A suitable response to cybersecurity
The government gets it right
Published 14:42, 24 November 10
With the recent publication of the strategic defence review, “Securing Britain in an Age of Uncertainty: The Strategic Defence and Security Review,” the UK in many ways is taking the lead in Europe when it comes to cybersecurity by recognising its growing significance in the overall national security picture.
Identified as one of four Tier 1 priority risks facing the nation in the years ahead, cybersecurity is to receive £650m in additional funding over the next 4 years through a new national cybersecurity programme designed to strengthen the UK’s ability to deal effectively with cyberattacks.
This commitment is significant given the spending reduction in defence elsewhere and the overall budget cuts recently announced.
In addition to increased spending, the programme aims to promote a consistency of approach that we have not seen in the UK to date.
There will be a single point of contact for businesses and the public to report cyberincidents, a new group set up within the MOD to “ensure the coherent integration of cyberactivities across the spectrum of defence operations,” and a new management office set up within the Office of Cyber Security and Information Assurance to oversee the funding and implementation of the programme.
The review also calls for a closer cooperation between the public and private sector to leverage knowledge and resources and the creation of a Cyber Infrastructure Team within the Department for Business, Innovation and Skills (BIS) to provide strategic leadership and regulatory oversight.
Despite all the evidence that cyberthreats are dramatically increasing in both number and sophistication, many public and private sector organisations are still failing to respond appropriately. National governments have a leadership role to play in this regard and the current UK coalition government is to be commended for the actions it is taking.
Placing cybersecurity in the context of wider security concerns is valid and appropriate, as the Internet has become entwined in our social and economic fabric. As our Public Sector CTO, Dr. Prescott Winter has stated previously, “The fate of nations is not decided by wars alone, but by disease, technology, economics—and information, among other salient factors.”
Increasingly, information underlies and facilitates these other domains as never before. For example, the modern military is largely dependent on huge information flows for all phases of its activities—net-centric warfare is the model of the day. Treatment of disease and public health is now built on prodigious amounts of information, not just for the understanding and treatment of the disease itself, but for all the issues concerning patient status and tracking, insurance and liabilities, etc.
Technology and economics, our ability to innovate, create market and profit, are impossible today without detailed—and protected—information.
The ability to use that information in real time across the broad and frictionless channel that the Internet provides has driven a level of Internet usage that if compromised, would represent a serious security risk to any nation where use of the Internet is pervasive.
The UK government’s response reflects this risk and will hopefully serve as a catalyst to encourage others to take action.
Blog post by Iain Chidgey, General Manager, ArcSight EMEA