The UK clearly sees its cyber-capabilities and its robust approach to security as an asset that it can offer to partners and allies and a driver of UK exports.
Cyber-security expertise as a UK specialisation is being made more explicit later today (Monday 26 March) when International Trade Secretary Dr Liam Fox launches the UK government's new Cyber Security Export Strategy to promote UK expertise and strengthen defence capabilities in the UK and allied countries.
A statement from the Department for International Trade references recent cyber-attacks threatening NATO countries as well as large global and UK organisations before urging businesses from UK and allied countries to ensure they have the best security possible.
Exports from the UK's 800 cyber security companies were valued at £1.5 billion in 2016, and with global spend on cyber-security forecast to exceed £759 billion by 2021, the move is intended to ensure the UK wins an increasing share of this fast growing market.
This new Export Strategy is described as supporting the ongoing work of the 2016 National Cyber Security Strategy which provided £1.9 billion of investment in cyber-capabilities, much of it via the public facing GCHQ spin-off, the National Cyber Security Centre.
The Cyber Security Export Strategy contains three commitments from the Department for International Trade to UK cyber companies:
“Pursue: in priority markets DIT will act as a trusted advisor to support UK companies bidding for major opportunities, primarily selling to overseas governments and critical national infrastructure providers.
“Enable: DIT will curate bespoke offers for the top buyers in these sectors worldwide, running trade missions and pitching UK companies to address identified capability gaps.
“Respond: to showcase the best of UK cyber security updated branding and marketing will be developed and deployed around the globe alongside new cyber security content on great.gov.uk”
In what is clearly a reference to the poisoning with a military grade nerve agent of former Russian intelligence agent Sergei Skripal and his daughter in Salisbury, UK, International Trade Secretary, Dr Liam Fox will say: “Recent events show that the UK faces a diverse range of threats from hostile state actors. So in an increasingly digital world, it's vital that we improve our cyber-capabilities, which are crucial for national security and prosperity.
“The strategy I am publishing today will support UK companies to export our world-leading cyber-security expertise, which will help strengthen our capabilities, and protect our country and our allies from those who wish us harm.”
A government statement says that the new strategy has been developed with industry and comes with robust export control regimes which will safeguard human rights - though critics will note that this applies to conventional weapons supplied to allies such as Saudi Arabia, currently conducting a proxy war with Iran in Yemen.
Paul Everitt, chief executive of ADS, the UK trade association for the security sector, commented: “The UK's cyber-security exports are already worth £1.5 billion a year and we expect this area of activity to continue offering the strongest export growth in the security sector in the years ahead. This new strategy announced today can help the sector continue to grow, make a greater contribution to national prosperity, and protect the UK and our allies from threats in cyber-space.”
The new Cyber Security Export Strategy published will be available online from 9am tomorrow.
Ollie Whitehouse, chief technical officer at NCC Group emailed SC media UK to say:“After engaging closely with government we are delighted to see the Cyber Export Strategy come to fruition. The six ‘most promising' sectors that the government has identified for cyber-security exports are very closely aligned to our own expertise. Our experience and research credentials in healthcare, energy, government, financial services, automotive and digital infrastructure stand us in good stead for continued international growth.
“Cyber security is a global challenge. While the success of UK cyber-security businesses will help our economy domestically, it is also a significant export opportunity and at the same time can support international collaboration and capability building against an ever-changing threat landscape.
Nazo Moosa, senior strategic partner, Europe, Paladin Capital Group commented in an email to SC Media UK that the UK is by far the leader in cyber-security funding and innovation in Europe. She says that this success is due partly to historical reasons, including a historical excellence in espionage and the continued investment in defence. The UK is also a finance centre, attracting talent and capital, ranking fourth in the world in its ability to draw venture capital.
Moosa also notes how the UK allocates over £400 million annually to cyber-security, and has created word class incubators such as Cylon (Cyber London) and the current government industrial policy continues to prioritise GDP and productivity growth through innovation.
She adds that in the post Brexit environment, cyber-security will be a strategic asset for the country and a centre of excellence globally.
Certainly, the UK's response to Russia's believed attack on the country, and its cooordination of allied responses, has put it in the frontline thus it will need to ensure it is indeed a leading cyber-player and it is reported to be taking steps to rectify its own vulnerabilities. UK authorities, including the NCSC, were conducting round the clock threat assessments of possible Russian cyber-attacks on critical national infrastructure including power and other utilities.
For all the bluster, the UK does not actually want to get into a cyber-war with Russia. Talking to SC Media UK, Misha Glenny, cyber-security journalist and author of the book and subsequent TV series McMafia, commented, “The UK doesn't want to get into a cyber-pissing war with Russia given their capabilities. And with the malware found on US critical infrastructure recently, you can be sure the same applies to the UK (ie, it too will contain Russian malware). It was a wise move by Teresa May not to escalate the conflict with cyber-retaliation.”
Marina Kidron, who heads up cyber-vulnerabilities research for Skybox Security, recently published research into the scale of vulnerabilities in the industrial control systems used by critical national infrastructure and commented in an email to SC Media UK: “We assessed that there had been a 120 percent increase in the vulnerabilities affecting what is known as operational technology in the last 12 months. These are computer-connected control systems for running critical processes in power generation and supply as well as similar functions in other utilities like water. Unless they are rectified such vulnerabilities can be exploited by adversaries as we discovered with the NotPetya and other incidents last year.
“The challenge is that Industrial cyber-security isn't being as consistently applied as compared to cyber-security for information systems. However, we can prevent the kind of cyber-attacks ... if organisations can get a clearer visibility of these risks and thus be able to target prevention much more effectively.”