By Kylie Bull, International Writer for Security magazine
Last November, the British government announced a £1.9 billion increase in cybersecurity spending.
Following the referendum vote to leave the European Union, the government has undergone many changes since that announcement, not least a new prime minister (Theresa May) and Chancellor (Philip Hammond).
On November 1, 2016, Hammond formally launched the UK’s new National Cyber Security Strategy, which reaffirms the £1.9 billion spending increase and details action to protect the UK economy and the privacy of British citizens, while encouraging industry to up its game to prevent damaging cyber attacks.
"If we do not have the ability to respond in cyberspace to an attack which takes down our power network - leaving us in darkness or hits our air traffic control system grounding our planes - we would be left with the impossible choice of turning the other cheek, ignoring the devastating consequences, or resorting to a military response," said Hammond.
Cybersecurity is recognized as one of the greatest threats to business around the world, with the global cost of crimes in cyberspace estimated at $445 billion, according to the World Economic Forum’s 2016 Global Risks Report.
The world over, society it increasingly vulnerable to cyber attacks thanks to the expanding range of connected devices which are creating more opportunities for exploitation; more demand for training and skills; old legacy IT systems used by many organizations and the readily available suite of user-friendly hacking tools, which means everyone from the living room to the boardroom is exposed to malicious hackers.
The Chancellor emphasized the responsibility that CEOs have to make sure their organizations are secure against cyber attacks, and the additional support government will give industry and wider society through the new National Cyber Security Centre.
The new strategy sets out how the British government will strengthen its own defenses as well as making sure industry takes the right steps to protect critical national infrastructure in sectors like energy and transportation.
“We will do this through working in partnership with industry,” said Hammond, “including companies such as the innovative SME Netcraft - to use automated defense techniques to reduce the impact of cyber attacks by hackers, stopping viruses and spam emails ever reaching their intended victims for example.”
Other measures set out in the strategy include the intention to install products on government networks that will provide assurance that software is running correctly, and not being maliciously interfered with. In addition, the government will invest in technologies like Trusted Platform Modules (TPM) and emerging industry standards such as Fast Identity Online (FIDO), which do not rely on passwords for user authentication, but use the machine and other devices in the user’s possession to authenticate.
In his announcement, the Chancellor pointed to the recent successes of government. “Previously a website serving web-inject malware would stay active for over a month, now it is less than two days. UK-based phishing sites would remain active for a day, now it is less than an hour. And phishing sites impersonating government’s own departments would have stayed active for two days, now it is less than five hours.”
The Chancellor also pointed to the recent success of government in reducing the ability of attackers to spoof @gov.uk emails, extracting valuable information from duped receipts. Recent work saw the spoofing of email@example.com go from 50,000 per day to effectively zero in the past six weeks.
Significant investment will also go towards taking the fight to those who threaten Britain in cyberspace and relentlessly pursuing anyone who persists in attacks. This will be done in part through strengthening law enforcement capabilities to raise the cost of cybercrime, building international partnerships and being clear that the UK will defend itself in cyberspace and strike back against those that try to harm the country.
This year the UK is recruiting more than 50 specialist cyber crime investigators and technical specialists working within the National Cyber Crime Unit. This is part of tens of millions of pounds of investment in the nation’s cybercrime law enforcement capability, locally and nationally.
The new strategy places strong emphasis on developing the nation’s capabilities to keep pace with cyber threats. Investment will also be made in the next generation of students and experts.
Alongside the strategy, the Chancellor also announced a new cyber security research institute - a virtual collection of UK universities that will look to improve the security of smart phones, tablets and laptops through research that could one day make passwords obsolete.
This builds on a range of cutting-edge skills and education initiatives, including cyber apprentices, retraining schemes and an advanced cybersecurity teaching in schools, which are already being developed.
The government is creating the UK’s first cybersecurity Innovation Centre in Cheltenham, will launch a Cyber Innovation Fund next year to develop innovate technologies and products and are funding training and support for cyber start-ups and academics to help them commercialize cutting edge research and attract investment from the private sector.
The launch of the new cybersecurity strategy followed a warning from the head of MI5, Andrew Parker, in an interview with The Guardian newspaper. Parker warned that while actions by the so-called Islamic State group continue to be in focus, more covert activities by other regions, notably Russia, are an increasing threat.
“It is using its whole range of state organs and powers to push its foreign policy abroad in increasingly aggressive ways – involving propaganda, espionage, subversion and cyber attacks,” Parker told the newspaper. “Russia is at work across Europe and in the UK today. It is MI5’s job to get in the way of that.”
“Russia increasingly seems to define itself by opposition to the west and seems to act accordingly,” he continued. “You can see that on the ground with Russia’s activities in Ukraine and Syria. But there is high-volume activity out of sight with the cyber threat. Russia has been a covert threat for decades. What’s different these days is that there are more and more methods available.”
The Kremlin has dismissed Parker’s comments, adding that without proof, allegations are “unfounded” and “groundless”.