The UK government’s National Security Strategy sets out the key strategic choices that have to be addressed to ensure the UK’s security and resilience against acts of terrorism and hostile acts in UK cyberspace. The government’s ‘Strategic Defence and Security Review’ outlined its priorities in responding to threats against our national security, and the increasing threats to our CNI. The reports set out the 15 priority risk types that the government had identified, including four critical areas which were identified as the most important threats to national security over the next five years. These particular threats, or Tier One risks, of international terrorism, attacks on UK cyberspace, national military crises and a major accident or natural hazard, such as a pandemic were identified as priority areas of concern which warranted additional funding.
Because of the country’s almost total reliance on the internet, the government subsequently set up the Office of Cyber Security & Information Assurance (OCSIA). Over the course of the last 18 months OCSIA has been looking at new ways to fight this global threat and protect the UK’s critical national infrastructure. Whilst some progress has undoubtedly been made, industry experts are still concerned about the effectiveness of the overall strategy and are calling for a more robust, home-based agency to protect the UK from the ongoing threat of cyber-attack.
One such company, Cambridge design house, Plextek, Europe’s leading independent business, product innovation and design consultancy believes that the OCSIA does not have sufficient powers and determination to deal with the potential threats and suggests that the UK needs a Cyber Attach Prevention Agency to effectively oversee and administer an effective strategy that will prevent against future cyber-attacks.
Plextek took part in a special Security and Defence Special Interest Group (SIG) meeting run by Cambridge Wireless in London earlier this year. The aim of the meeting was to discuss what better and more cost-effective ways there might be to protect the UK’s CNI and guard against the threat of potential cyber-attacks. The Security and Defence SIG discussed the defence remit with speakers addressing the topics of cyber spectrum, transportable TETRA systems for military support and defence of the UK Critical National Infrastructure (CNI). Government speakers outlined the activities of the Cyber and Influence Centre within Dstl, the MOD Research Laboratory, and described a new approach to information sharing with industry for CNI defence against emerging threats in cyber space. The meeting was also attended by industry representatives like Airwave, who presented their work in fielding demountable TETRA based systems overseas, and MASS Consultants who addressed the challenges of implementing a secure wide area wireless network from sensor to user.
Speaking at the meeting, Head of Plextek’s Systems Group, Paul Martin, outlines the concerns that were shared by many in business and enterprise:
“Over the past 20 years various UK governments have encouraged open market ownership of critical national infrastructure (CNI) such as water, energy and banks. This has produced the situation where there is significant ownership by European companies such as Santander and Veolia, and interestingly a stated ambition from one of the Chinese sovereign wealth funds “to invest in US and European infrastructure starting in Britain.”
“But just how is the UK’s CNI to be protected from Cyber-attack? Currently CNI protection is in the hands of the hard-pressed Director responsible for IT, and the budget allocated depends on far too many variables. Clearly protection of CNI is a high priority for the government, however influence over non-UK national companies that own CNI and are outside Europe will be limited and will also depend on the prevailing geopolitical situation. One possible way forward is to follow the lead taken by the USA and establish a Cyber Attack Prevention Agency whose remit is limited to UK CNI protection. This would be an advisory body able to train CNI staff, and proliferate best practice and up to the hour advice on resisting cyber-attack.”