Out-Law News 3 min. read
18 Nov 2015, 4:53 pm
In a speech on Tuesday, George Osborne said businesses need to "protect their own networks, and harden themselves against cyber attack". He said intelligence agency GCHQ is currently "monitoring cyber threats from high end adversaries against 450 companies across the aerospace, defence, energy, water, finance, transport and telecoms sectors".
The government will ensure the UK has "the regulatory framework it needs" to provide for business' cyber resilience, "particularly in the sectors we define as the critical national infrastructure", Osborne said. At EU level, negotiations continue on a new Network and Information Security Directive, which is aimed to bolster the cyber resilience of critical national infrastructure. The Directive, once finalised, will need to be implemented in the UK.
"If the lights go out, the banks stop working, the hospitals stop functioning or government itself can no longer operate, the impact on society could be catastrophic," Osborne said. "So government has a responsibility towards these sectors, and the companies in those sectors have a responsibility to ensure their own resilience. Any new regulation will need to be carefully done – light enough and supple enough that it can keep up with the threat, so it encourages growth and innovation rather than suffocates it."
Support for new cyber security companies was also announced by the chancellor. He said to "cyber innovation centres" would be set up to support the development of cyber start-ups and that special funding has been earmarked to provide investment to cyber security businesses through government procurement.
"I can announce today that we will create a £165 million Defence and Cyber Innovation Fund, to support innovative procurement across both defence and cyber security," Osborne said. "It will mean that we support our cyber sector at the same time as investing in solutions to the hardest cyber problems that government faces."
Osborne said a new National Cyber Centre will be established, based at the headquarters of GCHQ in Cheltenham, as well as further investments aimed to improving the UK's ability to defend itself from cyber attacks.
"It is right that we choose to invest in our cyber defences even at a time when we must cut other budgets," Osborne said. "For our country, defending our citizens from hostile powers, criminals or terrorists, the internet represents a critical axis of potential vulnerability. From our banks to our cars, our military to our schools, whatever is online is also a target."
"The stakes could hardly be higher – if our electricity supply, or our air traffic control, or our hospitals were successfully attacked online, the impact could be measured not just in terms of economic damage but of lives lost," he said.
Osborne warned that ISIL are building cyber attack capabilities with the intent to "kill people … by attacking our infrastructure". Osborne said the UK is, though, "developing a series of measures" to defend itself "more actively", including a "full spectrum" of capabilities to "hit back" against, and "take the fight" to, attackers.
"We need to destroy the idea that there is impunity in cyberspace," Osborne said. "We need those who would harm us to know that we will defend ourselves robustly. And that we have the means to do so… We reserve the right to respond to a cyber attack in any way that we choose.
And we are ensuring that we have at our disposal the tools and capabilities we need to respond as we need to protect this nation, in cyberspace just as in the physical realm."
"We are building our own offensive cyber capability – a dedicated ability to counter-attack in cyberspace. We have built this capability through investing in a National Offensive Cyber Programme. The Programme is a partnership between the Ministry of Defence and GCHQ, harnessing the skills and talents of both organisations to deliver the tools, techniques and tradecraft required for the UK to establish a world class capability. And we will now commit the resources to develop and improve this capability over the next five years," he said.
A new national cyber security strategy will be published in 2016, Osborne said.
Earlier this month the UK government set out plans to modernise communication surveillance laws to close gaps in the capabilities of intelligence and security agencies to identify terrorist and serious criminal activity. The technological feasibility of the plans are being scrutinised by a committee of MPs.