In November the UK government released the “UK Cyber Security Strategy” which can be downloaded here. There are four main objectives which will be funded by £650million over 4 years under the “National Cyber Security Programme” (NCSP). The objectives are:

1. To tackle cybercrime and be of the most secure places to do e-business
2. To be more resilient to cybercrime
3. To help shape an "open, stable and vibrant cyberspace"
   
4. To have knowledge, skills and capacity to carry out all cyber security objectives

The paper goes on to describe cyberspace, what the current and emerging threats are and an expansion of the four objectives listed above. Finally, in "Annex A", is a table outlying the actual implementation of the objectives. This is perhaps the most interesting bit, so if you don’t feel like reading all 42 pages, just skip to the Annex.

I was at the Symposium on Security Risk, Cybercrime and Critical Infrastructure yesterday (more in a future post) and a number of speakers spoke about this paper and what their thoughts were on it. The thing that struck me first was the number of different organisations mentioned in the paper that would be created, involved, consulted or partnered with. The main section doesn’t really talk much of a person or group who will be in charge of the coordination of this multi-organisational effort, but tucked away in the Annex on the very last page is action 6: “put in place clear leadership of cyber across Government, with a dedicated minister and oversight at the highest levels of Government”. I think this merited a little bit more of a mention, but it will be interesting to see who this is and how they can steer the direction of the NCSP, as the gist seems to be about collaborating with the right groups to get the right information to the right people at the right times. The groups mentioned in the report are (in no particular order of importance, and perhaps I’ve missed some out):

• Cabinet office
• Office of Cyber Security and Information Assurance
• National Crime Agency
• The Serious Organised Crime Agency (SOCA)
• GCHQ
• Joint Cyber Unit
• Ministry of Defence
• Joint Forces Command
• Defence Cyber Operations Group
• Global Operations and Security Control Centre
• Home office
• Department for business, Innovation and Skills
• Government ICT
• Single Intelligence Account
• United Nations
• Group of Governmental Experts
• European Commission
• External Action service
• Organisation for Security and Cooperation in Europe
• Centre for the Protection of National Infrastructure (CPNI)
• Government Office for Science
• Metropolitan Police Central e-crime Unit
• UK Council for child Internet Safety
• National Fraud Intelligence Bureau
• British Retail Consortium
• The Technology Strategy Board
• The Engineering and Physical Science research Council
• UK Trade and Investment
• Broadband Stakeholder Group
• International Telecommunications Union

Now that’s a lot of organisations or subgroups! Another one of the problems I see is the lack of clear solutions to how they will educate the general public. It mentions quite frequently that 80% of the cybercrime today can be solved using antivirus/security software, keeping up to date with the news of cybercrime and being vigilant. It’s basically down to the individuals to do this – I think if the general public could follow this advice we won’t be in the state we are in now! It mentions that by March 2012 they will have conducted research how to educate people, including in higher education, but I don’t think they are doing or will do enough for the average middle aged non tech-savvy person like my parents, who certainly aren’t going to get much out of the dull getsafeonline.org which is currently all that really exists.

One of the things a speaker at yesterday’s conference said was that the paper lacks support for self started schemes by businesses and academia. It has plenty of Government funded initiatives, but doesn’t mention helping anything else. Businesses won’t use their own initiative if they don’t think they will get the support of the NCSP, and if the groups mentioned in the report are slow to collaborate then I see this proposal taking a very long time to get its feet off the ground.