£1.9 billion (GBP). That’s how much the UK government has ear marked for their massive 5-year push to beef up the nations cybersecurity. This is no small amount of money and more than doubles the previous budget set in 2011. This figured was made public along with a complete cybersecurity strategy which includes the threats and vulnerabilities that the UK faces currently and in the future. It was stated that the strategy was developed to defend (against attacks), deter (attackers) and develop (countermeasures).
Among the various threats that the UK government listed in its strategy are state-sponsored attacks, terror networks (it does however point out, that these cells are more likely to commit physical crimes rather than digital crimes at the moment), organized crime from Russian speaking countries, highly skilled hacktivists and amateur hackers known as script kiddies who utilize or purchase others exploits to do their dirty work.
The vulnerabilities listed are very similar to those faced by other countries and is reminiscent to those faced by older, slower adapting companies. Poor security practices surrounding devices and systems dealing with the Internet of Things (IoT) and unpatched systems tops the list, followed by insufficient cybersecurity protocols and the sheer amount of hacking resources currently available throughout the marketplace (both in commercial and black markets).
The UK’s Cybersecurity Strategy is looking to impact the current landscape in four major ways. The first of which is a market incentive. The UK government is looking for private and public sector companies to collaborate to develop better cybersecurity products. However, there is a bit of tension in the wording within the document as there is also talks of tightening regulations. Furthermore, noticeable was the absence of any mention of the EU’s Information Security Directive. Brexit still has not technically happened, and as such the UK is compelled to meet the requirements stipulated in the directive until it finally makes its exit.
The term “active cyber defense” also made an appearance in the strategy. Usually a point of controversy, it allows countries or companies to react and retaliate to a cyberattack by hacking back or counterhacking. However, in their document the UK government insists that this is not the case. Instead, it assures the public that it is simply referring to a series of steps and protocols such as DNS filtering, botnet targeting, and phishing prevention strategies, that they will be employing to bolster UK internet service defenses.
The government also brought up the National Offensive Cyber Program and is perhaps looking to allocate more budget towards it. Not much was said about what the program will entail and how it will be used. However, the UK will be deploying it to determine if an attack was state sponsored or not. The UK is one of the few Western countries that has not publicly accused another nation of committing a cyberattack. The National Offensive Cyber Program may change that.
Finally, and perhaps most profoundly, the released strategy states a need for the development of cryptography “developed in the UK, by British nationals.” This statement further pushes the antitrust sentiment that the UK has put on the main stage with the Brexit. However, it can also be a response to the controversy surrounding some of its Five Eyes partners, most notable the United States. Nonetheless, the UK is looking to make this a top priority and wants their very own security software. The UK is one of the few countries that has a literal moat surrounding it, now it aims to create a digital one as well.
Article by Amazing Support