UK government lays out cyber security plans
The UK Government's Cabinet Office has announced the publication of its new Cyber Security Strategy which "sets out how the UK will support economic prosperity, protect national security and safeguard the public’s way of life by building a more trusted and resilient digital environment". The UK Government says it ranks cyber security as a tier 1 national security priority and has allocated £650 million over four years to reinforce defences.
A pilot for a joint public/private cyber security hub is being started in December for defence, telecoms, finance, pharmaceuticals and energy; the hub will exchange "actionable information on cyber threats" and manage the response to attacks. To address high-end threats, the government is committing to a new Defence Cyber Operations Group within the MOD which will look at developing tactics, techniques and plans for military "cyber capabilities". It also is considering how to tap reservists' digital knowledge and skills to contribute to military planning.
In a similar vein, the policy for tackling online crime focuses on expanded use of "cyber-Specials", Police Special officers with relevant skills, to tackle investigations. The government notes the "ground-breaking" use of such police officers at the Metropolitan Police's PCeU (Police Central e-crime Unit) and sets out a plan to create a similar national-level unit within the NCA (National Crime Agency) by 2013. This would be complemented by a single fraud reporting system for businesses and the public called "Action Fraud". An enhanced "Get Safe Online" campaign will also offer "NHS Direct 'triage'" through the web site to assist people in "solving their cyber security problems".
Other elements in the new policy document include developing "kitemarks" for security software, getting ISPs to sign up to a set of "guiding principles" on how to support their users' security, improving education, both for the general public and for research, and looking at ways to create economic growth in the cyber security industry.