Today, the Chancellor of the Exchequer, Philip Hammond, launched the UK’s new National Cyber Security Strategy – unveiling a £1.9 billion plan for the protection from cyber threats for the next five years. The new strategy, which almost doubles the investment of the previous 2011 strategy, has the vision that by 2021 “the UK is secure and resilient to cyber threats, prosperous and confident in the digital world”. It identifies three key areas of implementation: defence, deter, and develop.
‘Defence’ involves protecting critical national infrastructure (CNI), such as energy and transport, as well as government websites and emails. This part of the strategy’s implementation plan also looks at changing public and business behaviours, giving them the knowledge and ability to defend themselves.
‘Deter’ will see, in the words of Hammond, a “significant” amount of the investment in enhancing Britain’s sovereign capabilities, deterring terrorism, countering hostile foreign actors, and reducing cyber crime – making the UK a “hard target”. Where the strategy foresees taking the fight to those who threaten Britain in cyberspace, promising that the UK will “retaliate” against cyber attacks with “offensive cyber” capabilities.
‘Develop’ aims at building capacity and developing the skills of young people in schools and university, stimulating growth in the cyber security sector, as well as promoting and researching cyber security science and technology.
Underpinning these three strands of the implementation plan is the pursuit of ‘international action’ – where the government will “exert influence by investing in partnerships that shape the global evolution of cyberspace in a manner that advanced our wider economic and security interests.”
The UK will allocate a proportion of the £165 million Defence and Cyber Innovation Fund to support innovative procurement in defence and security. In his speech, Hammond also highlighted that industry in the broadest sense have a part to play in cyber security, and that “old legacy IT systems used by many organisations in the UK” are highly vulnerable to malicious actors. While promising government support, he stressed that companies have a duty to ensure their own networks are secure.
The new strategy is a continued recognition from the government of the threat that cyber risks pose to the livelihoods of citizens, British industry, and the country as a whole. Previously, in May 2016, Matt Hancock MP in his former role as Minister for Cabinet Office, officially announced the launch of a National Cyber Security Centre which will act as a one-stop-shop for businesses seeking advice and support when dealing with cyber security issues. In 2015, the National Security Strategy identified cyber security as a tier 1 risk – the same level of risk as terrorism and global instability.