From: H.M. Government

Issue

The growth of the internet has transformed our everyday lives and is an important part of our economy. The internet-related market in the UK is now estimated to be worth £82 billion a year. British businesses earn £1 in every £5 from the internet.

But with greater openness, interconnection and dependency comes greater vulnerability. The National Security Strategy categorised cyber attacks as a Tier One threat to our national security, alongside international terrorism. The threat to our national security from cyber attacks is real and growing. Terrorists, rogue states and cyber criminals are among those targeting computer systems in the UK.

93% of large corporations and 76% of small businesses reported a cyber breach in the past year. On average over 33,000 malicious emails are blocked at the Gateway to the Government Secure Intranet (GSI) every month. These are likely to contain – or link to – sophisticated malware. A far greater number of malicious, but less sophisticated emails and spam are blocked each month.

With the cost for a cyber-security breach estimated between £110,000 to 250,000 for large businesses and £15,000 to 30,000 for smaller ones, the government must look at new ways to protect businesses and make the UK more resilient to cyber-attacks and crime.

Actions

The Strategic Defence and Security Review allocated £650 million over 4 years to establish a new National Cyber Security Programme to strengthen the UK’s cyber capacity.

To combat cyber threats, we will:

To prevent cyber crime and make the UK a safer place to do business, we will:

  • set up a National Cyber Crime Unit within the National Crime Agency in 2013, bringing together the Police eCrime Unit and SOCA
  • provide cyber security advice to businesses such as the 10 Steps to Cyber Security Booklet
  • build a ‘Cyber Information Sharing Partnership’ with businesses to allow the government and industry to exchange information on cyber threats in a trusted environment, in 2013
  • create a joint ‘Cyber Growth Partnership’ with technology industry representatives Intellect, to support the growth of the UK cyber security industry and increase exports
  • introduce a single reporting system for people to report financially motivated cyber crime through Action Fraud– the UK’s national 24/7 fraud and internet crime reporting centre – recording incidents of fraud centrally enables intelligence being gathered about crimes to be shared and analysed, resulting in more targeted enforcement action.

To make the UK more resilient to cyber-attacks, we will:

  • establish a UK National Computer Emergency Response Team (CERT) to improve national co-ordination of cyber incidents
  • set up a new Cyber Incident Response scheme in GCHQ to help organisations recover from a cyber security attack – the scheme is in a pilot phase but will be fully operational later in 2013
  • extend the role of the Centre for the Protection of National Infrastructure (CPNI) to include working with all organisations that may have a role in protecting the UK’s critical systems and intellectual property
  • set up a national cyber crime unit

To cultivate a safe, stable and vibrant cyberspace internationally, we will:

  • work with other countries to identify and manage cyber risks and develop principles to guide the behaviour of governments and others in cyberspace
  • work in international forums such as in the UN Group of Government Experts, the OSCE, the EU and the World Economic forum
  • set up a Global Centre for Cyber Security Capacity Building within the UK network of Academic Centres of Excellence for Cyber Security in 2013

To develop the knowledge, skills and capabilities needed to defend the UK against cyber crime, we will:

  • develop a ‘cyber reserve’ of computer experts who will work with the government to protect the country from online threats, allowing the public services to draw on the wider talent and skills of digital professionals across the UK – the MoD will announce detailed plans in 2013
  • establish and fund a network of Centres of Excellence for Cyber Security Research within UK universities in 2013, to help provide reliable and up to date research and academic prowess
  • fund Centres of Doctoral Training (CDT) to provide the research and skills needed to support the work of future doctoral-level cyber security experts
  • work with the Institution of Engineering and Technology (IET) to make cyber security part of software engineering degrees and support the Trustworthy Software Initiative to improve cyber security by making software more secure, by 2015
  • challenge the UK public to find ways of defending the government from cyber-attacks as part of the Cyber Security Challenge UK competition, sponsored by the National Cyber Security Programme
  • put in a place a new national awareness and behavioural change campaign  to ensure that people and small businesses know the risks and what steps they can take to protect themselves and their businesses online

Background

Our National Security Strategy classed cyber security as one of our top priorities alongside international terrorism, international military crises and natural disasters.

We published the UK Cyber Security Strategy on 25 November 2011. It sets out how the UK will support economic prosperity and protect our national security by building a more trusted and resilient digital environment.

Francis Maude, Minister for the Cabinet Office, made a written ministerial statement to Parliament about progress against the objectives of the strategy on 3 December 2012.

Who we’re working with

The Office of Cyber Security and Information Assurance (OCSIA) coordinates the work carried out under the National Cyber Security Programme and works with government departments and agencies such as the Home Office, Ministry of Defence (MoD), Government Communications Headquarters (GCHQ), the Centre for the Protection of National Infrastructure (CPNI), the Foreign and Commonwealth Office and the Department for Business, Innovation and Skills (BIS) to implement the cyber security programme.

The Centre for the Protection of National Infrastructure (CPNI) is the government authority that provides physical, personnel and information security advice to the national infrastructure. It funds a range of projects to improve the UK’s ability to protect its interests in cyberspace and to address threats from states, criminals and terrorists.