Government Archives - Cyber Secure Forum | Forum Events Ltd
Posts Tagged :

Government

Public-private partnership launched to tackle UK cyber skills shortage

 960 640 Stuart O'Brien
By:
0
0

It’s hoped more people will soon be able to secure fulfilling, highly skilled jobs in the cyber security industry through a new scheme to address the shortage of cyber security experts launches its next iteration.   

HM Government and training provider SANS have partnered to launch the Upksill in Cyber training programme to help UK  professionals make a career change into cyber security. The programme, lasting 14 weeks, offers training, career advice and interview training to help workers change careers into cyber security roles.  

So far, it has trained over 200 students with non-cyber backgrounds. Many have gone on to secure guaranteed job interviews upon successful completion of the training programme. 

Andrea Csuri, a recent graduate of the Upskill in Cyber programme has successfully switched from the retail industry to a cyber security analyst role. She said “The programme was incredibly comprehensive, covering a vast array of topics related to cyber security. I was able to connect with mentors who work in the cyber security field, which was of great interest to me. Additionally, the live sessions with a recruiter were a fantastic resource, providing me with insights and advice on how to navigate the job market in this field. I now work as an Analyst for a company that helps organisations manage their IT and cyber security risks”. 

Recent research by SANS Institute found that 44% of the UK workforce have considered a career change in the last year. However, only 6% have taken an interest in pursuing a career in cyber security despite ranking better pay, career advancement opportunities, and flexible working as the top three benefits of pursuing a career in cyber security. This is due to a lack of understanding about the industry, roles available or the skills needed to even consider pursuing a career in cyber security   

To tackle this, SANS and HM Government are now launching the second iteration of the programme, to power stronger growth and better jobs by upskilling more individuals into cyber security.   

Minister for Science, Innovation, and Technology, Viscount Camrose, said, “The UK is rapidly establishing itself as a world leader in cyber security, and ensuring people have the skills they need to access jobs in the industry is key to cementing and expanding that reputation”. 

“The Upskill in Cyber programme lets us do exactly that – removing knowledge and skills barriers for aspiring cyber security professionals, and supporting them into the exciting new careers which fuel innovation, drive growth and protect our economy”.   

Stephen Jones, Managing Director of SANS Institute, added: “We have found that certain businesses lack the incident response and governance cyber security skills needed to face up to the realities of a challenging threat landscape. Our training programme helps to eradicate these skills gaps, breaking down barriers to facilitate the transition into a career in cyber. Individualised training equips candidates with both a solid theoretical foundation and hands-on practical skills, enabling them to tackle the most pressing security threats that organisations face today.” 

“The Upskill in Cyber programme opens up the dynamic world of cyber security to people from all walks of life,” said Ciaran Martin, Director of CISO (Chief Information Security Officers) Network at the SANS Institute. “Our training approach will equip and empower candidates with the skills and experiences they need to make them deployable in the cyber security workforce in just a matter of weeks. Throughout the programme, candidates will receive world-class training and support, gaining first-hand access to key industry representatives to better understand rising threats, roles, and responsibilities. In our 2022 programme, 100% of the candidates were provided with multiple opportunities to interact with hiring organisations. We are excited to witness the programme’s continued growth and success this year, as it unlocks new career opportunities in a diverse, dynamic, and forward-thinking industry brimming with potential.” 

What more, if anything, should governments be doing about cyber actors?

 960 640 Guest Post
By:
0
0

By Will Dixon, Global Head of the Academy and Community at ISTARI

Cyberattacks are becoming more frequent, and their potential consequences are becoming more severe. With Critical National Infrastructure and other important services constantly in the virtual crosshairs of both state actors and cybercriminals, it is entirely conceivable that an attack, or a series of attacks, will lead to significant public harm.

In the event that this happens, governments and law enforcement will find themselves facing calls to act. In the eyes of the public, we might assume that doing so would seem natural; after all, offensive cyber operations are not as risky as military operations in the real world, so why not do more to disrupt these groups?

