The UK government needs to set out a clear timetable for the implementation of its cyber security strategy, former security minister Baroness Pauline-Neville Jones has said.
Neville-Jones, who is now the government's Special Representative to Business on Cyber Security, said that since the government is only starting to implement the policies of the strategy, significant progress will not be seen another 18 months.
"The Cabinet Office does need to plot some metrics, have a timetable and an independent audit. We need much more momentum behind this," she told the Global Strategy Forum in London earlier this week.
The government's lack of a framework for its cyber security strategy implementation has been previously highlighted as an area of concern by BCS, The Chartered Institute for IT and (ICS)2, the global membership body of information security professionals.
In its National Security Strategy in 2010, the government classed cyber security as a top priority for the country. It earmarked £650 million over four years to support the National Cyber Security Programme, and published its cyber security strategy last November.
Neville-Jones reiterated her view that the £650 million funding was just a "first move", and that the implementation of the strategy will go beyond what can be achieved in the same parliament.
"There's going to be much more resource and energy – money, physical and intellectual," she said.
Cyber attacks in its many various forms have been described as major threats to the UK. However, Neville-Jones believes some threats are more urgent than others.
Cyber attacks with a criminal and fraudulent intent behind them are widespread, and need dealing with in the short-term. Whereas the threat of a cyber cold war, or cyber terrorism, for example, are "not centre stage", she said.
"Cyber cold war is a long range issue [and] I think the notion that terrorists are going to invest in a [distributed] denial of service (DDOS) attack as a route to causing trouble to their enemies is rather [less likely] than building a bomb to kill people. Denial of service does not kill people," said Neville-Jones.
"My belief is the urgent issue is to make our own systems secure. That's the absolute, urgent activity we need to do."
Meanwhile, although Neville-Jones admitted that the main consequence of 'hactivism' – as demonstrated by Anonymous – has so far only been reputational damage, rather than capital loss, she believed that it was still a real threat.
"I don't think it's an amusing activity," she said.