New UK cyber security centre to work with Bank of England
Will it get enough cash to investigate, pursue the perps?
The UK's new national cyber centre will collaborate with the Bank of England on new cyber security guidance for financial firms when it opens later this year, the government has said.
The Cabinet Office announced that the National Cyber Security Centre (NCSC) will be based in London and start operating in October. It said one of the NCSC's first tasks will be to work with the Bank of England to "produce advice for the financial sector for managing cyber security effectively".
"This important work with the Bank of England is paramount to ensuring that businesses of all shapes and sizes understand the threats and what they can do to mitigate them," Cabinet Office minister Matt Hancock said. "We’ll do this by informing the entire business community and public sector about emerging threats, providing support when attacks happen and educating everyone on how best to stay safe online."
The NCSC is being set up to aggregate "the UK’s cyber expertise", the Cabinet Office said. It said the NCSC "will be the authoritative voice on information security in the UK". The current director general of cyber at GCHQ, Ciaran Martin, will lead the new organisation and Dr Ian Levy, GCHQ's current technical director of cyber security, will take on the role of the NCSC's technical director, the Cabinet Office said.
Civil fraud and asset recovery expert Alan Sheeley of Pinsent Masons, the law firm behind Out-Law.com, raised concern about whether the NCSC will be sufficiently resourced to "actively investigate the cyber attacks and pursue the perpetrators".
"Will the NCSC have the necessary tools and budgets to target and address 'the industrial-scale theft of intellectual property from our companies and universities, as well as the numerous phishing and malware scams that waste time and money' that GCHQ director Robert Hannigan highlighted in his statement?" Sheeley said. "The concern I have is that this will this become another Action Fraud where this organisation also becomes inundated with calls and claims and are unable, due to resources, to actively investigate the cyber attacks and pursue the perpetrators."
"Action Fraud received 250,000 reports of crime ever year; Adrian Leppard, the former city of London police commissioner predicted the true level is 12 times that. Of the three million crimes only 70,000 are actually investigated which is shockingly low," he said.
Sheeley said that government's plans to stiffen the cyber security of UK companies are welcome in light of a report last year which revealed that cyber crime is costing the global economy over $445 billion annually. However, he said it is not yet clear whether the NCSC would become "another information bank rather than a pro-active investigation department that provides proper results". He said the perpetrators of cyber crime "should pay for their actions through convictions – prison and compensation".
"The NCSC, in my view, should be under a duty to educate companies not just of the crimes that are currently taking place and prevention measures that can be adopted but also of the private actions that companies can and should implement to combat cyber crime and recover any losses," Sheeley said. "Civil fraud solicitors can be utilised to obtain disclosure orders against computer server providers, website host providers and financial institutions to quickly identify the perpetrator of a cyber security breach."
"Once the perpetrator has been identified, civil fraud solicitors can assist in the recovery of any stolen assets, whether that be information or monies with the use of search and seize orders and freezing orders. In light of the importance of these tools to recovering the losses and identify perpetrators of cyber crime, the NCSC should be advising business which are the victims of a cyber security breach of the availability of these crucial strategies," he said.
Copyright © 2016, Out-Law.com
Out-Law.com is part of international law firm Pinsent Masons.