The picture is, of course, not as simplistic. The negotiations currently taking place at the United Nations on a treaty on cybercrime are demonstrative of the complexity of getting international agreements on what constitutes a cybercrime. The penalties that should be enacted against the perpetrators and the powers global law enforcement agencies should have in order to prosecute these perpetrators are also up for debate.

That definition is fiercely contested, given the significant implications for countries such as Russia and China that want the definition to include terms allowing them to impose strict censorship laws and pursue dissidents. While this debate continues, the lack of agreed rules of the road is leading to action against cyber criminals.

Nonetheless, the relentlessness of cybercrime means that it is worth considering how governments and law enforcement should deal with cyber criminals. We have seen how knee-jerk reactions to major events have led to poor outcomes in the past. The cyber community should endeavour to avoid making the same mistakes.

Change in Policy

There needs to be more cooperation between national and supranational agencies, which includes better access to global data sources. This would require deep, scalable operations and partnerships with law enforcement agencies on an international scale. Some of these partnerships will likely involve countries that would rather not collaborate.

It will also require better collaboration between victim organisations and law enforcement, as the recent takedown of Hive, a ransomware group that targeted more than 1,500 victims in over 80 countries around the world, has shown. Close cooperation between victims and forensics investigators at the FBI ultimately allowed law enforcement to map and disrupt the entire Hive network. If law enforcement agencies want to do this on a wider scale, they must open their doors to victims and make sure that these victims are not afraid of further penalties for being more open about the events that resulted in an attack.

Implementing Positive Incentive Models

It is an unfortunate reality that there are not nearly enough cybersecurity companies or organisations that possess the bespoke capabilities, human resources, and training to safely secure the convergence of enterprise software, the Internet of Things (IoT), and Operational Technology (OT) environments associated with Critical National Infrastructure. Preventing harm to the public requires that we fix this.

While there are many negative incentive models, such as regulation and fines for non-compliance, this can only take us so far. More positive incentive models are needed, whereby the government works alongside the community to provide resources and the financial support required to create a strong ecosystem of organisations that can navigate the complexity of critical national infrastructure environments. There has been some evidence of this in the USA, such as the federal government’s investment in cybersecurity controls following the Colonial Pipeline attack. However, more meaningful public-private cooperation is needed in order to create the ecosystem of advanced capabilities we need.

Moving Forward

There is no escaping the fact that the cyber-threat level is growing, and it appears that we are on an unavoidable path towards law enforcement campaigns acting against cyber criminals. Whilst an appetite for more muscular action against cybercriminals is entirely understandable, we must also accept that it is not guaranteed to make a positive difference; campaigns against international criminal networks of other kinds have proved ineffective before. If we want to keep digital systems and the public they serve safe from harm, we need to invest more time and effort in creating the capabilities to do so.

Ireland and UK tout ‘key’ partnership for countering cyber threats

 150 150 Stuart O'Brien
By:
0
2

The head of the UK’s National Cyber Security Centre has highlighted the importance of continued collaboration between Ireland and the UK to protect shared interests and counter threats in cyberspace.

Speaking virtually to an audience at the influential Institute of International & European Affairs (IIEA) in Dublin, Lindy Cameron (pictured) described the Ireland-UK relationship as a “source of great strength.”

The CEO of the NCSC – which is a part of GCHQ – depicted the partnership as crucial in “combatting our shared threats”, and highlighted the risks posed by established states that seek to do both nations harm through cyber attacks.

She discussed how critical national infrastructure that is shared between Ireland and Northern Ireland, such as the rail link between Belfast and Dublin, present attractive targets for cyber criminals and hostile states.

Cameron said: “The governments of both UK and Ireland have been clear that they will not tolerate malicious cyber activity, and we have and will publicly call out state-level attacks.

