In its 2010–2011 Annual Report, the UK Intelligence and Security Committee (ISC) welcomed the fact that the Government listed cyber security as a tier one risk in the National Security Strategy.
The increased profile was accompanied by funding of £650m over four years – primarily to fund projects under the National Cyber Security Programme (NCSP) - with over half of this money allocated to the intelligence community, with the majority allocated to GCHQ.
In its "Intelligence and Security Committee Annual Report 2011–2012", the ISC said that although there had been progress in improving cyber security since the NCSP was established, it had still not met recommendations that the committee had set out in its 2010-2011 report.
In particular, in November 2011 the UK Government launched its Cyber Security Strategy which described how a transformation in the UK’s cyber security capabilities is to be achieved.
The strategy states:
"Our vision is for the UK in 2015 to derive huge economic and social value from a vibrant, resilient and secure cyberspace, where our actions, guided by our core values of liberty, fairness, transparency and the rule of law, enhance prosperity, national security and a strong society".
This ‘vision’ is to be delivered by focusing on four overarching objectives:
1. The UK has to tackle cyber crime and be one of the most secure places in the world to do business in cyberspace;
2. The UK has to be more resilient to cyber attacks and better able to protect our interests in cyberspace;
3. The UK has to help to shape an open, stable and vibrant cyberspace which the UK public can use safely and that supports open societies;
4. The UK has to have the cross-cutting knowledge, skills and capability it needs to underpin all our cyber security objectives.
The report praises the government´s efforts to raise the profile and awareness of cyber security and to clarify ministerial responsibility and accountability for cyber security, even if concerns remain as to whether there was still potential for confusion, given the Foreign and Home Secretaries’ overall responsibilities for the Agencies.
Despite this, one of the main recommendations in the report is that the NCSP should focus more on cyber security education.
The report concludes that, after "twenty months into the National Cyber Security Programme, there appears to have been some progress on developing cyber capabilities. However, cyber security is a fast-paced field and delays in developing our capabilities give our enemies the advantage. We are therefore concerned that much of the work to protect UK interests in cyberspace is still at an early stage."
Read the Annual Report here:
Cross-posted from Stefano Mele