The UK government has today released its 2011 Cyber Security Strategy.
With an increased focus on cybercrime, and renewed focus on cyberspace as an engine of economic and social prosperity, the strategy continues to hone Whitehall’s understanding of this vibrant, complex and increasingly global domain.
Many of the strategy objectives – in particular those related to securing critical infrastructure – will require close engagement with the private sector.
These public-private partnerships are essential, and, as noted in a recent Chatham House report on critical national infrastructure, they require awareness, engagement and trust among senior decision makers on all sides.
This is not an easy process and requires a keen understanding of the incentives that guide actions in the public and private sectors.
Links to business
The government will also have to balance the tension between building a more secure environment – which requires standards and regulation – and encouraging businesses to set up shop in the UK.
However there are signs that Whitehall is aware of these complexities and the need to experiment with potential solutions.
One new initiative is a three-month pilot scheme among five business sectors: defence, finance, telecommunications, pharmaceuticals, and energy.
It will exchange “actionable information on cyber threats”, “analyse new trends” and work to “strengthen and link up our collective cyber security capabilities”.
The strategy also supports existing independent initiatives such as Get Safe Online (raising awareness of cyber threats) and Cyber Security Challenge UK (searching for new talent), both of which have taken a good idea and implemented it in a simple and straightforward manner.
Cybercrime is topic that receives significant focus, in particular for the damage it does to the financial and social fabric of the country.
One primary initiative will create a “national cyber crime capability as part of the new National Crime Agency by 2013”.
Another will create, by the end of 2011, a “single reporting system for citizens and small businesses to report cyber crime”.
These are all encouraging steps that will require patience and persistence but which are essential.
One idea that looks slightly riskier is a “government-sponsored venture capital model to unlock innovation on cyber security in SMEs” (small and medium enterprises).
The appetite for risk varies widely between Silicon Roundabout and Whitehall, and government experimentation with venture capitalism has often produced mixed results. For example the US government’s $535m (£345m) loan to Solyndra – the now-bankrupt solar panel manufacturer.
The new strategy is more detailed than the 2009 version, and in many ways reads more like a cyber and economic security strategy.
It continues the process set in motion by the recent Foreign Office-led London Conference on Cyberspace, which emphasised the economic and social benefits of a secure cyberspace and called for development of “rules of the road”.
The introduction to the strategy notes that the government will report back in 2012 on progress made toward these objectives.
This strategy is a promising step and has ambitiously laid out a task list of dozens of actions.