The Chancellor of the Exchequer, Philip Hammond, is set to provide further details of the defence grid – dubbed the National Cyber Security Strategy – and how the £1.9 billion will be spent to improve it later today.
Some of the money will go towards educating and training cyber security experts, helping to bridge the digital skills gap.
The financial strategy will also extend to enlarge specialist police forces with the sole purpose of shutting down online criminal activity.
With the rise of cyber attacks and hackers hijacking websites and mimicking official domains, this announcement clearly shows that cyber security is a top priority for the UK government. As it should be for every governing body.
“It is using its whole range of state organs and powers to push its foreign policy abroad in increasingly aggressive ways – involving propaganda, espionage, subversion and cyberattacks,” Andrew Parker, the domestic security agency’s director general told the Guardian.
Responding to the diverse threat
The National Cyber Security Strategy embodies how dangerous the cyber threat is, for organisations (both public and private) and individuals.
The strategy will aim to protect British citizens, while producing tangible preventative measures to counter cyber attacks, both before, during and after.
After all, half the battle will be faced after successful cyber security failings. Unfortunately it is inevitable some will get through even the most stringent systems, so having a coherent strategy in place for all scenarios is fundamental.
>See also: The UK’s new National Cyber Security Centre
Hammond said Britain “must now keep up with the scale and pace of the threats we face”.
“Our new strategy… will allow us to take even greater steps to defend ourselves in cyberspace and to strike back when we are attacked.”
David Navin, corporate security specialist at Smoothwall was encouraged by the news and said that “the modern day business should know that when it comes to cyber security and the protection and defence of a company’s data, systems and intellectual property, security is of utmost importance.”
“However, as we have seen even recently in the news, it is not always the case, and so the announcement today from the Chancellor of a £1.9 billion spend to boost the UK’s cyber security strategy should be well received.”
Ben Gummer, paymaster general, said in a statement: “No longer the stuff of spy thrillers and action movies, cyber-attacks are a reality and they are happening now.
“Our adversaries are varied – organised criminal groups, ‘hacktivists’, untrained teenagers and foreign states.”
Is this the case, however? Christine Andrews managing director of data governance, risk and compliance consultancy DQM GRC suggests the “most common and destructive mistakes are often due to human error – not state-sponsored, powerful cyberattacks.”
“For example, even the simple loss or theft of a USB stick or laptop containing personal information about the business could seriously damage your organisation’s reputation, as well as lead to severe financial penalties.”
What’s been done so far
The £1.9 billion, allocated last year, will fund the cyber strategy until the end of 2020.
In the last year the budget, with the help of the cyber security industry, has been used to set up automated defence systems that restrict the amount malware that infects UK citizens.
Other projects underway have included identifying emails from source to prevent tax fraud campaigns directed towards the UK.
The future plan
Moving forward, the reported plan is to recruit more than 50 cyber security specialists to work in the cyber crime unit at the National Crime Agency.
This specialised force will help stamp out organised online gangs, with the aim of implementing harsher penalties for engaging in technology-driven.
Security-based startups can expect a piece of the proverbial pie and will receive backing as part of an innovation fund that will form part of the national cyber defence strategy.
The creation of a Cyber Security Research Institute will also be on the agenda.
This institute will aim to form a collaborative unit of researchers that will work together on coming up with device security solutions.
However, professor Alan Woodward, a computer security expert from the University of Surrey fears more needs to be done: “I hope the £1.9 billion will be spent in growing talent,” he said. “The
government talk about 50 recruits here and 50 there. I’m afraid we need many more.”
“I would really like to see money put into reaching young people early enough to influence the subjects they decide upon at school and pairing an image for them of just how interesting and rewarding a career in cybersecurity can be,” he said.
More to be done?
The impending announcement of advancing the UK’s cyber defence grid is a step in the right direction.
Bluntly, it is an absolute necessity in the current cyber climate.
However, real progress will only be made if the organisations themselves start to consider cyber security as a boardroom issue.
This point has been made time and time again. It is fundamental that the top tier of management in an organisation view cyber security as a business critical issue rather than a problem for the IT department.
Andrews elaborates on this: “Whilst we welcome any boost in spending by the UK government to improve cyber security, unfortunately real progress will only occur when the organisations themselves start taking data governance seriously and consider cyber security as a boardroom issue – not a problem that can be resolved in a backroom department.”
“Assistance from the government is a supportive step in the right direction, but it is vital that the organisations themselves implement an engaging staff training programme to ensure all employees are aware of the need to manage data securely.”