Lord West On UK Cyber Security – More Plans In The Pipeline
Security Minister Lord West has a lengthy position statement in the latest issue of Public Service Review: Home Affairs, A Virtual Voice, in which he outlines where the UK is at in terms of cybersecurity. I’m wondering if this is the statement hinted at a few weeks ago; the timing’s certainly what we expected. Nothing of great novelty in the preamble, but then he gets onto the meat of organisational implementation of the June 2009 UK Cyber Security Strategy:
The cyber security strategy will help to keep the UK safe by building on existing work, identifying gaps and overlaps in work areas. It puts in place two new organisations – the Office of Cyber Security (OCS) and the UK Cyber Security Operations Centre (CSOC) – that will design, initiate and oversee a programme of work to address them. The cyber security strategy provides the strategic framework for doing this systematically, centred on clear high-level objectives: reducing risk from the UK’s use of cyberspace and exploiting the opportunities that cyberspace presents. Both of these will be enabled through action to improve the knowledge, capabilities and decision-making we need. The strategy is also very clear about the need to maintain ethical safeguards – people have valid concerns about the preservation of civil liberties, and the protection of individual privacy in particular. When we launched the strategy, I made it clear that, as with all our national security activity, it is important that government powers are used proportionately and in a way consistent with individual liberty. We have committed to setting up an ethics advisory group to provide the necessary oversight for our cyber security work, to this end. When it is formed, I will be updating the House on its membership.
To make sure we progress towards the strategy’s objectives, I have overseen the initial establishment of the new Office of Cyber Security that will provide strategic leadership across government, and the multi-agency Cyber Security Operations Centre in Cheltenham that will actively monitor the health of cyberspace and coordinate incident response, enable better understanding of attacks against UK networks and users and provide better advice and information about the risk to business and the public. We have made substantial progress since the publication of the strategy. The heads of both organisations have been appointed, and we are continuing to actively recruit staff from across government, even as we push forward work in the priority areas that the strategy identified as particularly urgent.
Both organisations will be working towards an embryonic capacity capable of releasing early products in autumn 2009. One early priority will be the cyber security industrial strategy, which aims to identify all the different ways in which industry and the government interact in the field, from procurement to regulation. Having identified these relationships, and looked at other industry areas for further input, the strategy will investigate how we can optimise them to suit the needs of both industry and the government. We are also progressing work on e-crime to build the most effective structure that enables close cooperation between SOCA, the Metropolitan Police and other stakeholders to tackle the threats faced. On international engagement, the UK is fully represented in all the relevant fora as cyber becomes increasingly discussed, and we are building strong partnerships with other like-minded nations. Lastly, we are examining the doctrine that underpins cyber security; it is a new area that will require careful planning in this regard.
The sections in bold are my highlights, obviously, and these are news items.
1. Ethics Advisory Group?
Good news. Desperately needed, and something should have been in place before the Home Office started tampering with the internet a few years back. Its efficacy and legitimacy will rely on its relationship with government. The very thought of an ethics group will be criticised in some quarters as an a priori attempt to shape the internet environment; hopefully that charge will be groundless and will focus instead on government policy, as West’s statement suggests.
I’m fascinated to see who ends up on the panel. I hope Parliament holds West to his word to report on progress in this field.
2. Active recruitment across government?
It’s still unclear whether staff are being co-opted from departments and will remain in post, or whether they are being transferred to the new OCS and CSOC.
3. CSOC and OCS releasing early products in autumn 2009?
Products? A curious choice of word. We’re also in autumn 2009, so does that mean we can soon expect a …
4. Cyber Security Industrial Strategy?
There may be one, in which case it’s passed me by but I suspect it’s not out yet. OCS have definitely been meeting and greeting industry and politicians over the last couple of months. This will provide us with further pointers to the private-public partnerships aspired to in the cyber strategy.
5. A New E-Crime Structure?
You know as much as I do …
6. Doctrine?
Yes, this is true. The military are actively looking at ‘cyber doctrine’, and will provide input into, first, a Green Paper (February/March 2010) and, second, the Strategic Defence Review due early in the next parliament (summer 2010?). I don’t know if ‘doctrine’ is meant in any wider sense.
Interesting stuff. More here if I find out any more.
