One year on: The UK Cyber Security Strategy

Government's plans include an MoD recruitment drive for 'cyber reservists'

The government has today released documents detailing what it sees as highlights in the UK Cyber Security strategy it put into place last year, and its plans for the future.

It has also detailed how much money is expected to be spent in the first two years of the strategy by each department:

Tackling cybercrime and making the UK secure to do business in cyberspace

The rise of cyber espionage and the acquisition of information, has led the government into working with the private sector to raise awareness of cybercrime.

"The government has done a lot to raise the awareness of [cyber security] to businesses more broadly," a government official said in a briefing on Friday.

The report cites the Cyber Security Guidance for Business booklet that it launched in September, as an example of raising awareness. It also notes down the contributions of various organisations including the National Fraud Authority with its Action Fraud reporting tool, the Crown Prosecution Service and the ‘Hub' – a public and private sector information-sharing hub.

One of the claimed successes was the Police Central eCrime Unit (PCeU), which has already exceeded its four-year performance target, preventing £538m of harm in one year, at a return of investment of £72 of 'harm' averted for every pound invested.

But sceptics, including Ross Anderson, professor of security engineering at the University of Cambridge, point to a lack of significant spending on security as part of the UK's problem. Many believe that the funding that has been allocated (£650m over four years), should be spent on catching criminals, not just shoring up the defences.

But a senior government official fired back at that suggestion, stating the money has allowed the PCeU to treble in size, with three new regional policing hubs in the country to help nail down cyber criminals.

As part of its future plans in raising awareness, the government said it would develop and make public in early 2013 a "meta-standard" for cyber security.

One year on: The UK Cyber Security Strategy

Government's plans include an MoD recruitment drive for 'cyber reservists'

Making the UK more resilient

The government report states that the GCHQ has invested in new capabilities to better identify and analyse hostile cyber-attacks on UK networks. Other schemes to help better understand cyber threats include the MoD's tri-service Joint Cyber Unit, which is hosted by GCHQ in Cheltenham.

In January 2013, an information-sharing environment dubbed Cyber Information Sharing Partnership will be launched. This will initially involve companies within Critical National Infrastructure but the government says that it intends to make it available more broadly, including to SMEs in a second phase.

Helping to shape an open, vibrant and stable cyberspace that supports open societies

The report points to the London conference on Cyberspace as a success in this area, as is the allocation of £2m per annum for an international Cyber-Security Capacity-Building Centre, which it hopes will enable industry to back initiatives to tackle cybercrime and improve cyber security across the globe.

For the future, the government wants to "expand and strengthen" the UK's bilateral and multilateral networks and to develop international collaboration through the work of EU, NATO and other bodies.

It also will play an active role in discussions on the new EU cyber strategy.

Cyber-skills deficit

Senior government officials told delegates of their plans to address the cyber security skills deficit in the UK.

"As part of [meeting the skills gap] we have integrated modules of cyber security into ICT teaching at schools," a senior government official said.

Mark Brown, director of information security at professional services firm Ernst & Young, told Computing that the skills gap has to be addressed in order for the government and businesses to cope with the change of pace in technology.

"We have to address the choice of students from the age of nine. We are in a world where our children are digital natives but they understand applications and functions of IT rather than what goes on behind IT. We need to create awareness for students to choose to take educational subjects for a career in information security," he said.

In the government report, it states that going forward it will ensure that all graduate software engineers have had adequate training in cyber security. It also states that it will put in place a scheme to certify cyber security training courses.

The Cyber Security Challenge has also helped to boost the pipeline of candidates that can work in cyber security roles, the government said.

"More than 10,000 people have now registered for the Challenge and many have chosen to move into the industry as a result of successfully completing the tasks we place in front of them. From RAF technicians and actors, to students and postmen, we have identified raw talent to boost the growing cadre of UK cyber defenders that would otherwise have remained undiscovered," Cyber Security Challenge CEO Stephanie Daman told Computing.

A key new aim, government officials said, is to recruit "cyber reservists" to the MoD.

"The services will engage additional experts to support their work in defending against the growth in cyber threats. A further announcement will be made in spring 2013," the report explained.