The government has set out its cyber security strategy for the next five years to ensure that the UK can survive and thrive in the digital age.
The National Cyber Security Strategy runs from 2016 to 2021 and is backed by £1.9bn announced last year by then chancellor George Osborne.
Current chancellor Philip Hammond explained that the strategy will allow the UK to “defend ourselves in cyber space and to strike back when we are attacked”, making it plain that the UK will develop offensive as well as defensive capabilities.
The strategy sets out three areas of focus: Defence, Deter and Develop.
The defence element sets out actions the government will take to keep the nation adequately protected, including a recommitment to implement national Domain Name System blocking.
This would see malicious websites blocked by internet service providers, potentially stopping customers ever being able to visit them.
The government will also work with firms involved in areas of critical national infrastructure to make them “sufficiently secure and resilient” to any potential cyber attack.
Meanwhile, the recently opened National Cyber Security Centre will coordinate threats to UK firms and spread awareness of the risks facing all relevant businesses.
The government hopes that actions like these will make the UK a less desirable target for cyber crooks, partly by making it hard to attack but also by creating offensive capabilities to ward off would-be attackers.
“Cyber space is only one sphere in which we must defend our interests and sovereignty. Just as our actions in the physical sphere are relevant to our cyber security and deterrence, so our actions and posture in cyber space must contribute to our wider national security,” the report stated.
This will include a focus on going after cyber crooks to bring those who target the UK to justice.
“Law enforcement agencies will focus their efforts on pursuing the criminals who persist in attacking UK citizens and businesses,” the report said.
“We will work with domestic and international partners to target criminals wherever they are located, and to dismantle their infrastructure and facilitation networks.”
The report also explained that the UK will develop “offensive cyber capabilities”, although it understandably did not really elaborate on what these would be.
“We will ensure that we have at our disposal appropriate offensive cyber capabilities that can be deployed at a time and place of our choosing for deterrence and operational purposes, in accordance with national and international law,” it said.
This is very much focused on ensuring an adequate future pool of talented cyber workers who can help protect the UK in cyber space.
“The UK requires more talented and qualified cyber security professionals. The government will act now to plug the growing gap between demand and supply for key cyber security roles, and inject renewed vigour into this area of
education and training,” the report said.
The government also identified the need to give cyber security businesses the chance to flourish in the UK by providing the necessary financial support and training to those that develop innovative offerings.
“The most ground-breaking products and services that offer the potential to keep us ahead of the threat struggle to find customers who are willing to act as early adopters,” the report said.
The report was welcomed across the industry. Gordon Morrison, director of government relations at Intel Security, described it as a clear focus from Whitehall on making cyber a key element of the nation’s future.
“Government is showing strong leadership in cyber and should be commended for doing its utmost to secure our digital economy and wellbeing,” he said.
“In particular its focus on increasing cyber skills and cyber innovation and the formation of the National Cyber Security Centre will provide a good basis to improve cyber security.”
TechUK CEO Julian David praised the government for putting cyber security at the heart of its forthcoming Industrial Strategy, but warned that businesses must recognise the part they have to play.
“This new strategy is a robust and comprehensive response from the government to the growing cyber threats that we face,” he said.
“It is now time for businesses across the country to step up and play their part in keeping their businesses and the UK as a whole secure.”
However, Andy Powell, head of cyber security at Capgemini UK, expressed concerns that the report focused overly on tools and technologies and not enough on people and processes.
“Increasingly it has become more about how we apply the technology, rather than the tools themselves," he said.
"So in order for a strategy like this to be effective, it needs to be enacted properly and enforced through mechanisms such as legislation, this being the key to creating good behaviour at the board level and prompting much needed investment.”
Dust storm on Titan only the third Solar System body where such storms have been observed
New technique could enable quantum computers to scale-up to millions of qubits
Systrom and Krieger taking time off "to explore our curiosity and creativity"
Comcast's £29.7bn winning bid more than twice the £13.7bn Rupert Murdoch valued Sky at just eight years ago