Thursday, March 13, 2014

Key Features of U.K. approach to Cyber Security


    The U.K. internet economy accounts for 5.7% of the total U.K. GDP. Looking at the two major sectors of the U.K. internet economy, the value chain is 2.6% and e-commerce is 3.1% of the GDP. The monetary total is estimated to be at £82 billion. Every £1 spent on internet connectivity supports another £5 spent in other channels as part of the U.K. ecosystem (Page, 2012).  Given these factors it is clear the nation's overall economy is now reliant on the internet economy.


The U.K. Department of Business, Information and Skills (BIS) commissioned a survey in 2013 with PricewaterhouseCoopers to determine the impact cyber attacks may be having on businesses. The survey found 93% of large businesses (250+ employees) have had a breach in the last year. Of the Small businesses (1-49 employees) surveyed, 87% reported breaches. Even more frightening was the large businesses averaged 133 breaches and the small businesses 17. The worst breaches cost £450,000 - £850,000 per attack on large businesses and £35,000 to £65,000 per attack on small businesses. However, the survey also shows that 36% of breaches were human error related and lack of security training and awareness was often to be at fault (Charlton, 2013).


The U.K. has identified cyber attacks from other state nations and large scale cyber crime as a tier one threat. The only other tier one threats are terrorism, a major accident/natural hazard, and a military crisis that would draw the U.K. into a conflict (“A Strong Britain”, 2010, p.27).


The U.K has defined 8 main policy actions to help ensure the Cybersecurity of the U.K. (“Keeping the UK safe”, 2014).


  1. Increasing international cybersecurity capacity with a £2 million yearly budget. The Global Cyber Security Centre at the Oxford Martin school is funded to help the U.K. and international community, using benchmarking models, to properly design and implement cyber security for governments and private business (“The Global Cyber Security”, n.d.).
  2. Identification and analysis of threats and increased network defense strength. Over half of the National Cyber Security Programme funding goes to the security and intelligence services. The Government Communications Headquarters (GCHQ) hosts the Ministry of defense tri-service cyber-unit. MI5 investigates cyber threats from foreign agents and shares findings with Centre for the Protection of National Infrastructure (CPNI) which was implemented to help organizations increase their cyber security defenses. Computer Emergency Response Team UK (CERT-UK) is new to 2014 to help coordinate responses to cyber threats both in the UK and internationally. The The Office of the Government Senior Information Risk Owner (OGSIRO) was created to help all major public ICT shared IT systems with proper cyber risk management. The government has established Public Sector Network (PSN) to publish standards and guidelines for common cyber security problems. However, PSN’s main role is to provide a security model for sharing services (“Identifying and analysing threats”, 2014).
  3. Creation of National Cyber Crime entities. The National Cyber Crime Unit (NCCU) was formed in 2013 to address serious incidents of cyber crimes, work proactively to prevent cyber crime, proactively target cyber criminal vulnerabilities, and supporting agencies across the country to be better protected against cyber crime (“National Cyber Crime Unit”, n.d.).
  4. Advancement of cyber technical skills, education and professional opportunities. The government works with schools to improve teaching tools, promote computer science coding through General Certificate of Secondary Education (GCSE), and sponsor competitions such as the Cyber Security Challenge and National Cipher Challenge. The government is working with universities to develop cyber security programs, doctoral training and research centers for critical cyber security areas (“Improving cyber skills”, 2014).
  5. Increase economic growth in the cyber security sector. The U.Kk Trade & Investment (UKTI) vision is to have the U.K. industry as a leader of the global cyber security supply base. The UKTI wants to help countries to combat cyber crime, cyber terrorism and state-sponsored espionage and at the same time increase the economic growth of the U.K. in the cyber security sector (UK Trade and Investment, 2013).
  6. Increased awareness and cyber security guidance for businesses and the public. The government is raising public awareness that builds on existing programs such as GetSafeOnline and The Devil is in the Details National Fraud Authority (NFA) program. The government has also developed a 10 steps to cyber security ebook to help companies protect their assets, as well as advice tailored to small businesses. There is also cyber security guidance provided for corporate financial activities (“Providing cyber security advice”, 2014).
  7. Cooperative work with industry to develop minimum standards and principles. This work is expected to be released the end of March 2014. Also, essential services/infrastructure entities are encouraged to join the Cyber Security Information Sharing Partnership (CISP). Also, a set of guidelines was developed for best practices by ISPs to help inform, educate and protect ISP customers (“Working with industry”, 2014).
  8. Establish cybersecurity information sharing between government and industry sectors. The CISP is now open to companies besides critical infrastructure and will feed information into the CERT-UK when it opens (“Establishing a cyber security information sharing”, 2014).


