The Cyber-Security Strategy will create a national digital crime investigative unit, a public-private hub to share cyber-threat intelligence and make it easier to report cyber-crimes.
The United Kingdom outlined plans to secure critical
infrastructure and improve the country's cyber-defenses to protect national
security and citizens from multiple cyber-threats.
The United Kingdom will create a new cyber-crime unit within
the National Crime Agency to deploy cyber-specialists with skills and
experience solving cyber-crimes to police departments across the country to
assist with investigations, according to the Cyber
released by Francis Maude, the Minister for U.K.'s
Cabinet Office and Paymaster General, on Nov. 25. The new unit would build on
the Metropolitan Police's eCrime Unit, which has been actively involved in
breaking up cyber-fraud gangs this year.
The National Crime Agency is the U.K. equivalent of the
Federal Bureau of Investigation. The new division is set to be fully operational
The goals are ambitious. By 2015, the measures outlined in
the strategy document will place the United Kingdom in a position "where
law enforcement is tackling cyber-criminals, citizens know what to do to
protect themselves, effective cyber-security is seen as a positive for U.K.
business, a thriving cyber-security sector has been established, public
services online are secure and resilient, and the threats to our national
infrastructure and national security have been confronted," Maude wrote.
The Cabinet Office is expected to report back next year on
The government classified cyber-security as a "tier
one" national security priority in 2010 and set aside 650 million pounds over the next
four years to be used for cyber-defense, according to Maude. The bulk of the
funding will go towards the government's efforts to detect and counter
The plan outlined a new public-private sector collaboration
in which the government and businesses will exchange information on cyber-threats
and responses. Similar to the Defense Industrial Base Pilot
launched by the
United States Department of Defense, the partnership will allow organizations
to receive classified details about cyber-attacks and information on how to
The U.S. version of the program is limited to defense
contractors and similar organizations. The British counterpart will include
companies from the defense, finance, telecommunications, pharmaceutical and
energy industries in a pilot program that will be launched in December. Based
on the pilot's success, the hub will be expanded in the spring to include other
sectors, according to the document.
government is also investing in "proactive measures to disrupt threats to
The Centre for the Protection of the National Infrastructure
will also be expanded to include organizations that have previously not been
considered part of critical infrastructure. While the list of organizations was
not available, businesses where the threat to revenues and theft of
intellectual property could cause "significant economic damage" to
the U.K. would be covered, the document said. The strategy also noted that
"much of the U.K.'s critical infrastructure is not in government hands but
is owned and managed by the private sector."
Authorities will also set up a simplified cyber-crime reporting
system through the existing Action Fraud reporting center. Users will also
receive training to increase public awareness of online threats. A voluntary
code of conduct with Internet service providers will also outline how users
whose computers are infected with malware will be notified and receive
instructions on how to mitigate the problems.
The plan also discusses improving the military's defense
capabilities, without actually committing to responding to cyber-attacks with
. The Pentagon officially committed to that as an option in a
report to Congress publicly released Nov. 21.
"This strategy outlines the creation of a new Joint
Cyber Unit hosted by GCHG (Government Communications Headquarters), which will
develop our military capabilities to give the U.K. a comparative advantage in
cyber-space," according to the document. GCHG is a British intelligence
agency that handles communications and information systems security.
The Cyber-Security Strategy document "heralds a new era
of unprecedented co-operation between the government and the private sector on
cyber-security, working hand in hand to make the U.K. one of the most secure
places in the world to do business," Maude said.