The UK government has pledged £1.9bn to fund a far-reaching National Cyber Security Strategy that aims to protect businesses, infrastructure and private citizens.
It sets out a plan to deal with a broad range of threats, from malware and phishing to state sponsored attacks and hacks on critical infrastructure including airports and the energy sector.
The government said it would work to encourage industry to improve its cyber defences and “build greater security into the supply chain”.
The strategy cited recent attacks on infrastructure, including the TalkTalk data breach, a theft through Bangladesh’s SWIFT banking system and the shut down of a power plant in Ukraine, as examples of why cyber security is increasingly important.
The government’s three-pronged strategy focuses on defence, deterrence and development.
It said it would introduce an “active cyber defence” that adapts to the changing nature of cyber threats. It also said it would work with industry, in particular the communication service providers, to protect network infrastructure.
For critical infrastructure and other priority industries, including data holders, media organisations, e-commerce and financial services and companies deemed economically important, the government said it would:
- Share threat information “that only the government can obtain”
- Produce advice and guidance on managing cyber risk
- Stimulate the introduction of training facilities, testing labs and consultancy services
- Conduct exercise with firms to help them manage their risk and vulnerabilities
The strategy said it would also increase the scale of GCHQ, the Ministry of Defence and the National Crime Agency's ability to disrupt more sophisticated campaigns, and introduce “automated protections” for individuals or businesses using online government services.
It also planned to reduce the amount of cyber crime by increasing the cost to perpetrators. The strategy said it would “focus relentlessly on pursuing [cyber] criminals” and, for more serious threats to national security, “[make] clear that the full spectrum of our capabilities will be used to deter adversaries”.
As part of the development strand, the strategy outlined plans to increase the UK’s domestic cyber security industry. It said the government would invest in education, training and research to address the country's “cyber skills shortage”.
There haves been a string of other high profile hacks recently. The suspected Russian group Fancy Bears, that took over a French station TV5Monde last year, hacked the World Anti-Doping Agency and started releasing athletes' drug test results.
Last month a number of large internet companies including Spotify, Twitter and Netflix, were temporarily knocked offline when unsecured Internet of Things devices were used to launch a denial of service attack on the company that managed their domain names.
Cyber security has also directly affected this year’s US presidential election campaign. The Democratic National Committee fell victim to an hack and subsequent leaking of emails, and the group WikiLeaks leaked emails kept on the controversial private email server Democratic nominee Hillary Clinton kept when she was secretary of state.
☛ Want to stay up to date with the news? Sign up to our daily bulletin.