The UK commited £650m to tackle cyber crime and introduced a new “cyber security hub” to help protect the private sector

Satellite dishes at one of GCHQ's listening posts in Cornwall

Recognising the risks posed by recent hacking attacks, the UK Government on Friday (November 25) released an updated Cyber Security Strategy and pledged an extra £650m to tackle cyber security challenges.

The National Cyber Security Programme (NCSP) is devoted to “tackling cyber crime”, making the UK more resilient to cyber attacks and, encouragingly, the NCSP also acknowledged the need to help protect the private sector from attack.

The document, which is an update of the first cyber security strategy announced in 2009, commited £650m to tackle a wide range of challenges, including help to educate internet users about best practices such as keeping anti-malware software up-to-date and ensuring that critical infrastructure is robust.

The Government also created a new group within GCHQ (Government Communications Headquarters) with the aim of developing “new tactics, techniques and plans to deliver military effects, including enhanced security, through operations in cyberspace” (StrategicRISK is trying to secure the head of this unit as a speaker at the next SR100 meeting—Ed).

The UK will take a “proactive approach to tackling cyber threats and exploiting the cyber environment for our own national security needs”, according to the announcement.

Acknowledging that private sector companies are overwhelmingly on the front line of the cyber threat, the UK government recognised the importance of engaging the private sector in improving the state’s national security in cyber space.

The government is relying for the delivery of national security on the fact that it should be in businesses’ own economic interest to improve their state of cyber security and in many cases that is true

Henry Harrison, technical director at intelligence company BAE Systems Detica

Part of the strategy is the introduction of a cyber security hub, a platform that will enable the public and private sector to exchange information on cyber threats. The initial pilot will cover the defence, telecoms, finance, pharmaceuticals and energy sectors.

Henry Harrison, technical director at intelligence company BAE Systems Detica, said that the success of this strategy will have to be judged by the value it delivers to the private sector.

“The key question is what concrete steps the government now takes which are able to help the private sector to improve their level of security. Clearly the government is relying for the delivery of national security on the fact that it should be in businesses’ own economic interest to improve their state of cyber security and in many cases that is true,” said Harrison.

He added that national interests might not align perfectly with economic interests in all areas because of the cost associated with security.

“There are certain types of risks which private sector companies find hard to carry on their own. Particularly high impact risks, such as cyber warfare or foreign nation state threats to critical infrastructure.”

“The government is right to assume that there is a shared interest between government and private sector to improve security, the question is whether the level the private sector wants to reach is sufficient for our national security and that’s something that we expect to find out over the next handful of years.”

The strategy update is timely considering the amount and extent of cyber attacks over the past two years and the preparedness of the private sector in general.

In its Global Economic Crime Survey published recently, PricewaterhouseCoopers revealed that 40 % of companies surveyed don’t have the capability to detect and prevent cyber crime.

“I wish I could say I was shocked by these stats, but the volume and severity of breaches this year have made it patently obvious that many organisations have severely limited visibility into what exactly is happening within their own systems,” commented Ross Brewer, vice president at LogRhythm.

Topics