Philip Hammond outlines the government’s new cybersecurity strategy and how £1.9 billion will boost defences, enable law enforcement and aid country
The government has pledged to invest £1.9 billion in boosting the UK’s cybersecurity defences and to develop cyberattack capabilities that would allow it to fight back if struck by a foreign adversary.
Chancellor Phillip Hammond said a strategy centred on the principles of defend, deter and develop would protect the country from outside threats, businesses from cybercrime and allow the UK to become a leader in the development of innovative technologies like the Internet of Things (IoT) and artificial intelligence (AI).
Next stage of war will be cyber
“A small number of hostile foreign actors have fostered cyberattack capabilities,” said Hammond, speaking at Microsoft Future Decoded in London, alluding to recent incidents that have been widely attributed to Russia.
“If we do not have the ability to respond to attacks in cyberspace, we’d be left with the impossible choice of turning the other cheek or turning to military response. That is not a choice we want to make. That is why we need to develop a fully functioning cyber-attack capability.
“We will strike back in kind when we are attacked.”
Hammond said incidents like the catastrophic data breach at TalkTalk last year and the recent expansion on DDoS attacks – one of which took down some government services – demonstrate the scale of the threat at hand, as did his previous experience as foreign secretary.
“In the UK, we are not starting from scratch. In the last parliament, we invested £860 million over 5 years to enhance our capability to improve our incident response and tackle cyber crime,” he said.
Cyber security strategy
“In recognition of the risks, the government’s 2015 strategic defence and security review classified cyber as tier 1 threat – the same as terrorism.
“Trust in the Internet and on the infrastructure on which it relies is fundamental to our economic future. We need a secure cyberspace and we need to work together.
“The government action has made the UK a globally-acknowledged leader in cybersecurity. But we must keep up. So today, I’m launching the UK’s new cyber security strategy. We will strengthen the defences of government, [utilities] and the economy. We will work with the industry on technology that will reduce the impact of cyberattacks and to increase investment.”
Hammond also detailed the role of the new central-London based National Cyber Security Centre and education programes to teach students about how to use the web safely and to develop the skills to make the UK a cybersecurity leader. This, he argued, would promote the government’s overall aims of developing the UK’s technology sector.
But in line with the governments other recent tech-related initiatives, such as broadband and mobile rollout, Hammond argued businesses themselves should themselves take action.
“Government cannot be solely responsible,” he declared. “Chief executives and board members must accept they have a responsibility [to cybersecurity] just as they do with every other type of risk. Similarly, technology companies must incorporate best security design into their products. Getting this right will be crucial to keeping UK at head of cybersecurity.”
“I personally like the tone of the announcement,” said Amichai Shulman, CTO of Imperva. “It seems that the money is aimed at increasing cyber safety for the general public rather than adding protection to ‘critical infrastructure’ I’ve talked about it numerous times in the past.
“Most modern nations spend much more on the attack side rather than the defense side. When they do spend on defensive technologies it is to protect ‘national interests’ and ‘critical infrastructure’. While these are important causes, over the years modern nations have failed to invest in ‘cyber safety’ for the masses – making the Internet a safer place for people who conduct commerce and surf for information and fun.
“If, as stated by the UK official the additional funds are going to be invested in better policing of cyber space as well as helping commercial organizations to get protection then this is a much desired long deserved investment.”
“Although we have some of the best cyber security capabilities in the world, we cannot be complacent about the evolving cyber threat,” added Julian David, CEO of technology industry body techUK.
“This new strategy is a robust and comprehensive response from Government to the growing cyber threats that we face. It is now time for businesses across the country to step up and play their part in keeping their businesses and the UK as a whole secure.”