lolloj - Fotolia
Read more about cyber security
- Cyber security must be top of the agenda for business, policy and research, according to a report by The Royal Society.
- Government announces a £250,000 programme to increase the rate of cyber security startup development in the UK.
- An essential part of information security is identifying and managing the risks, experts tell the European Information Security Summit 2016.
Ben Gummer, minister for the Cabinet Office and Paymaster General, said: “No longer the stuff of spy thrillers and action movies, cyber attacks are a reality and they are happening now.
“The first duty of the government is to keep the nation safe. Any modern state cannot remain secure and prosperous without securing itself in cyber space. That is why we are taking the decisive action needed to protect our country, our economy and our citizens.”
The new cyber security strategy builds on the previous plan that started in 2011. The aim of the strategy is to make the UK "secure and resilient to cyber threats; prosperous and confident in the digital world". It contains little in the way of new policies or actions, but defines the key objectives and plans to make the UK the safest place to do business in the world, according to Hammond.
"The cyber threat impacts the whole of our society, so we want to make very clear that everyone has a part to play in our national response. It’s why this strategy is an unprecedented exercise in transparency. We can no longer afford to have this discussion behind closed doors," he said, writing in the foreword to the document.
"Ultimately, this is a threat that cannot be completely eliminated. Digital technology works because it is open, and that openness brings with it risk. What we can do is reduce the threat to a level that ensures we remain at the vanguard of the digital revolution."
The strategy outlines three areas, intended to "defend, deter and develop" UK capabilities. Core to delivering the plan is the recent creation of the National Cyber Security Centre to bring all the country's cyber operations under one organisation.
The strategy document highlights 13 "strategic outcomes" the government expects to deliver in the next five years, which are:
1. The UK has the capability effectively to detect, investigate and counter the threat from the cyber activities of our adversaries.
2. The impact of cybercrime on the UK and its interests is significantly reduced and cyber criminals are deterred from targeting the UK.
3. The UK has the capability to manage and respond effectively to cyber incidents to reduce the harm they cause to the UK and counter cyber adversaries.
4. Our partnerships with industry on active cyber defence mean that large scale phishing and malware attacks are no longer effective.
5. The UK is more secure as a result of technology products and services having cyber security designed into them and activated by default.
6. Government networks and services will be as secure as possible from the moment of their first implementation. The public will be able to use government digital services with confidence and trust that their information is safe.
7. All organisations in the UK, large and small, are effectively managing their cyber risk and are supported by high quality advice designed by the NCSC, underpinned by the right mix of regulation and incentives.
8. There is the right ecosystem in the UK to develop and sustain a cyber security sector that can meet our national security demands.
9. The UK has a sustainable supply of home-grown cyber skilled professionals to meet the growing demands of an increasingly digital economy, in both the public and private sectors, and defence.
10. The UK is universally acknowledged as a global leader in cyber security research and development, underpinned by high levels of expertise in UK industry and academia.
11. The UK government is already planning and preparing for policy implementation in advance of future technologies and threats and is future-proofed.
12. The threat to the UK and our interests overseas is reduced due to increased international consensus and capability towards responsible state behaviour in a free, open, peaceful and secure cyberspace.
13. UK government policies, organisations and structures are simplified to maximise the coherence and effectiveness of the UK’s response to the cyber threat.