Government publishes cyber security strategy update
Cyber plans will include a new national cyber crime unit and a dedicated 'reserve' of IT security specialists
Cabinet Office Minister Francis Maude has updated the government's National Cyber Security Strategy, which was launched a year ago.
In a written ministerial statement to Parliament, Maude focused on six areas within cyber security: understanding and researching the threats, tackling cyber crime, partnering with industry, education skills and awareness, international efforts, and plans for the future.
Among other plans for next year, Maude announced that the Police Central e-Crime Unit and the Serious Organised Crime Agency (SOCA) will come together in 2013 to form the National Cyber Crime Unit of the new National Crime Agency.
"This will deliver the next step in transforming law enforcement capability to tackle cyber and cyber-enabled crimes", he said.
Going forward, the government plans to establish a UK National CERT (Computer Emergency Response Team). The statement says this will "improve national co-ordination of cyber incidents and act as a focus point for international sharing of technical information on cyber security."
In addition, a new Cyber Incident Response scheme -an industry-run service that helps organisations who have suffered a cyber security incident- will move from pilot stage to become fully operational in 2013.
The government is also developing a permanent information sharing environment called CISP (Cyber-security Information Sharing Partnership) to be launched in January 2013.
"Initially, this will be open to companies within Critical National Infrastructure sectors, but we intend to make membership available more broadly, including to SMEs, in a second phase", according to the statement.
The Ministry of Defence is currently developing a 'Cyber Reserve' in order to "harness and attract the talents of the cyber security specialists that are needed for critical areas of work", but the document explains that this the exact composition of this programme "is currently in development and a detailed announcement will follow in 2013".
The government is also planning to set up a 'Cyber Growth Partnership' with UK technology industry representative Intellect.
In addition, there are plans to establish two centres of doctoral training, which will "deliver, in total, a minimum of 48 PhDs over their lifetime with the first cohort of students starting in October 2013".
As public awareness is identified as a priority, according to the statement, a programme of public awareness campaigns will be rolled out from spring 2013. More widely, the government intends to start making cyber security messages mainstream "across the breadth of its communication with the citizen".
For example, "HMRC will be automatically alerting customers using out of date browsers and directing them to advice on the threat this might pose to their online security."
Reviewing the implementation of the strategy over the past year, the statement says, "The Police Central e-Crime Unit has trebled in size, three regional cyber policing teams have been established, and training on cyber crime for mainstream police officers has been designed." The Serious Organised Crime Agency (SOCA) has also increased its cyber capability.
Furthermore, work is underway to create a new security model for the sharing of services across the Public Sector Network (PSN). This work includes the development of Single Sign-on through an employee authentication hub.
HMRC has established a new Cyber Crime Team, with the aim of enhancing its ability to tackle tax fraud by organised criminals. According to the update, the department's "enhanced anti phishing capabilities are now leading to the interception of five major threats a day and have helped the Department to shut down almost 1000 fraudulent web sites in the last 12 months."
Regarding military capability, according to the statement, "the MOD has established a tri-service Unit, hosted by GCHQ in Cheltenham. The Joint Cyber Unit training and skills requirements have been established and it is currently developing new tactics, techniques and plans to deliver military capabilities to confront high-end threats."
However, the document warns, "Government cannot do this alone. We know that industry is the biggest victim of cyber crime and intellectual property theft through cyber crime is happening on an industrial scale."
As a result, "we have successfully completed a pilot government and industry information sharing initiative to provide a trusted environment for organisations to share information on current threats and managing incidents."
The pilot, which involved approximately 160 companies in the sectors of Defence, Finance, Pharmaceuticals, Energy and Telecommunications, will proceed to the next stage in January 2013.
According to the update, as an example of its efforts to engage industry and the wider public, the government ran a publicity campaign called "the Devils in Your Details" in spring 2012. When assessed afterwards, over four million individuals were reached by the campaign, and of those, two-thirds surveyed said they would change their behaviour as a consequence.
Regarding education and skills, eight UK universities have been awarded "Academic Centre of Excellence in Cyber Security Research" through the Engineering and Physical Sciences Research Council, as part of efforts to "keep the UK at the forefront of international research in this field."
Other initiatives include a new technical apprenticeship scheme set up by GCHQ, which will recruit up to 100 apprentices who will be enrolled on a tailored two-year Foundation Degree course. The aim of these sorts of initiatives is to "broaden the gene pool of applicants for cyber security jobs", according to a senior government official.
The government is also sponsoring 'Cyber Security Challenge UK', an initiative which provides advice, support and guidance for anyone interested in a career in cyber security.
As part of its international efforts, the government set up a Cyber Capacity Building Fund in October 2012, which will support cyber security internationally. Part of the funding will go towards creating a new Global Centre for Cyber Security Capacity Building, to be located at one of the eight UK universities with centre of excellence status.
"This Centre will help to make UK expertise and technology in this field available to international partners", the statement says.