Out-Law News 2 min. read

New UK cyber security research scheme launched


A public-private partnership aimed at supporting "cutting edge cyber security research" has been launched in the UK.

The CyberInvest initiative is backed by the UK government and intelligence agency GCHQ and encourages businesses to "invest in the strategically important research areas critical to protecting the UK", a statement issued by GCHQ said. A total of 18 companies have already committed to investing £6.5 million between them as part of the imitative, it said.

"CyberInvest will build a community of industry, government and academia who are committed to sustained investment in cyber security research," the statement said. "Whilst many companies invest in research, some find it difficult to target the right opportunities, and where investment is made, it is not always visible or focused. CyberInvest will provide a forum for the latest in cyber security research, drawing upon the expertise of GCHQ, leading academics and industry."

GCHQ said any company can participate in the CyberInvest partnership. Minimum investment levels apply to companies wishing to join the initiative, ranging from £10,000 for micro businesses with fewer than 10 staff to £500,000 for large organisations with more than 250 employees.

The CyberInvest project was launched at IA15, a UK government event on cyber security and information assurance. In a speech given at IA15, Cabinet Office minister Matt Hancock said the changes the government has made in procuring IT allow it to address new cyber security risks.

"We’re treating security as a core responsibility, rather than outsourcing it to our suppliers," Hancock said. "Many successful attacks exploit out-of-date systems and GovTech used to date very quickly indeed. Some of our legacy systems were designed before the invention of the web. Security had to be bolted on top, rather than designed in from the outset. So we’re now phasing out the large inflexible contracts that locked us into aging IT. And we’re building iterative, adaptive systems, which allow us to rapidly react to new threats."

"We can change the code that runs GOV.UK within an hour for example. We now need to embed this approach across Whitehall," he said.

GCHQ director Robert Hannigan told IA15 conference delegates about concerns he has with the way the cyber security market has developed.

"Standards are not yet as high as they need to be. Take up of [cyber security] schemes is not as high as it should be," Hannigan said. "So something is not quite right here. The global cyber security market is not developing as it needs to: demand is patchy and it is not yet generating supply. That much is clear."

"The normal drivers of change, from regulation and incentivisation through to insurance cover and legal liability, are still immature. And what's also clear is that we cannot as a country allow this situation to continue. So we need, as a government and industry dialogue, to work out: how to make the market work better; and how to foster a national ecosystem that promotes cyber security and the skills we need automatically," he said.

Hannigan warned businesses that "significant cyber attacks will become more common, not less in the coming period".

We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.