UK's cyber security strategy enters collaborative phase


Cabinet Office Minister Francis Maude looks back at two years of the National Cyber Security Programme and says that public-private collaboration is key to protecting British businesses from cyber attacks.

Maude is due to speak at IA14 – HMG's flagship event for cyber security and information assurance – in Westminster today, where he will give an overview of the UK government's £650 million National Cyber Security Programme, which was launched two years ago.

The programme has since seen the introduction of the government's ‘ten steps to cyber security' guide, the Cyber Security Information Sharing Partnership (CISP) and, earlier this month, the Cyber Essentials Scheme. During this time, the UK's first national computer emergency response team – CERT-UK – has also been launched, the Cyber Incident Response has piloted to several companies, and consumer-friendly campaigns such as GetSafeOnline and the Cyber Security Challenge continue to run.

“Cyber security presents both a challenge and an opportunity. That's why we are bringing together government and industry to debate current threats and work on solutions and opportunities. As part of our long-term economic plan for the country, this Government is determined to make the UK one of the safest places to do business in cyberspace,” Maude is due to say at the conference.

“There are opportunities for business and government from cyber – it enables innovation and enterprise and also supports jobs and greater prosperity. We need to pull together, in the same direction to make us stronger and more aware, leaving us better placed to tackle the threats that cyber presents.”

In a press briefing before the conference, senior government figures praised the impact of the Cyber Security Programme, highlighting how times have changed in the intervening 24 months.

Ciaran Martin, director general for government and industry cyber security at GCHQ, said that the government has moved from having a sole document on cyber security and what cyber-criminals could do in 2006 to an era where they're focused on what they're actually doing.

This, he said, was inevitable considering the increasingly complex cyber threat landscape, where nation states, proxies and organised criminal groups are targeting British businesses for IP, financial motivation or even to damage brand reputation.

James Quinault, head of the UK's Office of Cyber Security & Information Assurance, said that 10 steps to cyber security had ‘hit the button', citing an FT article revealing that two thirds of FTSE 100 companies were ‘actively discussing' the issue at board level.

He added that five businesses were joining CISP each week, figures which were backed up by Maude who said in his speech that 30 new organisations are joining each month – taking the total to more than 450.

Echoing Maude's views, Sir Iain Lobban, the outgoing director at GCHQ, is also due to promote the need for public-public dialogue, when he delivers his keynote at the IA14 conference on Tuesday afternoon.

Lobban – who will be replaced by Robert Hannigan when he retires this autumn – is to highlight how the agency's work with the National Crime Agency is disrupting the Gameover Zeus malware – which affected some 500,000 PCs – and is also expected to launch a pilot where GCHQ commits to sharing classified cyber threat information ‘at scale and pace' to help communication service providers protect their customers.  This sharing is expected to start with suppliers to government sectors and then onto other sectors of critical national infrastructure.

The panel of experts speaking ahead of the conference admitted that this information would be declassified by GCHQ – but still of value to businesses. A spokesperson for GCHQ told that this was a sign that the agency was – as much as possible – being as transparent as possible to help UK businesses stay ahead of the threats.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews