Home Tags Chancellor of the Exchequer

Tag: Chancellor of the Exchequer

EnlargeDefence Images reader comments 8 Share this story The UK government has promised to spend nearly £2 billion over the next five years to try to tackle the growing problem of cyber attacks in the country. Recent research suggested that Britain is particularly susceptible to data breaches involving compromised employee account data. Nonetheless, chancellor of the exchequer Philip Hammond claimed on Tuesday that the country is "an acknowledged global leader in cyber security." Number 11's occupant crowed that the previous Tory-led coalition government had chucked £860 million at the problem, but Hammond then undermined himself somewhat by adding that "we must now keep up with the scale and pace of the threats we face." Which underlines the fact that the government is playing catch-up in its race against cybercrims. The answer, according to the treasury, is to up taxpayer-funded spending in the fight against cyber attacks.

The chancellor said: Our new strategy, underpinned by £1.9 billion of support over five years and excellent partnerships with industry and academia, will allow us to take even greater steps to defend ourselves in cyberspace and to strike back when we are attacked. If your toes aren't already curled enough, perhaps paymaster general Ben Gummer can help. He said: "No longer the stuff of spy thrillers and action movies, cyber-attacks are a reality and they are happening now. Our adversaries are varied—organised criminal groups, 'hactivists,' untrained teenagers, and foreign states." Readers of these pages know that there is nothing new about baddies misbehaving on the Web.

But since the TalkTalk hack attack in October 2015, such crimes have finally gone mainstream. The treasury added that Whitehall's hefty investment would be three-pronged.
It said a "world-class cyber workforce" would be developed, added that the UK would "use automated defences to safeguard citizens and businesses against growing cyber threats," and said that deterrent plans would be put in place propped up by better policing capabilities. Number 11 said it would work closely with industry partners such as Bath-based Netcraft—an outfit that specialises in Internet security services and counts clients that include Microsoft, BT, Cisco, and Intel. Hammond is also expected to announce plans to invest in the next generation of infosec experts with a new Cyber Security Research Institute, which we're told is a "virtual collection of UK universities" that will be tasked with beefing up smart phone, tablet, and laptop security "through research that could one day make passwords obsolete." The GCHQ-backed National Cyber Security Centre opened its doors for the first time last month.

By early 2017, the government has promised that the cyberhub will have a 700-strong team running the show. However, the government's so-called National Cyber Security Strategy isn't entirely welcomed by industry.
ISPs recently expressed concern about regulatory meddling, arguing that the focus should be on raising awareness, rather than burdening telcos with yet more rules. As part of its cyber defence plan, Hammond's department said that the industry would be expected to adopt "a range of technical measures" including DNS filtering against malware and phishing sites, an e-mail verification system on government networks to try to prevent domain spoofing, and researching methods to move "safely beyond passwords." It hopes to also bring in a scheme to detect government network attacks. The chancellor claimed that the government had already improved its efforts against "a website serving Web-inject malware." We're told that it previously "would stay active for over a month—now it is less than two days. UK-based phishing sites would remain active for a day—now it is less than an hour.

And phishing sites impersonating government’s own departments would have stayed active for two days—now it is less than five hours." NHS trusts have, for years, been particularly susceptible to such attacks.
Indeed, the Northern Lincolnshire & Goole NHS Foundation Trust remains on red alert with appointments cancelled as it battles a virus that blighted its IT systems on Sunday. This post originated on Ars Technica UK
... and gov wants more of our data? The Cabinet Office is failing to coordinate the UK's government departments' efforts to protect their information according to a damning report by the National Audit Office. The NAO found that the Cabinet Office failed in its duty and ambition to coordinate and lead government departments’ efforts in protecting such information. The Cabinet Office has “tried to take a more strategic role in offering support and guidance to central government departments,” the NAO report found. “However, senior-level governance remains complex and unclear and, until recently, a wide array of central teams have been involved in information assurance and protecting information, sometimes offering overlapping and contradictory advice.” Reporting personal data breaches is chaotic, with different mechanisms making departmental comparisons meaningless.
In addition, the Cabinet Office does not have access to robust expenditure and benefits data from departments, in part because they do not always collect or share such data.

The Cabinet Office has recently collected some data on security costs, though it believes that actual costs are "several times" the reported figure of £300 million. As a result, NAO stated that GCHQ dealt with 200 “cyber national security incidents” per month in 2015, double the number of attacks it had addressed in 2014, though the result of these attacks has not been reported. The report certainly suggests that departments need to get their own houses in order before they start opening up access to even more of citizens' data, as per the porn-blocking Digital Economy Bill, with 8,995 data breaches in the 17 largest government departments in 2014-15. Government departments are being challenged by the increasing need to share data with other public bodies, with delivery partners, service users, and citizens.

According to the NAO, recent years’ “cuts to departmental budgets and staff numbers, and increasing demands form citizens for online public services, have changed the way government collects, stores and manages information”. At the same time “the threat of electronic data loss from cyber crime, espionage and accidental disclosure has risen considerably.

Alongside this new challenge, reporting to the Information Commissioner’s Office (ICO) by public bodies shows that the loss of paper records remains significant.” Efforts have complicated by the lack of coordination by the 12 separate teams and organisations which play a role in governmental infosec, including: GDS; GCHQ; CESG, CERT-UK; and the UK National Authority for Counter Eavesdropping (UKNACE). That this work hasn’t been coordinated “has meant that a large number of bodies continue to have overlapping mandates and activities” according to the NAO, which noted how last November the then-Chancellor of the Exchequer noted this acronym-heavy problem and the need to “address the alphabet soup of agencies involved in protecting Britain in cyberspace.” As part of that address, Osborne announced the launch of a new National Cyber Security Centre (NCSC) which will act as a hub for sharing best practices in security between public and private sectors, and will tackle cyber incident response. Speaking to The Register earlier this month, the former head of GCHQ Sir David Omand said: "Next month, the new National Cyber Security Centre starts its work, under the Director of GCHQ, drawing on the technical expertise of GCHQ staff in operating in cyberspace, a further major development in harnessing the skills of the intelligence community in protecting the public." NAO's head, Amyas Morse, said: “Protecting information while re-designing public services and introducing the technology necessary to support them is an increasingly complex challenge.

To achieve this, the Cabinet Office, departments and the wider public sector need a new approach, in which the centre of government provides clear principles and guidance and departments increase their capacity to make informed decisions about the risks involved.” ®