The UK government plans to concentrate on expanding partnerships around cyber security with the private sector in 2014 as part of the National Cyber Security Strategy (NCSS).
This includes introducing a cyber security kitemark for firms that do business with the government, to help boost UK cyber exports and a cyber security baseline standard.
The announcements coincide with the publication of the government’s progress report on the NCSS, two years after it was launched in November 2011.
The NCSS is supported by £860m funding from the National Cyber Security Programme for delivering projects as part of the government’s response to growing threats in cyberspace.
Francis Maude, minister with oversight of the Cyber Security Strategy (pictured), said two years of “solid work” by government – in partnership with the private sector and academia – ensured the UK’s cyber resilience, awareness, skills and capability grows across the board.
“Our initiatives are ensuring the UK is one of the safest places to do business in cyberspace as well as providing a solid platform for economic growth,” he said.
Cyber attack remains serious threat
Read more about UK national cyber security
- Thales launches critical infrastructure cyber security lab
- NCA begins major cyber recruitment campaign
- FTSE 350 firms complete cyber risk assessment
- UK must legislate on critical cyber security, says ViaSat
- Government launches cyber awareness campaign
- UK takes cyber threats to infrastructure seriously
Looking to the future, Maude said although the government is already working closely in partnership with the private sector, he wants to see that relationship grow even stronger to “mainstream cyber security” and raise awareness.
“We know this is important now, but this is also vital for our economic growth in the coming years. It will remain an absolute priority as we move to year three of our strategy,” he said.
Maude said cyber attack will remain a serious threat to UK national security.
“That is why our work with other sectors, such as academia and R&D, will continue to benefit strongly from secure government funding.
“As a result of the 2013 spending review we have directed an additional £210m investment to this area, making £860m of sustained government investment on cyber to 2016,” he said.
Cyber security exports
Maude said there remained work to be done, but investment, partnerships, skills, resilience and awareness are in a far stronger position today than before the National Cyber Security Programme was launched.
In 2014, the government plan to establish a Cyber Security Suppliers’ scheme, developed through the Cyber Growth partnership.
This will allow businesses to state publicly to prospective clients that they supply government with cyber security products and services.
Government’s aim is to more than double annual cyber exports from the UK to £2bn a year by 2016.
Security standard sets baseline
2014 will also see the introduction of an industry-led organisational standard, based on ISO 27000 series to give industry a clear baseline to aim for.
This is aimed at ensuring a focus on basic cyber hygiene and protection from low level cyber threats, according to a senior government official.
“This standard will be adopted by government in its procurement where proportionate and relevant to encourage uptake and give companies a demonstrable competitive edge,” he said.
To further raise awareness of cyber security, the government believes internet service providers (ISPs) have an important role to play.
ISPs and the government have co-developed a series of Guiding Principles to improve the online security of customers and limit the rise in cyber attacks.
Cyber security research and training
By summer 2014, the government plans the introduction of a “Massive Open Online Course” in cyber security for the Open University.
“The course will potentially reach 200,000 students both domestically and overseas. The course will be available free of charge to anyone who has access to the internet,” said a senior government official.
In 2014, the government plans to set up a third research institute to focus on trustworthy industrial control systems for critical national infrastructure.
“This directly supports national infrastructure, building capability, finding new innovative ways to protect the industrial technologies that support our key services,” said a senior government official.
“As more vital infrastructure goes online, the cyber threats are likely to increase unless we take steps to ensure we can manage them,” he said.
The government plans to increase funding for the UK Cyber Security Challenge to expand the pilot schools competition regionally and nationally.
Since its launch 562 schools nationally have become involved. This programme gives school children the opportunity to develop their cyber skills and to demonstrate them in a competitive environment.
Finally, the government plans to increase its partnership with Chevening, Commonwealth and Marshall Scholars from Africa, Asia, and America.
“These scholars will take their knowledge and expertise back to their home countries, where strengthened cyber security will help tackle cyber threats to the UK at source, and where they will reinforce the UK’s reputation as a world leader in cyber,” said a senior government official.
Responding to government’s plans for a cyber security kitemark, cyber security firm Check Point welcomed the move.
“Our 2013 security report found that 63% of large organisations were infected with bots – stealthy agents which quietly siphon data from networks – so raising awareness of these issues and setting security benchmarks is an important step,” said Keith Bird, Check Point’s UK managing director.
“However, threats are continually evolving, so the benchmarks will need to be regularly reviewed and updated in order to keep pace and ensure they deliver a real foundation for protection,” he said.