Keeping an eye on cyberspace

Cyber security

As the Minister for the Cabinet Office, Francis Maude is principally responsible for the public sector efficiency and reform agenda, a key part of which is the drive towards government transparency – in other words, opening up every sort of government-held information to public scrutiny and commercial enterprise.

Underpinning all this, computing and the internet are absolutely fundamental. Technology on its own, however, is not enough; it needs to be underpinned by genuine confidence in its use. Confidence that it will work, confidence that it is resilient and confidence that it is secure. Furthermore this confidence has to be shared equally by the providers of these services – the government – and the consumers of these services – industry and the general public.

THE MODERN WAY
It’s worth reminding ourselves how revolutionary all this is. Some of us are old enough to remember Reuters ticker-tape, the first fax machines and answer phones, and mobiles the size of suitcases. In less than a generation we’ve gone from that to the iPhone and the internet – to being able to talk, shop, look things up, get something translated, play games, send a document, watch a movie – all on an affordable device that’s small enough to slip into your pocket.

A recent McKinsey report published for the e-G8 at Deauville estimates that some two billion people – almost a third of the world’s population – are now connected to the internet, and that almost eight trillion dollars change hands each year in e-commerce.

What this revolution is usually, and rightly, likened to, is the invention of the printing press. However the analogy that’s perhaps more relevant here is that of the motor car. A century ago, the invention of the combustion engine gave birth to an age of mass travel – of freedom to explore, investigate, journey far beyond our own immediate horizons. It transformed everything about our society, overwhelmingly for the better. But it also brought road accidents, and to reduce them a whole panoply of new rules and regulations.

The superhighways of the internet are similarly transformative for the good, but similarly need their speed cameras and crash barriers – not so as to stop people travelling, but so as to let them do so safely.

CYBER CRIMINALS
Amongst the greatest threats to the safety of the internet are, of course, cyber-crime and cyber-espionage. The recent spate of stories to hit the news – the attacks on the CIA, the IMF, Citigroup, Sony, Google and Lockheed Martin amongst others – have focused our attention on the risks to security that cyberspace poses. The alleged ‘hacktivist’ behind the attacks on the Serious Organised Crime Agency (SOCA) – a nineteen year-old living with his mother in Essex – was arrested only last week. It’s not clear whether these high-profile cases signal a new crime wave, or simply that companies are now more confident in admitting to data losses – the stigma of the past is beginning to ebb away. But either way, they are only the tip of an iceberg.

Exact figures are impossible to pin down, but a recent study suggests that cyber-crime – state-sponsored, criminal, or merely mischievous – now costs the UK £27 billion annually. £2.2 billion of these losses are borne by government, £3.1 billion by individuals, in the form of fraud and ID theft, and by far the largest portion – £21 billion – by industry, in the form of theft of intellectual property, customer data and price-sensitive information. And that’s not counting reputational damage.

Though these are only rough estimates, they give an idea of the vast scale of the problem.

Just as cyber-criminals act internationally, so must cyber crime fighters. Britain has finally ratified the Budapest Convention on Cybercrime, which is designed to speed up the investigation of computer crime that crosses national borders. The treaty was signed by the Foreign Secretary late last month and deposited at the Council of Europe. William Hague will also be hosting an international cyber conference in London this autumn, designed to develop a worldwide consensus around what constitutes acceptable behaviour in cyberspace.

WORK IN THE UK
Here in Britain, our new National Security Strategy cites cyber-security as a Tier One risk – one of only four, the others being international terrorism, a major industrial accident or natural disaster, and an international military crisis. Hence our new National Cyber Security Programme (NCSP), which after only five months of preparation has now gone live, with £650m of new funding allotted to cyber security over the next four years.

Designed to tackle online crime and industrial espionage as well threats to national security, it has a broad remit. New money will go to GCHQ to build on existing, world class cyber capabilities and to a new cyber defence unit within the MoD. But it will also go into the police, into developing formal training courses in schools and colleges, into public awareness campaigns, and into learning from the private sector, which is often far in advance of government in this field.

The UK government is helping facilitate what we are calling for short ‘the hub’. This will be a forum within which businesses and public bodies can put short-term commercial interests aside in favour of regularly pooling knowledge and resources for the national interest. Though banks and financial institutions already work closely with SOCA and the Metropolitan Police’s e-crime unit in this regard, and energy providers share information with the Centre for the Protection of Critical Infrastructure (CPNI), we are the first country to take this approach in such a broad and systematic way.

Cyber-security isn’t just about geeky teenagers sitting in their bedrooms. Increasingly it’s about hostile governments and well-organised criminal gangs. Nor is it a fringe issue, the province of techies and conspiracy theorists. It affects us all. Year by year, the internet becomes ever more integral to our society – to the way we chat, do business, learn, pay our taxes, find the best surgeon for an operation or the right school for our children.

Whole new communities, businesses, ways of becoming better informed or simply having fun exist on the back of a technology that is still only twenty years old. Like for all pioneers, there’s still a long way to go, and all we can say for sure is that we will get to places that today we can’t even imagine.