Cyber security a shared responsibility, says Amber Rudd

Increase in malicious cyber attacks

Over the past year, Rudd said there has been a “significant increase” in the scale and severity of malicious cyber activity globally.

“We have been clear that we will not tolerate this. We know that there are several established, capable states seeking to exploit computer and communications networks to gather intelligence, personal information and intellectual property from the government, military, industrial and economic targets to advance their strategic goals,” she said.

Although hostile states, groups and individuals are using cyber tools to commit crimes, to project power, to intimidate their adversaries, and to influence and manipulate societies in a manner which makes definitive attribution difficult, Rudd said the UK has started identifying those responsible.

“We called out Russia for meddling in elections. We called out Russia again for the destructive NotPetya cyber attack of June 2017. And we called out the North Korean actors known as the Lazarus Group for the WannaCry ransomware campaign,” she said.

“Chairing the first ever cyber COBR after the incident really brought home to me how damaging attacks like these can be and how important cybersecurity is. It was sobering to learn that the National Audit Office’s conclusion was that the NHS could have avoided the crippling effects of the ‘relatively unsophisticated’ Wannacry ransomware outbreak with ‘basic’ IT security.”

In the past six months, Rudd revealed that the National Cyber Crime Centre (NCSC) has responded to 49 incidents associated with Russian cyber groups, some of which have hundreds of potential victims.

“Russian actors have systematically targeted the UK among others, expanding the number of sectors targeted, in addition to the energy, telecoms and media sectors that the prime minister highlighted last November,” she said.

“That’s why I am the first home secretary to have regular cyber briefings with the NCSC and the NCA. Because in the same way that I check in with MI5 and counter-terrorism policing to make sure I know everything there is to know about the terrorist threat, I want to know all I can about the cyber threat too.”

Vowing to ensure government will continue to “tighten the net” on the “cowardly keyboard warriors” and those who wage state-sponsored cyber warfare, Rudd said the government will not allow the internet, which can be such a powerful force for good, to become a “place where evil can fester”. She added that the government cannot do it alone, however, reiterating her call for everyone to play their part.

Call for collaboration

Responding to questions from the media, Rudd said engaging strongly with Europol will be important going forward in light of the fact that the UK cyber threat intelligence capability is widely admired internationally.

“It is my commitment to ensure that as we leave the European Union, we do have arrangements with organisations like Europol to ensure that we continue to keep this country safe. Being able to share data across boundaries is incredibly important in terms of cyber crime as well as any other crime,” she said.

Asked whether the just-announced funding was adequate considering the economic impact of cyber crime, Rudd said the funding comes after “substantial” investment in online skills and protection.

“We have Action Fraud and we have Cyber Aware, but this funding is particularly focused on ensuring that every police force has the necessary skills because we recognise the scale of the growth of online crime,” she said.

“At the moment, only 30% of police forces have the required skills to address the need of the victims. I want to make sure we reach 100%.”

Asked about the significance of the newly announced GCHQ site planned for Manchester, Rudd said it reflects the fact that the government is investing more and that it wants to grow the UK’s cyber capability and to make more facilities available and have the best expertise at scale to counter the cyber threat.

Commenting on the Facebook-Cambridge Analytica data exploitation scandal, Rudd said: “Facebook has some questions to answer, and I hope that both companies will engage with the inquiry that the information commissioner has already started.”

The home secretary went on to say that she believes there is a sea change taking place in terms of the public’s awareness of what is happening with their personal data and what they are trading for their free access to social media sites.

“I also think that social media sites like Facebook and other major [service providers] like Google have been taking many more steps than they have in the past in terms of engaging with what needs to be done to clean up their sites.

“When I called last year for the Global Internet Forum to Counter Terrorism to make sure that the terrorist material was taken down, everybody scoffed at me, to start with. But, actually, they did set it up and demonstrated that they are doing it,” she said, adding that social media sites are waking up to the fact that they do have much more of a responsibility to ensure illegal activity does not take place online.