Government updates cyber security strategy

Lessons learnt at the London 2012 Olympics are helping to update the Government’s National Cyber Security Strategy, which was launched a year ago.

In a written ministerial statement to Parliament, Cabinet Office Minister Francis Maude said: “The London Olympics was the first truly digital Games and, as such, we recognised the need to address potential cyber threats. We established unprecedented mechanisms for working hand in hand with sponsors and suppliers to the Games in combating and managing incidents. The lessons learnt from the event are informing our cyber security national incident management plans as we go forward.”

Cyber plans will include a new national cybercrime unit and a dedicated ‘reserve’ of IT security specialists.

The National Cyber Security Programme prioritises and coordinates this work across government and provides £650 million of new funding to improve the UK’s cyber security capability.

Mr Maude said the Government has invested in strengthening law enforcement and prosecutors’ capabilities to prevent, disrupt and investigate cybercrimes and bring those responsible to justice.

“The Police Central e-Crime Unit (PCeU) has trebled in size, three regional cyber policing teams have been established and training on cybercrime for mainstream police officers has been designed,” he said. “This is increasing the capacity of the police to tackle cybercrime in line with the Strategic Policing Requirement which was issued by the Home Secretary in July 2012. The Serious Organised Crime Agency (SOCA) has increased its cyber capability including the introduction of cyber overseas liaison officers and a number of posts dedicated to mainstreaming cyber and digital investigations across the organisation.”

The statement says PCeU reported that it has exceeded its four-year operations performance target of averting £504 million of harm within the first year of the National Cyber Security Programme alone – preventing £538 million of harm at a return on investment of £72 of harm averted for every pound invested. In addition, working with partners, SOCA has repatriated over 2.3 million items of compromised data to the financial sector in the UK and internationally since November 2011, with an estimated prevention of potential economic loss of over £500 million.

“The Crown Prosecution Service (CPS) is in turn devoting more resources to prosecuting cybercrime. As at the end of September 2012, the department was prosecuting 29 ‘live’ cybercrime cases,” added Mr Maude.

Among other plans for next year, he announced that PCeU and SOCA will come together to form the National Cyber Crime Unit of the new National Crime Agency. Subject to Parliamentary approval, this will be established in October 2013 “to create an even more effective response to the most serious cyber criminals”.

“This will deliver the next step in transforming law enforcement capability to tackle cyber and cyber-enabled crimes,” said Mr Maude.

The statement outlines how National Cyber Security Programme funding has enhanced Action Fraud to become the UK’s national reporting centre for fraud and financial internet crime, operating on a 24/7 basis. Over 12 months, Action Fraud received 46,000 reports from the public of cyber-enabled crimes amounting to attempted levels of fraud of £292 million.

HM Revenue and Customs (HMRC) has established a new Cyber Crime Team to help tackle tax fraud by organised criminals. HMRC’s enhanced anti-phishing capabilities are now leading to the interception of five major threats a day and have helped the department to shut down almost 1,000 fraudulent websites in the past 12 months.

Going forward, the Government plans to establish a UK National CERT (Computer Emergency Response Team).

“This will build on and complement our existing CERT structures, improve national coordination of cyber incidents and act as a focus point for international sharing of technical information on cyber security,” said Mr Maude.

In