The government has unveiled its Cyber Security Strategy as it looks to protect the UK's infrastructure from the growing threat of online attacks. CBR looks at the key quotes
The Cyber Security Strategy on changing threats:
Criminals from all corners of the globe are already exploiting the internet to target the UK in a variety of ways. There are crimes that only exist in the digital world, in particular those that target the integrity of computer networks and online services. But cyberspace is also being used as a platform for committing crimes such as fraud, and on an industrial scale. Identity theft and fraud online now dwarf their offline equivalents.
The internet has provided new opportunities for those who seek to exploit children and the vulnerable. Cyberspace allows criminals to target the UK from other jurisdictions across the world, making it harder to enforce the law. As businesses and government services move more of their operations online, the scope of potential targets will continue to grow.
The Cyber Security Strategy on where the threats are coming from:
Some of the most sophisticated threats to the UK in cyberspace come from other states which seek to conduct espionage with the aim of spying on or compromising our government, military, industrial and economic assets, as well as monitoring opponents of their own regimes. 'Patriotic' hackers can act upon states' behalf, to spread disinformation, disrupt critical services or seek advantage during times of increased tension. In times of conflict, vulnerabilities in cyberspace could be exploited by an enemy to reduce our military's technological advantage, or to reach past it to attack our critical infrastructure at home.
The Cyber Security Strategy on the UK's cyber defences:
The UK is well placed to respond to many of the challenges that cyberspace presents. Our private sector, key government agencies, and academia all have world-leading strengths in cyberspace; we must bring these together to capitalise on the opportunities and get the most for the UK.
But government capacity, though it includes these real strengths, is not sufficient or sufficiently scaled to meet the growing security challenges of the digital age. Although government already provides advice to organisations that run our infrastructure on how to manage the risks in cyberspace, the adoption of this approach needs to be broader. Our current capacity to enforce the law is too distributed, meaning that criminals still regard exploiting cyberspace as a profitable and low-risk option.
The Cyber Security Strategy on the vision for UK cyber security in 2015:
Our vision is for the UK in 2015 to derive huge economic and social value from a vibrant, resilient and secure cyberspace, where our actions, guided by our core values of liberty, fairness, transparency and the rule of law, enhance prosperity, national security and a strong society.
- Objective 1: The UK to tackle cyber crime and be one of the most secure places in the world to do business in cyberspace.
- Objective 2: The UK to be more resilient to cyber attacks and better able to protect our interests in cyberspace.
- Objective 3: The UK to have helped shape an open, stable and vibrant cyberspace which the UK public can use safely and that supports open societies.
- Objective 4: The UK to have the cross-cutting knowledge, skills and capability it needs to underpin all our cyber security objectives.
The Cyber Security Strategy on working to build international consensus on proportionality in cyberspace:
We will work internationally to develop international principles or 'rules of the road' for behaviour in cyberspace. As a start, the UK believes that all governments must act proportionately in cyberspace and in accordance with national and international law. This includes respect for intellectual property and for fundamental human rights to freedom of expression and association.
"The UK has already set a lead in this area with the London Conference on Cyberspace in November 2011. It will continue to work in the UN and other international fora on the agenda set out in London, to develop norms of acceptable behaviour. We are clear that the debate must involve all those with a stake in an open, trusted and stable cyberspace, including industry, business and representatives of civil society.
The Cyber Security Strategy on protecting the government's cloud infrastructure:
The UK is about to see a big expansion of public services online as the Government rolls out its 'digital by default' agenda. Many of these services will migrate to cloud computing in due course, and Government recently published a Cloud Computing Strategy 14 setting out how this shift will be effected without compromising security.
This is the right thing to do to improve efficiency and service delivery to customers. But we need to make sure that these services are safe and resilient against fraud and cyber attack. Government is rationalising the numerous technology platforms used to deliver Government services. This will also enable increased protection and improve protective monitoring. We will set targets for the speed with which systems apply security patches to all of their supported software and machines. To ensure that service users can be identified and fraud prevented, the NCSP is funding work on a trusted and resilient approach to identity assurance and other supporting measures.
The Cyber Security Strategy on prevention and public awareness:
Prevention is key. Most common cyber incidents could be prevented by quite simple 'cyber hygiene'. In order to help people protect themselves we will:
- Help consumers respond to the cyber threats that will be the 'new normal' by using social media to provide warnings about scams or other online threats.
- Look at the best ways to improve cyber security education at all levels so that people are better equipped to use cyberspace safely
- Work with internet companies to explore the potential for online sanctions for online offences.
- Work with Internet Service Providers (ISPs) to help individuals identify whether their computers have been compromised and what they can do to resolve the compromise and protect themselves from future attacks.
- Provide clear cyber security advice for use by anyone using the internet so that people can decide how they want to use cyberspace, informed of the risks.
- Improve the information available to people buying security products by encouraging the development of security 'kitemarks'. BIS will work with domestic, European and global and commercial standards organisations to stimulate the development of industry-led standards and guidance that help customers to navigate the market and differentiate companies with appropriate levels of protection and good cyber security products.