Feeds

UK.gov chucks another £260m at MOOC-based cyber security training

Doom-mongers warn cybercrime will destroy ALL - unless you buy their gear

Maximizing your infrastructure through virtualization

The UK government has published a progress report praising its own achievements in the two years since it launched an ambitious plan to make Britain the best place to do e-commerce.

The National Cyber Security Strategy (NCSS), launched in November 2011, also has the goals of making the UK more resilient to cyber attack, building partnership between government and the private sector and developing the UK’s cyber security knowledge, skills and capability.

The strategy is supported by £860m from the National Cyber Security Programme, an increase from the initial funding allocation of £650m.

Francis Maude, the Cabinet Officer minister who oversees the UK's Cyber Security Strategy, explained the rationale for increased funding at a time of general austerity and cost cutting. "The cyber attack will remain a serious threat to our national security," Maude explained in a statement.

"That is why our work with other sectors," he added, "such as academia and R&D, will continue to benefit strongly from secure government funding. As a result of the 2013 spending review we have directed an additional £210m investment to this area, making £860m of sustained government investment on cyber to 2016."

Science minister David Willetts added that skills training was a key part in delivering on the overall programme.

"We are working closely with business and universities to ensure the country has the skills and knowledge it needs to meet the cyber challenge," Willetts said. "We want to show students and businesses that cyber security does not simply pose a threat. It gives those who take it seriously an opportunity to gain new expertise, or even a commercial advantage."

Building skills can help UK-based security software developers and consultancies to bring in export sales. The UK government has set a target of more than doubling annual cyber exports from the UK to £2 billion a year by 2016. "With a new £2 billion target for cyber exports, we will also be helping the UK cyber sector to grow and keep the UK ahead in the global race," Willetts commented.

Future plans to develop the strategy include a cyber security kitemark for firms that want to do business with the UK Government, boosting UK cyber exports and providing a cyber security baseline standard. Only the baseline standard is in any way controversial.

UK government plans for the coming year include establishing a new Cyber Security Suppliers’ scheme, developed through the Cyber Growth partnership; this will allow businesses to state publicly to prospective clients that they supply government with cyber security products and services.

Other plans include the development of an industry-led organisational standard, based on the ISO27000-series, to give the cyber-security industry a clear baseline to aim for, ensuring focus on basic cyber hygiene and protection from low level threats. The standard would be adopted by government in its procurement where proportionate and relevant thereby encouraging uptake and giving companies a demonstrable competitive edge.

This approach sounds a bit like the not infrequently criticised PCI DSS standards for credit card merchants. Even otherwise supportive IT suppliers are cautious about the proposed scheme.

Richard Archdeacon, head of security strategy at HP Enterprise Security Services, said: "Whilst the introduction of an industry-led organisational Standard for Cyber Security is laudable, businesses should only regard this as the bare minimum. Furthermore, as these measures are well documented and indeed known by our adversaries, companies need to go above and beyond in order to truly secure their critical data."

Other government ideas call for the development of a "Massive Open Online Course" in cyber security by summer 2014 for the Open University. The course has the potential to reach 200,000 students, both domestically and overseas, and will be available online at no charge.

UK.gov also hopes to back the launch of a research institute, which will focus on Trustworthy Industrial Control Systems, a key area of concern in the post-Stuxnet world of running power plants and systems that rely heavily on SCADA industrial control technology. Ministers are also backing continued funding for the Cyber Security Challenge, so that the program to find the next generation of cyber security workers can do more work with schools.

HP's Archdeacon welcomed the focus on education in the government's plans.

HP is fully supportive of the Cabinet Office’s efforts in the realm of cyber security. Undoubtedly, cyber security has become one of the biggest threats to companies and businesses around the world and the countries in which they are based. Not only can a breach affect an organisation’s bottom line and reputation, but we’ve seen numerous cases where high value intellectual property has been stolen," he said.

Ilias Chantzos, senior director government relations EMEA at Symantec, also endorsed the focus on education in pushing the UK's Cyber Security strategy forward: "Today’s commitment to a government-led awareness campaign, supported by industry, across the general public and small businesses is an important investment. Further education is vital in highlighting the profound impact cyber threats have on businesses, individuals and the wider UK economy."

Ross Brewer, vice president and managing director of international markets at security tools vendor LogRhythm, is also upbeat. "This new strategy, which includes an open online course in cyber security, funding for the Cyber Security Challenge and a series of guiding principles, will undoubtedly better prepare UK businesses and raise awareness of cyber crime, which is key when faced with today’s sophisticated threats. By building skill sets and tightening standards, it will hopefully stimulate the much needed adoption of even basic threat detection steps," he added.

Development in the UK government's strategy are explained in policy papers here on the gov.uk website.

A written ministerial statement on progress against the objectives set out in the UK Cyber Security Strategy, which Maude delivered in parliament on Thursday, can be found here. ®

Top three mobile application threats

More from The Register

next story
Arrr: Freetard-bothering Digital Economy Act tied up, thrown in the hold
Ministry of Fun confirms: Yes, we're busy doing nothing
Help yourself to anyone's photos FOR FREE, suggests UK.gov
Copyright law reforms will keep m'learned friends busy
Apple smacked with privacy sueball over Location Services
Class action launched on behalf of 100 million iPhone owners
US judge: YES, cops or feds so can slurp an ENTIRE Gmail account
Crooks don't have folders labelled 'drug records', opines NY beak
ONE EMAIL costs mining company $300 MEEELION
Environmental activist walks free after hoax sent share price over a cliff
UK government officially adopts Open Document Format
Microsoft insurgency fails, earns snarky remark from UK digital services head
You! Pirate! Stop pirating, or we shall admonish you politely. Repeatedly, if necessary
And we shall go about telling people you smell. No, not really
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.