UK.gov chucks another £260m at MOOC-based cyber security training

Doom-mongers warn cybercrime will destroy ALL - unless you buy their gear

High performance access to file storage

The UK government has published a progress report praising its own achievements in the two years since it launched an ambitious plan to make Britain the best place to do e-commerce.

The National Cyber Security Strategy (NCSS), launched in November 2011, also has the goals of making the UK more resilient to cyber attack, building partnership between government and the private sector and developing the UK’s cyber security knowledge, skills and capability.

The strategy is supported by £860m from the National Cyber Security Programme, an increase from the initial funding allocation of £650m.

Francis Maude, the Cabinet Officer minister who oversees the UK's Cyber Security Strategy, explained the rationale for increased funding at a time of general austerity and cost cutting. "The cyber attack will remain a serious threat to our national security," Maude explained in a statement.

"That is why our work with other sectors," he added, "such as academia and R&D, will continue to benefit strongly from secure government funding. As a result of the 2013 spending review we have directed an additional £210m investment to this area, making £860m of sustained government investment on cyber to 2016."

Science minister David Willetts added that skills training was a key part in delivering on the overall programme.

"We are working closely with business and universities to ensure the country has the skills and knowledge it needs to meet the cyber challenge," Willetts said. "We want to show students and businesses that cyber security does not simply pose a threat. It gives those who take it seriously an opportunity to gain new expertise, or even a commercial advantage."

Building skills can help UK-based security software developers and consultancies to bring in export sales. The UK government has set a target of more than doubling annual cyber exports from the UK to £2 billion a year by 2016. "With a new £2 billion target for cyber exports, we will also be helping the UK cyber sector to grow and keep the UK ahead in the global race," Willetts commented.

Future plans to develop the strategy include a cyber security kitemark for firms that want to do business with the UK Government, boosting UK cyber exports and providing a cyber security baseline standard. Only the baseline standard is in any way controversial.

UK government plans for the coming year include establishing a new Cyber Security Suppliers’ scheme, developed through the Cyber Growth partnership; this will allow businesses to state publicly to prospective clients that they supply government with cyber security products and services.

Other plans include the development of an industry-led organisational standard, based on the ISO27000-series, to give the cyber-security industry a clear baseline to aim for, ensuring focus on basic cyber hygiene and protection from low level threats. The standard would be adopted by government in its procurement where proportionate and relevant thereby encouraging uptake and giving companies a demonstrable competitive edge.

This approach sounds a bit like the not infrequently criticised PCI DSS standards for credit card merchants. Even otherwise supportive IT suppliers are cautious about the proposed scheme.

Richard Archdeacon, head of security strategy at HP Enterprise Security Services, said: "Whilst the introduction of an industry-led organisational Standard for Cyber Security is laudable, businesses should only regard this as the bare minimum. Furthermore, as these measures are well documented and indeed known by our adversaries, companies need to go above and beyond in order to truly secure their critical data."

Other government ideas call for the development of a "Massive Open Online Course" in cyber security by summer 2014 for the Open University. The course has the potential to reach 200,000 students, both domestically and overseas, and will be available online at no charge.

UK.gov also hopes to back the launch of a research institute, which will focus on Trustworthy Industrial Control Systems, a key area of concern in the post-Stuxnet world of running power plants and systems that rely heavily on SCADA industrial control technology. Ministers are also backing continued funding for the Cyber Security Challenge, so that the program to find the next generation of cyber security workers can do more work with schools.

HP's Archdeacon welcomed the focus on education in the government's plans.

HP is fully supportive of the Cabinet Office’s efforts in the realm of cyber security. Undoubtedly, cyber security has become one of the biggest threats to companies and businesses around the world and the countries in which they are based. Not only can a breach affect an organisation’s bottom line and reputation, but we’ve seen numerous cases where high value intellectual property has been stolen," he said.

Ilias Chantzos, senior director government relations EMEA at Symantec, also endorsed the focus on education in pushing the UK's Cyber Security strategy forward: "Today’s commitment to a government-led awareness campaign, supported by industry, across the general public and small businesses is an important investment. Further education is vital in highlighting the profound impact cyber threats have on businesses, individuals and the wider UK economy."

Ross Brewer, vice president and managing director of international markets at security tools vendor LogRhythm, is also upbeat. "This new strategy, which includes an open online course in cyber security, funding for the Cyber Security Challenge and a series of guiding principles, will undoubtedly better prepare UK businesses and raise awareness of cyber crime, which is key when faced with today’s sophisticated threats. By building skill sets and tightening standards, it will hopefully stimulate the much needed adoption of even basic threat detection steps," he added.

Development in the UK government's strategy are explained in policy papers here on the gov.uk website.

A written ministerial statement on progress against the objectives set out in the UK Cyber Security Strategy, which Maude delivered in parliament on Thursday, can be found here. ®

Combat fraud and increase customer satisfaction

More from The Register

next story
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Record labels sue Pandora over vintage song royalties
Companies want payout on recordings made before 1972
Lavabit loses contempt of court appeal over protecting Snowden, customers
Judges rule complaints about government power are too little, too late
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
Edward Snowden on his Putin TV appearance: 'Why all the criticism?'
Denies Q&A cameo was meant to slam US, big-up Russia
Judge halts spread of zombie Nortel patents to Texas in Google trial
Epic Rockstar patent war to be waged in California
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
prev story


SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.