Government's cyber security strategy proposes expansion of GCHQ, police training and a national hub
Government's cyber security strategy proposes expansion of GCHQ, police training and a national hub

The government's cyber intelligence centre at GCHQ is to offer expertise to British companies.

Speaking this morning, minister for the Cabinet Office and Paymaster General Francis Maude MP said "the growth of the internet has transformed our everyday lives, but with greater openness, interconnection and dependency comes greater vulnerability".

The government classified cyber security as a priority last year, alongside international terrorism, international military crises and natural disasters; it committed funding of £650m over four years for a National Cyber Security Programme (NCSP) to strengthen the UK's cyber capabilities.

“One of our key aims is to make the UK one of the most secure places in the world to do business. Currently, around six per cent of the UK's GDP is enabled by the internet, and this is set to grow,” Maude said.

“But with this opportunity comes greater threats. Online crime including intellectual property theft costs the UK economy billions each year. So we must take steps to preserve this growth, by tackling cyber crime and bolstering our defences, to ensure that confidence in the internet as a way of communicating and transacting remains.”

Among the plans is a new national cyber security ‘hub' that will allow the government and businesses to exchange information on threats and responses. Maude also said that there are plans for a cyber crime unit within the National Crime Agency, which will build on the work of the Metropolitan Police's eCrime Unit by expanding the deployment of ‘cyber-specials', giving police forces across the country the necessary skills and experience to handle cyber crimes.

A single reporting system to report financially motivated cyber crime through the existing Action Fraud centre will also be launched, while Maude admitted the need to update the critical national infrastructure and update the military's defence capabilities "for a new cyber world".

The government will also strengthen the role of the Centre for Protection of the National Infrastructure (CPNI), increasing its reach to organisations that have not previously been considered part of the critical infrastructure.

Finally, it will work with ISPs to create a voluntary code of conduct, to help people identify if their computers have been compromised and advise them on what action to take.

Maude said the private sector has a crucial role to play, and the strategy outlines how "a real and meaningful partnership" will be formed between government and the private sector in the fight against cyber attacks.

“We will work with the business services sector to raise industry awareness. We will also work with industry to develop private-sector-led standards for cyber security that help consumers navigate the market in security products and give firms that are good at security the means to make it a selling point,” he said.

Martin Sutherland, managing director of BAE Systems Detica, said: “In a nutshell, cyber security has become about minimising the harmful effects of cyber attacks and maximising the economic opportunities that the reduction of the threat would bring.

“This is an attractive vision, but no one should underestimate either the scale of the ambition or the complexities it raises. Things now need to happen quickly – this is not a theoretical debate. Cyber attacks are here and now, occurring on a daily basis, and the impact is very real.”

Ross Parsell, director of cyber strategy at Thales UK, told SC Magazine that following some false starts, the strategy would be welcomed by UK PLC and small- to medium-sized enterprises.

He said: “This is about how to get more information to the individual; Get Safe Online is mentioned a few times in this, and that puts some more weight behind it.

“This is part of what I've been involved with since March. We have looked at the concept as industries share information on how to deal with fraud, but also on how to share across sectors to what is a trusted piece of information. This is a culture shift from GCHQ, which needs to come out of the ‘dark world' and share more information; that is the idea of the hub, to add some intelligence to the output. A pilot will start in December, with a review to roll it out next March.”

Asked on what he though of the £650m fund, Parsell said he felt that the money had been allocated well, as it will help educate the greater industry.

He said: “Cyber security needs to be raised out of the IT department to be a business risk. IT may have a solution, but as we saw with Sony, it can impact share price, so it is a risk for the board. From a Thales perspective, we welcome this as it sets the ground rules with good objectives.”