One year on: The UK Cyber Security Strategy

The government has today released documents detailing what it sees as highlights in the UK Cyber Security strategy it put into place last year, and its plans for the future.

It has also detailed how much money is expected to be spent in the first two years of the strategy by each department:

• Security and intelligence agencies have been allocated £157m for the two years to build on the national sovereign capability to detect and defeat high-end threats.
• £31m will have been spent on mainstreaming cyber throughout defence – an issue that rests with the Ministry of Defence.
• The Home Office deals with law enforcement and combating cyber-crime and will spend about £28m.
• BIS has been allocated £17m for engagement with the private sector
• £12m will have been used on improving the resilience of the Public Sector Network
• £9m will be spent on programme coordination, trend analysis and incident management/response
• £9m will be spent on education, skills and awareness – Cabinet Office
• International engagement and capacity building – FCO £2m

Tackling cybercrime and making the UK secure to do business in cyberspace

The rise of cyber espionage and the acquisition of information, has led the government into working with the private sector to raise awareness of cybercrime.

"The government has done a lot to raise the awareness of [cyber security] to businesses more broadly," a government official said in a briefing on Friday.

The report cites the Cyber Security Guidance for Business booklet that it launched in September, as an example of raising awareness. It also notes down the contributions of various organisations including the National Fraud Authority with its Action Fraud reporting tool, the Crown Prosecution Service and the ‘Hub' – a public and private sector information-sharing hub.

One of the claimed successes was the Police Central eCrime Unit (PCeU), which has already exceeded its four-year performance target, preventing £538m of harm in one year, at a return of investment of £72 of 'harm' averted for every pound invested.

But sceptics, including Ross Anderson, professor of security engineering at the University of Cambridge, point to a lack of significant spending on security as part of the UK's problem. Many believe that the funding that has been allocated (£650m over four years), should be spent on catching criminals, not just shoring up the defences.

But a senior government official fired back at that suggestion, stating the money has allowed the PCeU to treble in size, with three new regional policing hubs in the country to help nail down cyber criminals.

As part of its future plans in raising awareness, the government said it would develop and make public in early 2013 a "meta-standard" for cyber security.