In a bid to become one of the “safest places in the world to do business”, the UK government will today launch its new five-year National Cyber Security Strategy.
It will be unveiled later today by the chancellor Philip Hammond.
He will set out a number of measures that government will take while encouraging businesses to “up its game to prevent damaging cyber-attacks”.
The strategy will confirm a previously announced budget of £1.9 billion, nearly double the amount invested in the previous cyber strategy, much of which will be spent on existing programmes at the intelligence agencies.
The strategy will recognise the increasing vulnerability of the network of connected devices, the skills gap, risks from the use of legacy IT and the ubiquity of hacking tools available to attackers.
The strategy also spells out the role of the new National Cyber Security Centre (NCSC) and how it will support organisations as they struggle to deal with cyber defence.
The National Cyber Security Centre (NCSC) became operational on 1 October 2016 and is part of GCHQ. Its vision is to help make the UK the safest place to live and do business online. Led by chief executive Ciaran Martin, the NCSC will have a team of approximately 700 people in the Nova Building, Victoria, London with full occupancy expected by early 2017.
The strategy has been broken down into three areas: defence, deter and develop.
On defence, the chancellor will spell out how government will reorganise its own defences, dealing with the plethora of government departments' IT security arrangements and shortcomings in cyber-security.
He will point to recent government successes in cyber:
“Previously a website serving web-inject malware would stay active for over a month- now it is less than two days. UK-based phishing sites would remain active for a day- now it is less than an hour. And phishing sites impersonating government's own departments would have stayed active for 2 days- now it is less than 5 hours. The Chancellor will point to the recent success of government in reducing the ability of attackers to spoof @gov.uk emails – extracting valuable information from duped receipts. Our recent work saw the spoofing of firstname.lastname@example.org go from 50,000 per day to effectively zero in the past six weeks.”
On deterrence, the government will strengthen law enforcement capabilities and international relations. He will say in his speech that the UK will not only defend itself in cyberspace but would also be prepared to “strike back against those that try to harm our country”, according to a press statement.
To that end, the government will recruit over 50 cyber-crime investigators for the National Cyber Crime Unit (NCCU). This is part of the government's plans to invest tens of millions of pounds in cyber-crime law enforcement at local and national level.
Finally, on the develop strand, the government will place strong emphasis on research and development and education.
A new Cyber Security Research Institute – a virtual collection of UK universities – will look at ways to increase the security of smartphones, tablets and laptops.
In addition, the UK's first cyber security Innovation Centre will be created in Cheltenham and the UK will launch a Cyber Innovation Fund next year to help develop new technology.
Chancellor of the Exchequer, Philip Hammond said: “Britain is already an acknowledged global leader in cyber security thanks to our investment of over £860m in the last Parliament, but we must now keep up with the scale and pace of the threats we face. Our new strategy, underpinned by £1.9 billion of support over five years and excellent partnerships with industry and academia, will allow us to take even greater steps to defend ourselves in cyberspace and to strike back when we are attacked.”
Ben Gummer, Minister for the Cabinet Office & Paymaster General, said: "No longer the stuff of spy thrillers and action movies, cyber-attacks are a reality and they are happening now. Our adversaries are varied - organised criminal groups, 'hactivists', untrained teenagers and foreign states.
"The first duty of the Government is to keep the nation safe. Any modern state cannot remain secure and prosperous without securing itself in cyberspace. That is why we are taking the decisive action needed to protect our country, our economy and our citizens.”