“State sponsored cyber activity represents one of the most malicious strategic threats to the national interests of both the UK and Ireland. It is hugely important.

“Tracking and defending the UK from our most sophisticated adversaries represents much of our core business, usually working to support victims behind the scenes. 

“State threats are a reality in cyberspace. Four nation states – China, Russia, North Korea and Iran, have been a constant presence in recent years. As I’ve said before, we face a determined, aggressive Russia, seeking traditional political advantage by new, high-tech means.”

On the recent ransomware attack impacting Ireland’s Health Executive (HSE), Cameron praised the Irish government’s response and its refusal to pay the ransom. She noted that cyber criminals are out to make money – and the more times a method is successful, the more times it will be used.

Elsewhere, Cameron also emphasised the importance of relationships across the global cyber community, which includes collaboration between all four nations of the UK sharing information and threat assessments with international partners.

She outlined the strength of the UK’s relationship with its allies and close partners across the world, and reaffirmed the commitment to take collective action against the threat.

Government and Financial Services best equipped to defeat cyber attacks

 960 640 Stuart O'Brien
By:
0
0

Government and Financial Service sectors globally are the most hardened against cyberattacks in 2020.

That’s according to the third edition of the Synack Trust Report, a data-driven analysis of cybersecurity preparedness across all sectors and industries, found that government and Financial Services scored 15 percent and 11 percent higher, respectively, than all other industries in 2020.

Government agencies earned the top spot in part due to reducing the time it takes to remediate exploitable vulnerabilities by 73 percent.

Throughout the year, both sectors faced unprecedented challenges due to the global COVID-19 pandemic, but still maintained a commitment to thorough and continuous security testing that lessened the risk from cyberattacks.

“It’s a tremendously tough time for all organizations amidst today’s uncertainties. Data breaches are the last thing they need right now. That’s why it’s more crucial than ever to quickly find and fix potentially devastating vulnerabilities before they cause irreparable harm,” said Jay Kaplan, CEO and Co-Founder of Synack. “If security isn’t a priority, trust can evaporate in an instant.”

The 2020 Trust Report is grounded in data from the patented Attacker Resistance Score (ARS) Metric, which drew information directly from tests conducted on the Synack Crowdsourced Security Platform from 2019 through July 2020 — right through the COVID-19 response period. Synack calculates a unique ARS metric between 0 and 100 for every asset, assessment and organization it tests. The calculation takes into account attacker cost, severity of findings and remediation efficiency. The higher the ARS, the more hardened assets are against attack.

“The 2020 Synack Trust Report is a must-read for anyone who has ever been asked by their C-Suite, CEO, or Board: ‘Can I trust our digital systems? And how do we compare to other companies?'” wrote Michael Coden, Global Leader Cybersecurity Practice, BCG Platinion, Boston Consulting Group, in his forward to the 2020 Trust Report. “The report makes it clear that companies surviving the continuous barrage of cyberattacks are the ones that frequently test as many of their digital assets as possible with the appropriate depth and breadth to the criticality of that asset.”

Key 2020 Trust Report findings include:

The Government sector earned 61 — the highest rating

The chaos of 2020 added new hardship to many Government bodies, but security hasn’t necessarily suffered as many agencies have become more innovative and agile. Their ability to quickly remediate vulnerabilities drove this year’s top ranking. 

Financial Services scored 59 amidst massive COVID-19 disruptions

Financial Services adapted quickly through the pandemic to help employees adjust to their new remote work realities and ensure customers could continue doing business. Continuous securitytesting played a significant role in the sector’s ARS.

Healthcare and Life Sciences scored 56 despite pandemic challenges

The rush to deploy apps to help with the COVID-19 recovery led to serious cybersecuritychallenges for Healthcare and Life Sciences. Despite those issues, the sector had the third highest average score as research and manufacturing organizations stayed vigilant and continuously tested digital assets.

