to the Joint Cyber Units across the full spectrum of cyber and information assurance capability. A series of events are being held with industry on how the scheme will work.”
An announcement about the ‘Cyber Reserve’ will be made in spring 2013.
Maude also highlighted the importance of education. He said that the UK needed to ensure it could call on ‘cutting-edge skills and research’. Consequently, the UK Department for Business, Innovation and Skills and the Engineering and Physical Sciences Research Council will fund two Centres of Doctoral Training (CDT).
These centres will deliver a minimum of 48 PhDs over their lifetime with students starting in October 2013.
The CDTs will call on a ‘wide range of expertise to deliver multidisciplinary research and so help to provide the breadth of skills needed to underpin the work of the UK’s next generation of doctoral-level cyber security experts’.
Maude has confirmed that he will release a similar progress report next year to assess the progress of the Strategy so far.