The UK government has reaffirmed its plans to ally with industry to combat cyber threats, announcing a new partnership to protect British supply chains from rising cyber attacks as it continues to make cyber defence a key part of its future strategy.
Minister for Defence Equipment, Support and Technology, Philip Dunne announced the partnerships, confirming nine of the country's largest contractors have already signed up.
"I am pleased to be able to announce that we have established a partnership with industry that will strengthen our defences throughout the supply chain. The defence cyber protection partnership brings together nine of our largest contractors to get those basics right," he said.
Confirmed partners include BAE Systems, British Telecom, EADS, Hewlett Packard, Lockheed Martin, Logica (CGI), Rolls Royce, Selex ES and Thales. Dunne said further contractors are expected to sign up soon.
Dunne said the partnership is designed to offer similar services to the government's Cyber Security Information Sharing Partnership (CISP), facilitating the sharing of cyber attack information between the public and private sector, letting companies and agencies get a more holistic view of the threats facing them.
"They have committed to: raising awareness of cyber security as an issue, both internally and amongst their sub-contracting supply chain; exchanging information on threats and vulnerabilities; and working with us to drive up the standards of cyber security throughout the supply chain," he said.
"That also means being frank about how mature and effective our arrangements are, and learning from each other's experiences. It is a vital part of our strategy to secure the Defence supply chain."
The UK MP said the move will help increase cyber education within the country. "This is not just about structures and resources. It is fundamentally about changing behaviour. Many of the threats to our cyber security can be mitigated by changes in behaviour, getting the basics right through instilling a culture of ‘cyber hygiene'," he said.
Education has been a key concern for both the public and private sector, with numerous bodies warning the UK is on the brink of a crippling cyber skills shortage. Earlier this year the National Audit Office (NAO) estimated the skills gap will last 20 years costing nation £27bn a year. More recently Sophos director of technology, James Lyne listed a lack of education as a key reason small business websites have overtaken porn and gambling sites as cyber criminals' malware distribution tools of choice.
Despite the education push, Dunne indicated the majority of the newly announced government cyber funding will go towards military and technical projects. "As part of this commitment we are extending our National Cyber Security Programme by a further year, investing an additional £210 million on top of the £650 million provided in the Strategic Defence and Security Review in 2010," he said.
"Staying ahead of the curve on cyber technology is essential to preserving the operational advantage of our armed forces, so the MOD continues to invest in cyber research and development.
"On top of the money allocated to the MOD from this fund in 2010, we have also allocated a further £70m over the next four years from within our own budget for improving our cyber defence capabilities."
The strategy is a marked move away from the UK Cyber Strategy's positive focus on education. Prior to it the strategy has seen the creation of several higher education cyber security research centres. Most recently the UK government pledged to pledged to invest £7.5m to create two new higher education centres at Oxford University and Royal Holloway University London.