Tories announce plans to establish a new National Security Council and improve international sharing of cyber knowledge
The Conservatives have stated that they will establish a new National Security Council, draw up a new National Security Strategy and conduct a new Strategic Defence and Security Review if the party is elected.
In a green paper, the Tories said that the National Security Council will replace the Ministerial Committee on national security, international relations and development and the ministerial civil contingencies committee. It will include representatives of relevant departments and be responsible for all national security policy decisions.
With regard to cyber security, it claimed that ‘it is difficult to differentiate between cyber events that are believed to be criminal – whether organised criminals or lone individuals and petty hackers – and those that are caused by states or state sponsored actors'.
It also claimed that with the GCHQ, Ministry of Defence, Security Service, Metropolitan Police, SOCA and others working in this area, ‘they share neither a common operating picture nor threat assessment'.
The paper said: “The UK needs to be able to detect and prevent attacks before they hit us. In other words, it needs a proactive and effective capability to respond to cyber attacks. At the moment no organisation brings together all the arms of government to deliver a single response capability, and that is what a Conservative government will task the Cyber Security Operations Centre to do.
“A Conservative government will set up a Cyber Threat and Assessment Centre (CTAC), by building on the existing Cyber Security Operations Centre to provide a common operating picture, threat assessment and situational awareness to users. It will act as the single reporting point for all cyber-related incidents. This will lay the foundation for the development of a National Operations Centre able to respond to cyber events.”
It also called for greater sharing of cyber-related intelligence on a multinational basis to improve situational awareness.
The paper further claimed that the Cyber Security and Information Assurance Unit will have responsibility for setting cyber security policy and standards for all government departments, suppliers to government and critical infrastructure operators on computer, network and information security and information assurance. It will also develop a programme for verification and validation to ensure these standards are met.
Tony Dyhouse, director of the cyber security programme at the Digital Systems Knowledge Transfer Network, believed that this was a positive move to be taken at such a high level.
He said: “I believe this is part of a growing understanding amongst both politicians and businesses of the importance of this issue. What is particularly welcome here is the proposal to open a door to improved international relations. There are concerns about cyber attacks originating from foreign shores, but keeping these nations at arm's length will make this worse.
“We have seen problems around international diplomacy come to the fore in the last few days with Google and China. Opening up a good relationship is the best way to address this. We need good diplomacy as much as we need good technology.
“This plan is a good vision with a lot of sound ideas which I would like to see implemented. This proposal, like others that have been made, relies on improved collaboration. Unfortunately businesses and organisations, particularly in cyber security, have vested interests and aren't always keen to share for fear of losing the competitive advantage. Addressing this silo mentality will be one of the key challenges of any cyber security policy over the next few years.”