Severity of vulnerabilities found on the Synack platform increases

Twenty-eight percent of the vulnerabilities discovered by the Synack Red Team, the community of ethical hackers working on the Synack platform, were considered high, very high or critical. Synack leads the industry in finding the most critical and dangerous vulnerabilities in customers’ digital assets and apps, giving them the insight necessary to prevent attacks.

ARS scores increase 23 percent from continuous testing

For organizations that regularly release updated code or deploy new apps, point-in-time securityanalysis will not pick up potentially catastrophic vulnerabilities. A continuous approach to testing helps ensure vulnerabilities are found and fixed quickly, resulting in a higher ARS metric.

Visit www.synack.com to download the report for free.

42% rise in companies reporting cyber attacks by foreign governments

 960 640 Stuart O'Brien
By:
0
0

In 2018, 19% of organisations believed they were attacked by a nation-state – That figure increased to 27% in 2019, with companies in North America the most likely to report nation-state attribution, at 36%.

That’s according to Radware’s 2019-2020 Global Application & Network Security Report, which found that more than one in four respondents attribute attacks against their organisation to cyber warfare or nation-state activity. 

“Nation-state intrusions are among the most difficult attacks to thwart because the agencies responsible often have significant resources, knowledge of potential zero-day exploits, and the patience to plan and execute operations,” said Anna Convery-Pelletier, Chief Marketing Officer at Radware. “These attacks can result in the loss of sensitive trade, technological, or other data, and security teams may be at a distinct disadvantage.”

Radware says the findings come at a time of heightened anxiety for security managers. Organisations are increasingly turning to microservices, serverless architectures, and a mix of multiple cloud environments. Two in five managers reported using a hybrid environment that included cloud and on-premises data centers, and two in five said they relied on more than one public cloud environment. However, only 10% of respondents felt that their data was more secure in public cloud environments.

As organisations adapt their network infrastructure to enjoy the benefits of these new paradigms (such as microservices and multi-cloud environments), they increase their attack surface and decrease the overall visibility into their traffic. For example, 22% of respondents don’t even know if they were attacked, 27% of those who were attacked don’t know the hacker’s motivations, 38% are not sure whether an Internet of Things (IoT) botnet hit their networks, and 46% are not sure if they suffered an encrypted DDoS attack. 

Convery-Pelletier added: “This report finds that security professionals feel as though the battlefield is shifting under their feet.  Companies are increasingly adding and relying upon new paradigms, like microservices, public and hybrid clouds, and IoT, which means the infrastructure is harder to monitor for attacks. These new technologies force a shift in security implementation into the development teams.  Security is often an afterthought as businesses march forward, and there is a misconception that ‘good enough’ is enough.”

In addition, the report also found:

The emergence of 5G networks. As the push for 5G grows, there exists an important opportunity to build security into networks at its foundations. Despite the increasing buzz around 5G networks, only 26% of carriers responded that they felt well prepared for 5G deployment, while another 32% stated that they were somewhat prepared.  

Be careful what you wish for in terms of IoT. 5G promises to advance organisations’ implementation of and the value they derive from IoT technologies, but that promise comes with a corresponding increase in the attack surface. When it comes to IoT connected devices, 44% of respondents said malware propagation was their top concern, while lack of visibility followed at 20% and Denial of Service at 20%.

Data loss is top concern. About 30% of businesses stated that data theft as a result of a breach was their top concern following an attack, down from 35% the previous year, followed by service outages at 23%.  Meanwhile, 33% said that financial gain is a leading motivation for attacks.

To read Radware’s ERT report, visit https://www.radware.com/ert-report-2020/

£36m public funding for hack-resistant chips

 960 640 Stuart O'Brien
By:
0
0

The UK government has partnered with Arm to develop chip technologies that are more resistant to cyber threats, backed by £36 million in funding.

The move kicks off the the next phase of the government’s Digital Security by Design initiative, which is also backed by Google and Microsoft.

