Is the UK government’s Cyber Security Strategy any good?

The British government released its long-awaited Cyber Security Strategy on Friday, just over a year after its initial decision to plough £650m into the area was revealed.

Some of the key parts of the strategy include:

• a cyber security ‘hub’ where government and businesses will be able to exchange information on threats and responses, with GCHQ at the forefront of this cross-fertilisation of skills and knowledge.
• A cyber crime unit to be set up within the new National Crime Agency with input from the Met’s PCeU and Soca’s e-crime unit

•  a single fraud reporting system for cyber crime.
•  recognition of the need to protect critical infrastructure with the strengthening of the Centre for Protection of the National Infrastructure
• creation of a new Joint Cyber Unit hosted by GCHQ which will further develop military capabilities.

• User education was also highlighted as key, with Get Safe Online’s web site getting a revamp, and the government also work with ISPs to form a new voluntary code of conduct to help users identify if their computers have been compromised and what they can do about it.
• Finally, on the international front, the government said it would continued to foster dialogue between companies as per the recent London Conference on Cyberspace which I reported from.

All told I think the government has made a pretty good stab at things here. Although it has been a long time coming, I can’t really think of an area which it hasn’t addressed and in general the commentators are all making the right noises about this one.

The tone seems to be very much of engaging with private sector, of knowledge sharing and of improving user education, which experts in the industry have been crying out for for so long now.

My only slight concern is that there has so far been no mention of exactly how much money Get Safe Online will get. It blatantly needs a significant profile boost as despite the best efforts of Tony Neate and co, it is still somewhat marginalised.

The other worry is that the PCeU will also lose its voice if it is subsumed into a larger National Crime Agency body, just as the NHTCU was when its work was folded into Soca.

These are minor concerns though and the government is certainly on the right path. Trend Micro EMEA director of security research Rik Ferguson even went so far as to tell me  that if delivers on the report’s goals, “it will put us in a leading position in Europe and globally to prevent online crime in the first instance and take action where it does arise”.

He also explained that the government had consulted heavily with industry to draw up the strategy, which in itself is a positive step. The only way to make headway against cyber crime / warfare is to take an inclusive, collaborative approach like this –  government and industry together is a far more formidable prospect for the bad guys.