The first year under the Cyber Security Strategy has been described as a success by the minister behind it, as he reported on some of its notable achievements.
Marking a year since the launch of the UK government's Cyber Security Strategy, Francis Maude, minister for the Cabinet Office and Paymaster General, said in a statement that attacks on government departments "continue to increase" and that good progress was being made on the objectives of the strategy and with the £650 million funding.Maude said he was pleased to be able to report on some notable achievements, and pointed to the work of GCHQ in addressing cyber threats and its establishment of a Joint Cyber Unit with the Ministry of Defence, as well as the development of the Security Service with enhanced cyber structures, focusing on investigating cyber threats from hostile foreign intelligence agencies and terrorists, and working with UK victims.
Maude also praised joint operations between the Serious Organised Crime Agency (SOCA) and the Police Central e-Crime Unit (PCeU). “Joint operations between the two units have now been initiated as a first step towards their coming together in 2013 to form the National Cyber Crime Unit of the new National Crime Agency. This will deliver the next step in transforming law enforcement capability to tackle cyber and cyber-enabled crimes,” he said.
Also in this area, funding from the National Cyber Security Programme has enabled Action Fraud to be the UK's national reporting centre for fraud and financial internet crime, operating on a 24/7 basis, while HMRC has established a new Cyber Crime Team to enhance its capability to tackle tax fraud by organised criminals.
Maude praised educational steps in schools and the work of the Cyber Security Challenge, as well as work with the private sector and educational facilities and the Get Safe Online campaign.
He said: “Looking forward, we are clear that there is still much work to do. We will continue the work that is underway, while regularly assessing it against priorities, and taking into account new and emerging threats.
“Our intention is to move towards the establishment of a UK National Computer Emergency Response Team (Cert). This will build on and complement our existing Cert structures, improve national coordination of cyber incidents and act as a focus point for international sharing of technical information on cyber security.”
This follows criticism of communication between Certs and law enforcement in the UK. Maude suggested that a CPNI and CESG-backed Cyber Incident Response scheme will move to become fully operational next year, where organisations can turn to for assistance when they have suffered a cyber security incident.
“The scheme will enable the UK's emerging cyber response industry to grow, bringing further benefit to the UK in terms of skills and business opportunities,” he said.
He also said that the government is to issue mainstreaming cyber security messages across the breadth of its communication with citizens, with HMRC automatically alerting customers using out of date browsers and directing them to advice on the threat this might pose to their online security.
Maude concluded by saying that one year after the publication of the strategy, "a great deal has already been accomplished in our aim of protecting UK interests in cyber space and making the UK one of the safest places to do business online".
“This is not an issue for the government alone. Industry has the potential to lose the most by not rising to these challenges so together we must work to address cyber threats that could undermine our economic growth and prosperity,” he said.
“The past year has created an increasing momentum across the UK at varying levels and across all sectors in addressing a wide range of cyber security threats. We look forward to maintaining this pace, continually assessing our progress as we go forward.”
The UK Cyber Security Strategy is set out to address four objectives:
- To tackle cyber crime and to be one of the most secure places in the world to do business in cyber space
- To be more resilient to cyber attacks and better able to protect the country's interests in cyber space
- To have helped shape an open, stable and vibrant cyber space that the UK public can use safely and that supports open societies
- To have the cross-cutting knowledge, skills and capabilities the UK needs to underpin these other objectives.