UK government and industry, including Microsoft and Google, have committed to an almost £190m co-investment in an initiative to ensure new technology is secure by design against top cyber threats.
Security by default and design is a key element of UK government policy on technological innovation. The principle is enshrined in the recently published minimum requirements for manufacturers of surveillance camera systems and components, and the voluntary code of practice (CoP) for manufacturers of consumer internet of things (IoT) devices, published by the UK in October 2018.
The co-investment, announced by UK business secretary Greg Clark, will benefit businesses and consumers alike, with increased security built into digital devices and online services.
“Digital devices and online services are powering more of our daily lives than ever before, from booking a doctors’ appointment to buying online shopping,” he said.
“While these devices and services bring great benefits to businesses and consumers, they come with the associated risks of cyber attacks and threats that are becoming increasingly complex to tackle.
“As we move to a more data-driven economy, nearly all UK businesses and organisations are reliant on these digital technologies and online services – but the threat of cyber attacks is ever-present, with more than 30% of businesses having experienced a cyber security breach or attack in the past 12 months.
“With government and industry investing together as part of our modern Industrial Strategy, we will ensure that the UK is well placed to capitalise on our status as one of the world leaders in cyber security by ‘designing in’ innovative measures into our technology that protect us from cyber threats. This will also help us bring down the growing cyber security costs to businesses.”
Putting the UK at the forefront
The plans are aimed at putting the UK at the forefront of the global cyber security market, predicted to be worth £39bn in a decade.
Up to £117m private industry investment will be combined with £70m government investment from funding under its Industrial strategy to develop new technologies under the Digital Security by Design challenge.
The government investment was announced in January 2019 with the stated aim of making the UK a world leader in eliminating cyber threats to businesses and consumers by developing more resilient IT hardware, software and services.
The UK government and its partners see the best defence against cyber threats is developing innovative solutions that can work independently and protect against threats even during attacks.
The initiative is aimed at eliminating attacks that exploit vulnerabilities in technology, such as Wi-Fi routers that can be compromised and used by attackers in botnets to attack online services and businesses.
With a rapidly growing number of IT systems becoming connected, whether in the home or businesses, those behind the initiative believe there is a need for security that is secure by design.
“This expected joint investment will create projects to develop new solutions to cyber security over the next five years, with the aim of applying the findings in real-world markets through dedicated demo projects led by business,” said Clark.
“For example, these demo projects could include testing the new technology in the health sector to ensure a higher level of protection for patient data, or in consumer markets to ensure consumers’ personal data is fully protected as far as possible”.
Ann Johnson, corporate vice-president, Cybersecurity Solutions Group at Microsoft said: “At Microsoft, we embrace our responsibility to help empower organisations on their digital transformation journey to unlock the security and compliance capabilities of the intelligent cloud and next generation AI [artificial intelligence].
“We support the vision behind the digital security by design initiative that helps bring digital security by design into the central hardware of tomorrow’s computers and have committed financial resources to collaborate across these exciting new proposed activities.”
Security of data
Ben Laurie, head of security and transparency at Google, said the company places a high priority on the security of data.
“We believe that the proposed digital security by design initiative is vital to bridge the gap between the realities of the hardware development cycle and those of commercial software companies.
“We need proven hardware architectural changes that permit the secure and efficient separation of data so we can provide the user control of data in distributed systems, a problem thought otherwise impractical to address. We will commit significant resources to this program, the results of which will be open source and available to the whole industry.”
Ian Levy, technical director at the UK’s National Cyber Security Centre (NCSC) said the agency is committed to improving security “from the ground up”, and has been working closely with government to promote adoption of technology and practices to protect the UK.
“We hope this additional investment will drive fundamental changes to products we use every day. This is vital work, because improving hardware can eradicate a wide range of vulnerabilities that cause significant harm.”
The government hopes the initiative, which will bring together academics, research institutions, startups and a wide range of businesses, will help put the UK at the forefront of the AI and data revolution.
Details on the upcoming rounds of funding for the initiative will be announced later this year, the government said.