Chancellor sets out £1.9bn cyber security strategy update
New strategy doubles funding to help build skills and new technologies to address cyber threats, while setting out state’s own attack and investigation capabilities
The government has unveiled its latest five year National Cyber Security Strategy that will see £1.9bn in funding set aside to support workforce training, automated defences and new methods for deterring attacks from criminals and “hostile actors”.
Claiming to have doubled cyber security spending over the previous government cyber security plan, Chancellor Philip Hammond today pledged to step up efforts to protect the economy and citizen privacy up to 2021, while also calling on industry to improve its response to attacks.
The chancellor claimed that it was vital to ensure the country was able to keep up with the development and emergence of cyber threats by building on the previous £860m strategy set out during the last parliament.
“Britain is already an acknowledged global leader in cyber security thanks to our investment of over £860m in the last Parliament, but we must now keep up with the scale and pace of the threats we face,” he said.
“Our new strategy, underpinned by £1.9bn of support over five years and excellent partnerships with industry and academia, will allow us to take even greater steps to defend ourselves in cyberspace and to strike back when we are attacked.”
The funding for the strategy was previously set aside as part of the 2015 Strategic Defence and Security Review.
Among the key components of the strategy are efforts to ensure the government can strengthen its own defences against cyber attacks, as well as protecting Critical National Infrastructure targets like energy and transport networks. This will also include ensuring public sector service providers and individuals have greater awareness and capabilities to defend against online threats.
The chancellor also pledged to work with industry in adopting automated defences to the curb impacts of hacking, viruses and spam e-mails.
“Previously a website serving web-inject malware would stay active for over a month- now it is less than two days. UK-based phishing sites would remain active for a day- now it is less than an hour,” said the government in a statement.
“And phishing sites impersonating government’s own departments would have stayed active for two days - now it is less than 5 hours.”
The strategy has also recently looked to tackling spoof @gov.uk emails used to extract personal information.
The government has committed to deterrence aims such as "taking the fight to those who threaten Britain in cyber-space.”
Alongside strengthening law enforcement capabilities and building international partnerships, Whitehall has pledged to recruit 50 investigators and technical specialists for its National Cyber Crime Unit to oversee enforcement, while countering attacks on its operations.
“The UK will defend itself in cyberspace and strike back against those that try to harm our country,” added the government in a statement.
Skills development and boosting national capabilities are another core component of the strategy, with the formation of a Cyber Security Research Institute expected to focus on training and looking at improving smart phone, tablet and laptop security. It is suggested that solutions developed by this institute could potentially even remove the need for passwords in the longer-term.
“This builds on a range of cutting edge skills and education initiatives, including cyber apprentices, retraining schemes and an advanced cyber security teaching in schools, which are already being developed,” said the government.
With Whitehall in the process of setting out a new digital strategy later this year to continue efforts to modernise public services, working with central departments and devolved authorities is expected to be vital to prevent significant detrimental impacts to key online functions.
“To retain the trust of citizens in online public sector services and systems, data held by government must be protected and all branches of government must implement appropriate levels of cyber security in the face of continuous attempts by hostile actors to gain access to government and public sector networks and data,” said the strategy.
The new strategy has been unveiled the same week that a UK hospital trust was forced to issue a major incident notice and cancel operations and outpatient appointments as the result of its a virus that has infiltrated systems, affecting three separate sites.
“A virus infected our electronic systems on Sunday October 30 and we have taken the decision, following expert advice, to shut down the majority of our systems so we can isolate and destroy it,” said Northern Lincolnshire and Goole NHS Foundation Trust in a statement.
However, the organisation said it did not yet have a date for when it hoped to restore its systems to normal operation with an investigation ongoing around the virus.