UK promises tougher line on cyber crime

UK foreign secretary Dominic Raab has promised to take a tougher stance against cyber criminals and other threat actors, as businesses, critical infrastructure operators and other public bodies face a surge in destructive cyber attacks and ransomware incidents.

In an exclusive interview with The Telegraph on the fringes of the G7 Summit, Raab said the UK would work more closely with the US on global security leadership.

He told the newspaper that the UK would “apply a cost to those that systematically are engaged in cyber attacks for either profit, espionage or to do damage and just wreak chaos”.

The foreign secretary hinted at new sanctions against a greater number of malicious actors and their enablers – which could include asset freezes and individual travel bans – as well as firmer direct attribution, and possibly even offensive cyber retaliation.

Charlie Smith, consulting solutions engineer at Barracuda Networks, said collaboration with the US could mark something of a turning point in the fight against cyber crime for the UK.

“The sharp rise in ransomware attacks against schools, hospitals, local councils and other critical national infrastructure cannot be underestimated and a concerted effort needs to be made to protect and secure these vital organisations from increasingly brazen attacks,” said Smith.

“Key to this must be having the right backup systems in place to protect and restore critical data, as well as a proactive approach to identifying the source of the hack and issuing the necessary sanctions and criminal penalties.”

Raab has previously signalled the UK government’s ambitions to become a cyber security leader – not just in technology, but in diplomacy – saying that the UK needs to play a bigger role in helping establish international norms and “rules of the road” in cyber space, and warning that the western allies cannot afford to let nation states that are unafraid to break these norms – which largely means China, Iran, North Korea and Russia – fill the vacuum.

To this end, last month he committed £22m to fund National Cyber Security Centre (NCSC) projects in developing and vulnerable countries in the Global South.

“We have got to win hearts and minds across the world for our positive vision of cyber space as a free space, open to all responsible users and there for the benefit of the whole world,” said Raab in a speech to the NCSC’s CyberUK conference.

Meanwhile, Joe Biden, who arrived in the UK for the G7 Summit on 10 June on his first trip outside the US as president, has also taken a firm stance on cyber security after taking over from Donald Trump at the height of the fallout from the state-backed SolarWinds Orion incident, followed by the Microsoft Exchange Server attacks, and more recently the Colonial Pipeline ransomware incident.

Last month, Biden signed a new executive order intended to harden US cyber security and government networks – mandating increased cooperation between victim organisations, law enforcement and the federal government as a jumping-off point.

Earlier this week, the White House made a number of recommendations following a 100-day review of supply chain resilience – including elements of supply chain cyber security as well as other issues, such as the current semiconductor supply crisis, and issues in the supply of Covid-19 vaccines.