In his keynote presentation at the Cyber Security Summit in Westminster today, Maude ran through some of the UK government's work in the field over the last two years, from the launch of the £860 million Cyber Security Strategy in 2010 to the creation of CISP, CERT-UK and Cyber Essentials.
“Normally my day job is about trying to save money. And when you consider the pressures on spending across government, I think the fact we're prepared to invest such a large sum in beefing up our cyber resilience is an indication of just how seriously we take this issue."
And yet despite these efforts, much of Maude's presentation focused on the need for private-public partnership. He said that the “government cannot possibly have all the answers” in the area of cyber and instead says that there is a shared responsibility as the internet is “simply too complex for a single organisation to respond alone.”
“It's crucial that private and public sector come together at the events like this so we can protect ourselves online,” he said. “My message is we must continue to work together – only be doing that consistently and in real-time will we be able to combat threats effectively.”
Digital and taking your own medicine
Maude, however, wasn't totally downbeat on the cyber threat saying that these risks are resulting from a prospering internet economy where governments and businesses are looking to digitise their services.
As an example, Maude pointed to the government's own efforts to digitise 25 ‘high-volume' public services, such as the gov.uk website – which received its one billionth visitors last month after just two years. Such has been its success that the US Digital Service has been established, largely imitating the UK's efforts.
As part of this move to digital services, the government is also taking its own medicine, using Cyber Essentials at departmental level and with contractors. And to highlight how rapidly things change in cyber, Maude detailed that it's tearing up long-term and heavy contracts and instead reviewing these on a bi-annual basis.
The government now stipulates contracts should be no bigger than £100 million and shouldn't have hosting contracts more than two years old as ‘hosting prices change every 18 months'.
Promoting start-ups and new talent
Attention inevitably turned to the cyber-security skills gap but while another senior civil servant detailed government efforts to up-skill staff using the 10 steps guide, MOOC courses and other avenues, the cabinet minister instead chose to point a more positive focus on emerging UK start-ups.
“We also want to work with cyber businesses. Last today I am off to Worcestershire to visit the cluster of small cyber-security firms that belong to the Malvern Cyber Security Cluster and to meet some of the brilliant people they employ,” said Maude, adding that the number of companies has grown from 45 to 75 to a point where it's known as ‘Britain's cyber-valley'.
These firms are exporting their products all over the world – Titania now exports software to 60 countries and this week is opening new premises. Maude says that UK government hopes cyber firms like these export £2 billion worth of cyber products and services by 2016.
He added that there are plans for other clusters in areas such as Cambridge, Bristol, London, Southampton and Brighton.
“We can't just look in the normal places; some of the best people in this area are self-taught.” He pointed to Bletchley Park as an example that shared brainpower, finding and nurturing talent has worked in the past and it's in the UK's interest to ‘support a modern day equivalent.'
"The cyber threat is nothing that cannot be matched and defeated through human ingenuity or expertise, which is why we've got to get better at identifying and developing people with talent so they can help keep us secure."