Military to enlist private sector in developing advice service for individuals and companies whose computers come under attack
The UK is to develop a new emergency response unit to help give individuals and companies instant advice when their computer systems and networks come under sustained attack.
The proposal is one of several announced by the Cabinet Office, at a time when the government says threats from cyberspace need to be given tier-one priority.
The Ministry of Defence is also planning to develop a “cyber reserve” of specialists from the private sector to give the military backup in an area in which it is short of experts.
However, experts said the government was still spending too much money developing sophisticated “top-end” cyber knowhow rather than informing members of the public about how to make their computers less vulnerable to attack. In 2010, The coalition pledged £650m to develop new cyber systems over four years, but less than £400,000 is to be spent on the Get Safe Online project, which offers basic advice about computer security.
Iain Lobban, the director of the eavesdropping and electronic spy centre GCHQ, in Cheltenham, has said 80% of attacks could be thwarted if individuals took more care.
“You could take £1m out of the budget of GCHQ and they wouldn’t notice,” said Professor Peter Sommer. “That kind of money would have a transforming effect. While much of the government’s work is well thought out, they still underestimate the extent to which some breaches are the fault of humans and not the result of external cyber criminals and spies.
“They also underplay the need to educate consumers and small businesses, both to protect themselves and to stop their machines being taken over as part of botnets, which then attack others. Out of the total cybersecurity budget, less the £400,000 goes to the main public information service, GetSafeOnline. That is less than 0.1%.”
He said progress was being made but quoted from a survey that suggested more than 93% of large corporations, and 76% of small firms had suffered a cyber security breach in the last year.
A national reporting centre for fraud and internet crime called Action Fraud had received 46,000 reports from the public in the last 12 months, he said.
Using some of the experiences gained from protecting the Olympics from cyber-attacks, Maude said the government intended to create a UK national computer emergency response team.
No details about where this will be, or how it will work, were given in the statement.
“These are still being worked out,” said a Whitehall source. “It will develop on some of the work that has already been under taken and will give organisations and individuals a chance to share important information.”
Maude set out the ideas after government officials warned the UK’s critical infrastructure – including gas, power and water utilities – had come under cyber-attack from “hostile foreign states”.
However, the secrecy surrounding many of the cyber-attacks on government and industry means very few examples are ever given. This has raised concerns that the threat is being exaggerated.
The government hopes to encourage more companies to come forward rather than to pass laws to force them to acknowledge problems.