Friday, 25 November 2011

UK Government Cyber Security Strategy published today



The new government cyber strategy is out today. The main response is not a technological one but one of education: advising companies as well as government departments when and how they are under attack, and the simple steps, already within their gift, that they can take to repel these attacks.

A key element of the strategy is information sharing. When one organisation suffers an attack then the details and how to cope with it need to be made available to others so they can be suitably prepared should the attack turn in their direction. In a connected world, the very thing that makes cyber-attacks relatively easy can be used to help defend against them. Afterall tehre is no point in receiving a quarterly update that simply tell you what happened. What you want is
real-time infromation to allow to pre-empt an attack.

Why is all of this so important. It is not just that between 5 and 10% of our GDP is directly dependent upon the Internet, and is growing very fast. The real issue is the theft of intellectual property. Earlier this year the Cabinet Office issued a report showing that of the estimated £27bn loss of cybercrime £21bn was related to stealing other people’s ideas (http://www.cabinetoffice.gov.uk/resource-library/cost-of-cyber-crime ). Companies that are key to the UK economy such as Rolls Royce are constantly under attack with the attackers looking to steal valuable commercial ideas such as engine designs and alloy compositions which have taken many millions to develop. And the same is happening elsewhere with examples in recent days of the Norwegian oil industry losing commercially sensitive data through cybercrime.

But the danger does not stop there. In recent days we have seen yet more attacks on infrastructure with the techniques first seen disrupting the Iranian nuclear facilities now evolving to be used to disrupt things like the water supply in Houston, USA.

So, the UK Government strategy will not be about protection government assets alone. The UK Government has a significant role to play in helping UK PLC avoid major commercial losses and serious disruption.