The United Kingdom has positioned themselves well for today and years to come with the policies, standards, guidelines, education programs, and organizations they have implemented or assisted with. They are capable to combat cyber threats internally and also capable to provide the international community with the education, technology and skills to combat cyber threats.



References


A Strong Britain in an Age of Uncertainty : The National Security Strategy (2010, October). Retrieved February 18, 2014, from https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/61936/national-security-strategy.pdf
Charlton, Alistair (2013, December 16). IT Security Breaches Strike 93% of Large UK Companies, International Business Times. Retrieved February 18, 2014, from http://www.ibtimes.co.uk/security-breaches-cyber-attack-uk-large-small-530541
Establishing a cyber security information sharing partnership - Keeping the UK safe in cyber space - Policies - GOV.UK (2014, February 5). Retrieved February 18, 2014, from https://www.gov.uk/government/policies/keeping-the-uk-safe-in-cyberspace/supporting-pages/establishing-a-cyber-security-information-sharing-partnership
Keeping the UK safe in cyber space - Policy - GOV.UK (2014, February 5). Retrieved February 18, 2014, from https://www.gov.uk/government/policies/keeping-the-uk-safe-in-cyberspace
Identifying and analysing threats and strengthening our networks - Keeping the UK safe in cyber space - Policies - GOV.UK (2014, February 5). Retrieved February 18, 2014, from https://www.gov.uk/government/policies/keeping-the-uk-safe-in-cyberspace/supporting-pages/identifying-and-analysing-threats-to-our-networks
Improving cyber skills, education and professional opportunities - Keeping the UK safe in cyber space - Policies - GOV.UK (2014, February 5). Retrieved February 18, 2014, from https://www.gov.uk/government/policies/keeping-the-uk-safe-in-cyberspace/supporting-pages/setting-up-centres-of-doctoral-training
National Cyber Crime Unit (n.d.). Retrieved February 18, 2014, from http://www.nationalcrimeagency.gov.uk/about-us/what-we-do/national-cyber-crime-unit
Page, Mark (2012, January). The Internet Economy in the United Kingdom, A.T. Kearney. Retrieved Febuary 17, 2014, from http://www.atkearney.com/en_GB/paper/-/asset_publisher/dVxv4Hz2h8bS/content/the-internet-economy-in-the-united-kingdom/10192
Providing cyber security advice for businesses and the public - Keeping the UK safe in cyber space - Policies - GOV.UK (2014, February 5). Retrieved February 18, 2014, from https://www.gov.uk/government/policies/keeping-the-uk-safe-in-cyberspace/supporting-pages/providing-cyber-security-advice-for-businesses-and-the-public
The Global Cyber Security Capacity Centre | Oxford Martin School (n.d.). Retrieved February 18, 2014, from http://www.oxfordmartin.ox.ac.uk/institutes/cybersecurity
UK Trade and Investment (2013, April). Cyber Security The UK’s approach to exports. Retrieved February 18, 2014, from http://www.gchq.gov.uk/press_and_media/news_and_features/Documents/Cyber_Security-the_UKs_approach_to_exports.pdf
Working with industry on minimum standards and principles - Keeping the UK safe in cyber space - Policies - GOV.UK (2014, February 5). Retrieved February 18, 2014, from https://www.gov.uk/government/policies/keeping-the-uk-safe-in-cyberspace/supporting-pages/working-with-industry-on-minimum-standards-and-principles

No comments:

Post a Comment