Philip Hammond announces £1.9 billion to go into three pronged strategy to protect national cyber infrastructure
The UK Government is to take a more offensive approach to cyber security, to the extent of retaliation to any attacks, as part of the national strategy announced today.
Chancellor Philip Hammond emphasised the willingness to be more belligerent as a deterrence as one of three key elements of the strategy, along with building up defences and cultivating the relevant skills, as he said the Government will plough £1.9 million into the effort over the next five years.
“We will not only defend ourselves in cyberspace; we will strike back in kind when we are attacked,” he said in a speech at the Future Decoded (Microsoft) conference announcing the launch of the strategy.
This will be part of the effort to deter cyber attacks and strengthen law enforcement against cyber crime.
Detect, trace, retaliate
“We will deter those who seek to steal from us, threaten us or otherwise harm our interests in cyberspace,” Hammond said, adding: “And we will continue to invest in our offensive cyber capabilities, because the ability to detect, trace and retaliate in kind is likely to be the best deterrent.”
The defence element of the strategy will involve strengthening the cyber defences not just of government, but elements of the critical national infrastructure such as energy and transport. Hammond said this will involve protective sensitive information and networks, with the Government supporting industry’s use of automated defence techniques to black any malicious activity.
He claimed such methods have already been deployed in reducing the ability of attackers to spoof government emails.
The third pillar involves building a pipeline of people with the relevant skills. Hammond announced a plan for a virtual network of UK universities dedicated to research in the area and supported by Government funding. It will focus on hardware and look to improve the security of mobile devices.
“We’re building cyber security into our education systems and are committed to providing opportunities for young people to pursue a career in this dynamic and exciting sector,” he said.
In addition to the three pillars of the strategy, it outlines four broad areas for action over the next five years.
One is in building up the national cyber security section, an element of which will be in supporting start-ups and investing in innovation, partly through the creation of two new cyber innovation centres and allocating some of the £165 million of the Defence and Cyber Innovation Fund to support the work.
It will also involve with bringing on talent earlier in the education system and developing clearer routes into the profession, and using the forthcoming EU General Data Protection Regulation to drive up standards of cyber security across the economy.
Secondly, it will focus on expanding intelligence collection through the Ministry of Defence, police, the National Crime Agency and overseas organisations.
Thirdly, the Government plans to work with industry on developing and deploying the new technology for the effort; and fourthly this will all be supported by the recently established National Cyber Security Centre.
Other elements of the strategy include:
- Building up the cyber defence capability of the armed forces.
- Focusing on common threats such as phishing attacks.
- Filtering known bad IP addresses and actively blocking malicious online activity.
- Working with overseas partners unilaterally and through the EU, NATO and the UN.
As an indication of the scale of the overall threat, the strategy document says the country is not yet ahead of it, with the capability of cyber attackers and criminals having grown, and that the national defences need to be sufficiently evolved and agile to counter them.
Hammond also acknowledged that the major distributed denial of service attacks that shook much of the US last month also had an effect on a small number of UK government digital services; although he said that it was possible to get these back online quickly as the right defences and contingency plans were in place.
The launch won early support from some industry bodies and professional associations. Geoff Connell, president of of public sector IT association Socitm, said: "We welcome publication of the strategy, its positivity and direction of travel and are already working with the National Cyber Security Centre and the Department of Communities and Local Government on how central and local government can collaborate to improve national and local cyber security maturity."
Julian David, chief executive officer of IT industry association techUK, said: “This new strategy is a robust and comprehensive response from Government to the growing cyber threats that we face. It is now time for businesses across the country to step up and play their part in keeping their businesses and the UK as a whole secure.”
The Institution of Engineering and Technology’s cyber security expert, Professor Roy Isbell, commented: “As part of the Government’s new cyber security strategy, there is a real opportunity to educate organisations in how they approach and prioritise cyber security planning.
“Training a new generation of cyber security experts is vital, but so is making sure that today’s leaders understand and can tackle the extent of the challenge we face.”