MoD reveals its part in the UK cyber strategy

Major Jonathan Shaw details his organisation's responsibilities under the new cyber security strategy

The Ministry of Defence (MoD) will work to educate its staff about cyber threats, and select cyber experts to work in its new Defence Cyber Operations Group, the MoD's Major Jonathan Shaw said today.

Shaw, who made the announcement at today's Cyber Security 2011 conference in Westminster, is also leader of the Defence Cyber Operations Group.

He explained that the bulk of the funding from the government's £650m cash injection into the UK's cyber capabilities, announced last year, will go to the Government Communications Headquarters (GCHQ). However, a significant sum has been earmarked for the MoD.

"57 per cent of the £650m went to GCHQ, but £90m went to the MoD to help increase understanding of the cyber threat - that is, to educate staff and train some as experts," he said.

He added that part of the MoD's allocation of funds will be used to adapt technology developed at GCHQ for military use.

Shaw described this as "active defence", preferring the term over "attack".

"GCHQ is moving into active defence, or disruption. The government's new cyber security strategy gives the MoD a national cyber responsibility. We need to ensure that the UK is able to protect the UK in cyber space," he said.

He explained that this does not imply the creation of a new MoD cyber empire, but rather that the organisation will develop expertise internally, and rely on international partners.

"No one department or even nation can handle the cyber threat, so we have a hierarchy of international relations," said Shaw.

"Foremost among those are the US and Australia, with whom we have signed a memorandum of understanding."

In Shaw's opinion, the UK's businesses and private citizens can play their own part by ensuring they are not contributing to the problem with poorly protected machines.

These are easy prey for cyber criminals and malicious foreign agencies, who can infect these machines and use them as part of their own attack networks.

"One of the chief threats comes from within - it's a domestic threat," said Shaw.

"Bad cyber hygiene is the most immediate threat we face. Ask how secure your workforce is. Only 25 per cent of people change the default passwords on their machines."

He argued that this is stymieing the UK's ability to defend itself, as it helps to create a large volume of attacks.

"Mass attacks are swamping our technical response. GCHQ say that 80 per cent of threats could be nullified by good cyber hygiene. Microsoft put this figure at more like 93 per cent," he concluded.

"If we can reduce the threat by that much, it will give us a much more manageable target. This is a problem for everybody, not just the specialists."