I can tell how long I have been covering security when anniversaries come round of things I recall writing in preparation for.
In the case of the current story, it is the National Cyber Security Strategy, which was originally released in 2011 and came more than a year after Prime Minister David Cameron rated as one of the key focus areas for national security with an £860 million fighting fund.
Three years on, and this morning I attended an event at the Institute of Chartered Accountants in England and Wales where Cabinet Office Minister Francis Maude, the MP tasked with leading the cyber security outreach effort in the UK, delivered a talk and annual report to Parliament on progress against the Strategy’s objectives.
In a pre-prepared statement, Maude said that he was pleased with the “significant strides” towards all ambitions and goals during its third year, and throughout the course of the Programme’s existence.
The 2013-2014 period has seen the emergence of CERT-UK, the development of the information sharing programme CISP, the National Cyber Crime Unit, the standards Cyber Essentials and CBEST and the outreach programme Cyber Streetwise.
All may not agree with everything that Government does, and a conversation I had with a Government official this week demonstrated that they are keen to learn and move forward, but realised the importance of making a first step.
At the ICAEW event, I was fortunate to meet and see senior security representatives from across UK industry, from CERTs to accountancy firms, from banks to universities. What really astounded me was that at 8.30am on a wet Friday morning, all of these important and notable people were prepared to make the effort to come along and support such an effort.
ICAEW CEO Michael Izza acknowledged that cyber security i
s a top three priority for boards and ICAEW members, as cyber crime comes at a cost of £1 billion a year. “I would like to see all UK businesses understand their risks and have a contingency plan in place and have management of their data more efficiently,” he said.
Maude said that Governments can claim to have all of the answers but he admitted that no single Government, or all Governments together can achieve this, and “we can only do this by all working together”.
Highlighting some of the major breaches from the year, Maude said that there is not such a thing as a company who is not vulnerable and this has “long ceased to be issue for IT department alone, it is an issue for the board and there is a need for this to be high up on the agenda for an organisation”.
After visits to both London’s Tech City in Shoreditch and the Malvern cluster, Maude said: “We have reason to be positive, not because we have been brow-beaten into defending ourselves, but because we have something magnificent and something transformational that we want to strengthen.”
Maude was positive on the impact of Cyber Streetwise, saying that there has been more than five million views of the website, and two million people had taken steps to change their behaviour. He said that we should be resilient, but also realise that cyber security is a business worth £6 billion to UK economy and opportunities were being made possible by the Cyber Growth Partnership, a example of Government, industry and academia working together.
“Cyber security craves technical innovation and entrepreneurial ambition and it is backed by world-class skills and ambition, both of which the UK has in spades, so there is a UK market for cyber security abroad,” he said. “We have been working closely with higher and further education to build a knowledge base and build capabilities to better deal with the cyber threat.”
At the event, Maude praised the UK’s “rich heritage” in computing, citing Alan Turing and Tommy Flowers in code breaking, and the launch of the Cryptoy app to better help the public’s understanding of encryption.
Maude concluded by reiterating the cause of the UK being a safe and secure place to do business, and be an area of strength for Britain. He said: “We already punch above our weight in the cyber space, but we have the potential to be so much more, so let’s carry on together as by ceasing the opportunities for growth and innovation, Britain can genuniely be a 21st century cyber super power.”
The event saw other presentations from CERT-UK, Cyber Security Challenge and those involved both directly and from an investment perspective into the UK industry, but as Maude said, this is an initiative to drive business here with a solid UK offering.
Richard Horne, PwC cyber security partner, said: “There’s no doubt that the national strategy has helped raise awareness of the risks of cyber security att
acks. Increasingly we are seeing businesses asking for advice on how they can best protect themselves and develop the skills of their people.
“Much progress has been made and we are pleased to support initiatives such as the Cyber Security Challenge, which is helping to identify and develop the next generation of talented cyber security professionals. But much more needs to be done: cyber threats continue to evolve and no organisation can afford to stand still.”
Yes it is tricky, and perhaps at the time I was one of those casting doubt on the capabilities of a Government effort. However it has been a success three years in with a rising start-up scene both in and out of London, and with an connected force of academia, industry and Government inspiring the public.
It almost makes you proud to be British!