In an announcement yesterday, the government released its 24-page ‘National Cyber Security Strategy 2014: progress and forward plans' document to parliament which summarises the various activities and schemes carried out over the last year as well as the four key objectives of the strategy. These are as follows;
- Making the UK one of the most secure places in the world to do business in cyber-space
- Making the UK more resilient to cyber-attack and better able to protect the country's interests in cyber-space
- Helping shape an open, vibrant and stable cyber-space that supports open societies
- Building the UK's cyber-security knowledge, skills and capability.
In the announcement, cabinet minister Francis Maude said that these objectives are backed by the £860 million National Cyber Security Programme, money which is going on improving the national sovereign capability for ‘detecting and defeating' high-end cyber-threats, ensuring law enforcement has the appropriate skills and capabilities to tackle cyber-crime, and to keep critical UK systems and networks robust against cyber-threats.
Furthermore, the Programme also supports the efforts being made to ensure the public has the right knowledge and that the UK government is at the cutting-edge of research education and is liaising closely with international partners.
“We have made significant strides towards all these goals this year and throughout the course of the Programme's existence,” said Maude in a statement. "The long-term economic plan of this government continues to make the UK one of the most secure places globally for cyber-innovation and commerce,” he added, noting the inauguration of CERT-UK, the National Cyber Crime Unit (NCCU) and training schemes like Cyber Essentials and Cyber Streetwise.
The document breaks down this year's efforts by these four key objectives, and places a particular emphasis on educating SMEs, improving the skills-gap in the police and exporting the products and services of local cyber-security start-ups (there are 14 cyber-security 'clusters' in development around the UK). Research centres and international cyber-crime relationships are also high on the agenda.
On SMEs, there appears to be a specific focus; from the development and launch of a new online training course called ‘Responsible for Information' and a new ‘cyber action plan for small businesses' to new cyber-security grants, work is on-going.
“There is more to do to spread the message to harder-to-reach small firms” the report notes, something CERT-UK head Chris Gibson also admitted at a recent conference.
“To help smaller firms access the help they need BIS – in partnership with Innovate UK (formerly the Technology Strategy Board) – has been offering £5,000 cyber-security Innovation Vouchers to SMEs to invest in improving their cyber-security and enhancing their growth potential. 375 vouchers have been awarded since July 2013 with nearly £1 million invested so far.”
Here are some of the other key findings as detailed in the report:
- Citing the Information Security Breaches Survey, the Cabinet Office says 81 percent of large organisations and 60 percent of small organisations suffered a breach, with mitigation costs varying from £65,000 to £1.15 million
- CiSP membership is up to 750 members - beating the yearly target by 50 percent
- A second CiSP ‘node' is to launch in the South East in early 2015
- 124 organisations have been awarded Cyber Essentials accreditation
- Falcon, the Metropolitan Police's cyber-fraud squad, made 117 arrests from August to October
- College of Policing has designed four eLearning modules on cyber-crime aimed at police officers and other staff. 120,000 modules have been completed since 2013.
- UK ‘strengthened' bilateral cyber-crime relationships with South Korea, Israel, Singapore and Japan in the last year, and signed new MOUs with Korea and Israel. A cyber ‘dialogue' with Japan is due for later this month; a new arrangement due with India early 2015 and talks are on-going with China
- New research collaborations have been established with Israel and Singapore
- The UK has funded the Global Cyber Security Capacity Centre, part of Oxford University's Martin School
- GCHQ has launched the ‘Cryptotoy' Android tablet app to get children interested in coding.
In an email to SCMagazineUK.com on Friday, Guy Bunker, SVP of products at Clearswift, said that he was pleased with the news, but had a warning for Whitehall.
“It's great to see that this is still a high priority – and there is dedicated money for the initiative. However, there needs to be more money, or organisations need to be aware that they will need to spend money to improve their security posture – security is not all about technology, it also needs to cover awareness and education as well as policy.”
He added: “Information sharing between firms is still very weak, and while strides have been made to improve it – we still need a better mechanism to share information to all skill levels. The information that is useful to a large organisation can be delivered in a different way from that that aimed at an SME. Sharing should also be carried out on attempted (but failed) breaches – as, while it might have failed at one organisation, it could work at another.
Earlier this week, David Blunkett, the former Home Secretary, told SC that the National Security Strategy needs an overhaul.
Asked where most of the money has been going, he said: “Most of its going to GCHQ, is the honest truth, and there's another £130 million over the next two years but quite a lot of that is entirely down to the counter terrorism and prevention strategy.
“Whoever comes in will be doing a comprehensive spending review. The coalition has effectively done it through to 2016 – the Conservatives are saying what they would do – but there's no next stage, and whoever comes in will have to do that immediately.”
“The lesson I've learnt is that unless you train people – and have an understanding for what going on – you can put a lot of money in it (and it just does down the drain).”