The UK Government published its National Security Strategy in October 2010, setting out 15 priority risks to national security. Hostile attacks upon UK cyber space and large scale cyber crime, were identified as one of the four biggest threats (along with terrorism, war and natural disaster). The Strategic Defence and Security Review ("SDSR"), also published in October 2010, outlines how the Government intends to manage and mitigate these risks, including the establishment of a National Cyber Security Programme (the "Programme").
Under the SDSR, the Government is planning to introduce a transformative national cyber security programme to close the gap between the requirements of a modern digital economy and the rapidly growing risks associated with cyber space. Through the Programme, which will be supported by £650 million of new investment over the next four years, the Government intends to:
- create a single point of contact where the public and businesses can report cyber crime;
- address deficiencies in the UK’s ability to detect and defend itself against cyber attack – whether from terrorists, states, or other hostile actors;
- create a new organisation, the UK Defence Cyber Operations Group, to mainstream cyber security throughout the Ministry Of Defence and ensure the coherent integration of cyber activities across the spectrum of defence operations;
- address shortcomings in the critical cyber infrastructure upon which the UK as a whole depends. A new Cyber Infrastructure Team within the Department for Business, Innovation and Skills will provide strategic leadership and regulatory oversight for this;
- sponsor long-term cyber security research, working closely with research councils, the private sector and others;
- introduce a new programme of cyber security education and skills in order to encourage a more preventative approach to cyber security throughout the UK. This programme will focus on awareness-raising to help encourage safe and secure online behaviour among the UK public;
- continue to build its cyber security alliances, including through the already strong relationship with the US and the establishment of new relationships with like-minded nations; and
- establish a programme management office within the Office of Cyber Security and Information Assurance (in the Cabinet Office) to oversee, prioritize and coordinate the centralised funding and implementation of the Programme.
The National Security Strategy and SDSR represent the UK's response to issues of cyber security, which are becoming increasingly important to all aspects of society.
The SDSR claims that criminal groups have already registered over 9,500 Olympic Games-related web addresses. It also states that 51% of all the malicious software threats that have ever been identified were identified in 2009 alone. Recent press coverage has also reported on incidents such as the Stuxnet virus' ability to target software used in industrial processes. The virus allegedly attacked systems at Bushehr, Iran's first nuclear power plant, thus further highlighting the potential for cyber attacks to affect a country's critical infrastructure.
As well as the UK proposals, the EU Commission has also recently proposed a new Directive to update existing EU laws on cyber crime and the prevention of cyber attacks on information systems.
Further detail on how the UK Programme will be implemented, for example, the ways in which the Government intends to work with the private sector, are likely be set out in further detail in the National Cyber Crime Strategy (expected shortly) and the Cyber Security Strategy (due in Spring 2011).