Cyber security is a shared responsibility because no single government or organisation can possibly have all the answers, according to Francis Maude, Cabinet Office minister.
“Working together is essential to success and it is crucial for the public and private sectors to come together to discuss how to tackle this,” he told the GovNet Cyber Security Summit 2014 in London.
Maude said that, although it is necessary to talk about the cyber threat as “dark and challenging” to get business to take it seriously, there is also a positive side.
“We should not lose sight of the benefits and opportunities that the internet brings,” he said, in creating jobs, making life easier and transforming public services.
Maude said the UK is at the forefront of development, and the government is “determined to seize the opportunity of the digital age”.
He said government is determined to lead by example, and is investing time and effort in improving cyber skills, and securing its own systems and supply chains.
“From October, all suppliers of information services have been required to be compliant with the five security controls set out in the Cyber Essentials Scheme (CES),” said Maude.
The scheme, he said, provides clarity on good basic cyber security practices to thwart most cyber attacks.
“After going through a certification process, businesses will be able to show they have the right measures in place by displaying the Cyber Essentials badge, which we hope becomes the cyber equivalent of the MOT certificate,” said Maude.
READ MORE ABOUT CERT-UK AND CISP
- East Midlands gets cyber threat sharing node
- Malware incidents make up 25% of Cert-UK's work in first 100 days
- UK finally launches national cyber emergency team
- UK reaches key milestone in cyber security
- Infosec 2014: Threat knowledge is key to cyber security, say experts
- Cert-UK to drive international cyber security collaboration
- UK government launches cyber threat data-sharing partnership
- UK government sets up cyber security fusion cell
Security paramount with digital presence
Cyber security, he said, is an important consideration as government transforms its digital presence. The process started with Gov.uk two years ago and celebrated its billionth visitor in October 2014.
Government is now turning its attention to digitising 25 high-volume public services to become faster, clearer and more convenient to use.
“As we go digital by default, it becomes even more important that someone signing in to use a service is who they say they are,” said Maude.
“That’s why we’re developing Gov.uk Verify with funding through the National Cyber Security Programme.”
The Gov.uk Verify system will enable people to prove their identity in an entirely digital manner for the first time.
“It will allow government – and eventually private sector services too – to trust that a user is who they say they are,” said Maude.
The programme went into public beta testing in November 2014 and will, in time, make a real contribution to trust and security in the digital age, he said.
Co-operation for security
Coupled with Verify, the government has been investing to ensure public sector staff have the necessary skills and capabilities to combat the threats government faces in cyber space.
“But while it’s right the government leads by example, we can’t do it alone. There’s no single magic bullet to neutralise the cyber threat, but the one thing common to all our efforts – whether it’s about resilience, or awareness, or capability and skills – is co-operation,” said Maude.
To that end, he said, the government earlier this year launched Cert-UK, the national Computer Emergency Response Team, to bring about closer co-operation between businesses and the government and law enforcement agencies.
“It means that there is now a single organisation co-ordinating our response to cyber issues on a daily basis, which can identify and track risks as they emerge and, when necessary, bring others together to respond,” said Maude.
The minister highlighted the government’s Cyber Security Information Sharing Partnership (CISP) that enables government and business partners to exchange information on threats and vulnerabilities as they occur in real time.
In September 2014, Cert-UK responded to the Shellshock vulnerability, and had posted information onto the CISP website in hours.
“In the following 72 hours there were over 1,000 page views. CISP members were actively sharing their own information to contribute to our situational awareness,” said Maude.
“This is the pattern for success: Governments and businesses working together – quickly and in real time – to share intelligence, learn lessons, pool capabilities and co-ordinate action.”
This will make the UK one of the safest places in the world to do business
National security an economic advantage
The government is also working closely with owners and operators of the UK’s critical national infrastructure, which is mostly in the hands of private-sector companies.
“Through the National Cyber Security Programme we’re funding an ambitious programme of work to make sure both government and businesses know our critical cyber assets – the ones that keep the country running,” said Maude.
“We want to understand their resilience to sophisticated cyber attacks so we can work together to keep these systems secure.”
Maude concluded by reiterating the need to work together.
“This is absolutely essential to success. Only by working together in real time can we share the information and intelligence necessary to combat the threats more effectively and mitigate our weaknesses, before the cyber criminals have the opportunity to exploit them,” he said.
But Maude said there is also an opportunity to turn “a necessary evil” into an opportunity for jobs and growth, innovation and advancement.
“This will make the UK one of the safest places in the world to do business and ensure that our economy and society continues to benefit from the ongoing digital transformation,” he said.