UK commits £1.9B to National Cyber Security Strategy, working with Microsoft and more

The recent rush of allegations against countries like Russia and China and their possible roles in cyber attacks on countries like the U.S. have prompted a big move from the UK: the government said today that it plans to invest £1.9 billion ($2.3 billion) over the next five years in a new cyber defence plan, called the National Cyber Security Strategy, to prepare for and fight back against cyber attacks in the future.

The investment, detailed by Chancellor Philip Hammond today in a speech at a Microsoft event in London (and here), will also involve new partnerships with private and public organisations (including Microsoft) to develop technology.

“Our new strategy, underpinned by £1.9 billion of support over five years and excellent partnerships with industry and academia, will allow us to take even greater steps to defend ourselves in cyber-space and to strike back when we are attacked,” he said.

The size of the investment makes this the largest funding that the UK has earmarked for cyber security services, but it’s not the only one: in October the Defence Secretary earmarked £265 million specifically for cyber vulnerability at the Ministry of Defence. They are also not sudden actions: today’s news comes nearly a year after the government first started to talk about how it needed to get more proactive in cyber security defence.

Today’s news has a two-fold purpose, Hammond noted today in his presentation. It’s in part about protecting the government, but also about protecting the wider UK digital economy, since cyber attacks would directly impact confidence in the latter.

“Tech is the future of the UK economy,” he said in his speech at Microsoft’s Future:Decoded event today, as he described a landscape where businesses and people will feel “safe” to do business.

Interestingly, while there will likely be many other companies involved, it seems that the biggest to get billing and a name check today is Microsoft.

“The mobile-first, cloud-first world holds enormous potential for organisations and individuals to generate new and exciting growth opportunities,” said Cindy Rose, UK CEO, Microsoft, in a statement. “However, there is a corresponding risk that as people increase their technology usage they also increase their exposure to cyber security threats. It is critical for all organisations to strengthen their core security hygiene as well as creating a pervasive security culture through education and awareness.

“All participants in the security ecosystem also need to work together to ensure everyone can trust the technology they use. The Chancellor’s announcement is the kind of initiative that the UK needs to protect British citizens from the growing threats we face. We welcome the government’s focus on tackling this significant issue which affects business and individuals alike.”

There are three areas where the government will be targeting investment, Hammond said today:

Defence will be about the government investing in its own systems and those of larger utility-based industries that partly come under its regulatory remit such as energy and transport, as part of a Critical National Infrastructure strategy. One company the government is highlighting here is Netcraft for “automated defence techniques to reduce the impact of cyber-attacks by hackers, stopping viruses and spam emails ever reaching their intended victims for example.” This will also include defenses against phishing attacks.

Deter covers law enforcement capabilities to fight cybercrime in the National Cyber Crime Unit, as well as more international partnerships. “The UK will defend itself in cyberspace and strike back against those that try to harm our country,” a statement notes. The government is already recruiting cybercrime investigators and tech specialists, it said.

Develop is focused on education and future R&D. A new Cyber Security Research Institute will be “a virtual collection of UK universities which will look to improve the security of smart phones, tablets and laptops through research that could one day make passwords obsolete.” It’s notable that the first Innovation Centre will be located in Cheltenham, not far from the GCHQ where the government runs its surveillance and other covert programs. This is also likely the category under which the National Cyber Security Centre, announced earlier this year, will also fall.

Today is very much a high-level news announcement. As it begins to take shape, there will likely be a lot of questions about how far the UK plans to go in its bid to “protect” the UK and UK plc, with many who are already up in arms about its surveillance activities and more likely also to raise questions about how the plans announced today will impact our privacy, and our data. Th bigger picture here is that for now the government is laying out a policy both to the UK and the rest of the world to say that it’s aware and it plans to fight whatever might come.

“No longer the stuff of spy thrillers and action movies, cyber-attacks are a reality and they are happening now. Our adversaries are varied – organised criminal groups, ‘hactivists’, untrained teenagers and foreign states,” said Ben Gummer, Minister for the Cabinet Office & Paymaster General, said in a statement. “The first duty of the government is to keep the nation safe. Any modern state cannot remain secure and prosperous without securing itself in cyberspace. That is why we are taking the decisive action needed to protect our country, our economy and our citizens.”

Photo: Alistair Esam