The UK government has revealed plans for a National Cyber Security Centre (NCSC) to be launched this autumn to help ensure that the people, public and private sector organizations and the critical national infrastructure is safer online in the face of growing threats from serious crime gangs, hacking groups, terrorists and attacks from states.
The NCSC, sited in London, will bring the UK’s cyber expertise together to transform how cyber security issues are tackled and will act as an authoritative voice on the nation’s information security. The move will see the doubling of the UK government’s investment in cybersecurity to £1.9 billion over the next five years.
One of NCSC’s first tasks will be to work with the Bank of England to produce advice for the financial sector for managing cyber security effectively.
“In establishing the National Cyber Security Centre we are creating a body devoted to cyber security and this will transform the UK’s approach to an issue that affects us all,” explained Minister for the Cabinet Office and Paymaster General, Matthew Hancock. “This important work with the Bank of England is paramount to ensuring that businesses of all shapes and sizes understand the threats and what they can do to mitigate them.”
Cyber security is a global issue
The UK government has defined "cyber" as a tier-one threat to the UK's national and economic security. Other countries have also shored up their cyber defenses. Australia, for example, has the Australian Cyber Security Centre (ACSC) and the US has the National Cyber Security and Communications Integration Center (NCCIC). The NCCIC's partners include other government agencies, the private sector, and international entities.
All states in the European Union have set up operational entities, such as computer emergency response teams (CERTS), but the strategies and experience of these differ greatly, according to a recent BSA report by the Software Alliance. It noted that there are still significant discrepancies between cybersecurity policies, legal frameworks and operational capabilities, creating holes in cybersecurity across Europe. One problem is the lack of systematic cooperation with non-governmental entities and public-private partnerships.
The BSA report revealed that Austria, Estonia and the Netherlands are the most cyber-secure countries in Europe. The Czech Republic and the UK also ranked highly, while Ireland, Croatia, and Romania scored at the bottom.
Estonia was early to establish a cybersecurity strategy back in 2008. The country also has a wide range of legislation that covers information security and cybersecurity. In addition to national bodies, NATO’s Cyber Security Centre of Excellence is based there.
The Netherlands also has a National Cyber Security Centre, responsible for all cyber security practices and procedures. It is also actively involved in the work of the Information Sharing and Analysis Centers (ISAC) for sectors involved with critical infrastructure.
The Austrian Cyber Security Strategy is part of a broader ICT security initiative put in place by the Austrian government, as detailed in its National ICT Security Strategy 2012. The strategy maps targeted cybersecurity objectives into organized fields of action. Austria has an established computer emergency response team, CERT.at. There are also several public-private partnerships related to cybersecurity operating in the country, such as the Centre for Secure Information Technology Austria (A-SIT) and Kuratorium Sicheres Österreich.
The BSA report concluded that “achieving a coherent approach and common baseline level of cybersecurity in the EU will require a sustained effort”. With only 19 of the 28 Member States having detailed and comprehensive cyber security strategies in place, many of which are wanting in places, and eight having no framework at all there is still much work to be done.
Cyber threats will only grow, and with the NCSC in place the UK will be better placed to protect national infrastructure and businesses against attack.