Official figures say the average cost of a cyber-attack on a business – where a breach has resulted in loss of data or assets – has increased by more than £1,000 since 2018 to £4,180.

In addition to robust software, the government says innovative hardware and systems solutions are critical to defend advanced technology and our defence systems.

This project is aiming to prevent hackers from remotely taking control of computer systems as well as targeting cyber-attacks and breaches, meaning more businesses providing online services are better protected. It will also create new business opportunities and help boost productivity.

A further project, backed by £18 million government investment through the Strategic Priorities Fund (SPF), will tackle some of the dangers of the online world from privacy abuses and wrongful use of data like disinformation and online fraud.

The initiative will help provide solutions to some of the issues identified in the government’s Online Harms white paper, which sets out plans for world-leading legislation to make the UK the safest place in the world to be online. The project will help understand what businesses and individuals need to reduce the harm they are exposed to by using online platforms and will aim to develop more trustworthy technology.

This, the government says, will help to prevent incidents of online fraud, phishing emails, impersonating organisations online and viruses or other malware like ransomware, which cost the UK economy millions of pounds in lost productivity.

Business Secretary Andrea Leadsom said: “Cyber-attacks can have a particularly nasty impact on businesses, from costing them thousands of pounds in essential revenue to reputational harm.Cyber-criminals operate in the shadows, with the severity, scale and complexity of breaches constantly evolving. It’s critical that we are ahead of the game and developing new technologies and methods to confront future threats, supporting our businesses and giving them peace of mind to deliver their products and services safely. Investing in our world-leading researchers and businesses to develop better defence systems makes good business and security sense.”

Minister for Digital and Broadband Matt Warman added: “The government wants the UK to be the safest place to be online and the best place to start and grow a digital business. As these investments show, we are determined to create the right environment to foster our thriving digital economy while giving people renewed confidence and trust in online services.We will always be firm in our support for the UK’s tech sector. Thanks to our work with the UK’s world-leading academic institutions and our business-friendly environment, we are helping entrepreneurs use technology to improve people’s lives and find solutions to future challenges.”

Government strives to increase diversity in cyber security

 960 640 Stuart O'Brien
By:
0
0

The third round of funding through the Cyber Skills Immediate Impact Fund (CSIIF) has been launched by Cyber Security Minister Nigel Adams.

The Fund aims to increase the number and diversity of people entering the cyber security profession, with training providers able to bid for up to £100,000 to work with employers and design training programmes which retrain a diverse range of individuals for a career in cyber security.

Alongside this Adams has also announced that after a competitive grant competition, the Institution of Engineering and Technology (IET) has been appointed the lead organisation in charge of designing and delivering the new UK Cyber Security Council, alongside a wider alliance of cyber security professional organisations.

The UK Cyber Security Council will aim to coordinate the existing professional landscape, to make cyber security a well structured and easy to navigate profession which represents, supports and drives excellence going forward.

Cyber Security Minister Nigel Adams said: “The UK is a world leader in tackling cyber attacks but we must make sure we continue to develop the talent we need to protect the public and business online.

“This latest round of funding demonstrates our commitment to make sure the UK’s cyber security industry has a skilled and diverse workforce and, through our new Cyber Security Council, there are clear paths for those wishing to join the profession.”

Simon Edwards, IET Director of Governance and External Engagement, said: “It’s fundamental that cyber security is seen as a nationally recognised and established profession with clear career pathways. The IET, alongside an alliance of professional cyber security organisations, will bring together the credibility and knowledge across a wide range of disciplines to further strengthen the UK’s leadership position in cyber security innovation and resilience on the global stage. With cyber skills shortages already emerging at every level, we are committed to working with the Government and the National Cyber Security Centre on delivering the rapid, yet capable development of specialist cyber skills to meet the growing needs of the industry, manage risk and secure the next generation of talent.”

Jacqueline de Rojas, President, techUK said: “As businesses become ever more reliant on digital tools, the need for a skilled and professional cyber workforce in the UK has increased. Yet the Government’s National Cyber Security Skills Strategy found that more than half of all businesses and charities in the UK have a basic cyber security skills gap.

“Increasing diversity in the sector is one way in which we can seek to plug the growing cyber skills gap, and that is why initiatives like the Immediate Impact Fund are so important. Coupled with the creation of a new Cyber Security Council that will create clearer pathways for people entering the sector, these announcements will go a long way to ensuring that we create and nurture our cyber professionals and continue making the UK the safest place to be online.”

The deadline for applications to the Cyber Skills Immediate Impact Fund (CSIIF) is the 27th September.

Twelve initiatives have already received support from CSIIF with more than 400 people benefitting from training opportunities.

Google, Microsoft back UK government on cyber security

 960 640 Stuart O'Brien
By:
0
0

Major businesses including Google and Microsoft have pledged to help the UK tackle the most damaging cyber security threats.

Up to £117 million of private industry investment will be combined with £70 million of government funding through the modern Industrial Strategy to develop new technologies.

These will range from a new and secure hardware prototype that can cope with cyber-attacks, to software protected from new vulnerabilities appearing online.

The government says that with cyber threats constantly evolving, the best defence in the future is seen as developing innovative solutions that can work independently and protect against threats even during attacks. It also wants to ensure that every UK organisation is as cyber secure and resilient as possible.

Nearly all UK businesses are reliant on digital technology and online services, yet more than 30% have experienced a cyber-security breach or attack in the last 12 months, according to the government’s own data.

For example, hackable home wifi routers can be used by attackers in botnets to attack major services and businesses.

The government says businesses are having to spend increasing amounts on cyber security, up to 20 to 40% of their IT spend in some cases. And as more and more systems are connected, whether in the home or businesses, there is a need for security that is secure by design.

Business Secretary Greg Clark said: “Digital devices and online services are powering more of our daily lives than ever before, from booking a doctors’ appointment to buying online shopping. While these devices and services bring great benefits to businesses and consumers, they come with the associated risks of cyber-attacks and threats that are becoming increasingly complex to tackle.

“As we move to a more data-driven economy, nearly all UK businesses and organisations are reliant on these digital technologies and online services – but the threat of cyber-attacks is ever-present, with more than 30% of businesses having experienced a cyber-security breach or attack in the last 12 months.

“With government and industry investing together as part of our modern Industrial Strategy, we will ensure that the UK is well placed to capitalise on our status as one of the world leaders in cyber security by ‘designing in’ innovative measures into our technology that protect us from cyber threats. This will also help us bring down the growing cybersecurity costs to businesses.”

This expected joint investment will create projects to develop new solutions to cyber security over the next 5 years, with the aim of applying the findings in real-world markets through dedicated demo-projects led by business.

For example, these demo projects could include testing the new technology in the health sector to ensure a higher level of protection for patient data, or in consumer markets to ensure consumers’ personal data is fully protected as far as possible.

Dr Ian Levy, National Cyber Security Centre’s Technical Director said: “The National Cyber Security Centre is committed to improving security from the ground up, and we have been working closely with government to promote adoption of technology and practices to protect the UK.

“We hope this additional investment will drive fundamental changes to products we use every day. This is vital work, because improving hardware can eradicate a wide range of vulnerabilities that cause significant harm.”

Developing innovative solutions to cyber security will help put the UK at the forefront of the AI and data revolution, in support of the government’s AI and Data Grand Challenge.

Details on the upcoming rounds of funding for this Digital Security by Design challenge, which will likely bring together academics, research institutions, start-ups, SMEs and large businesses, will be announced later this year.

Image by Gerd Altmann from Pixabay

Redscan criticises new Government cybersecurity stats

 960 640 Stuart O'Brien
By:
0
0

Redscan has disputed the findings of the Department for Digital, Culture, Media and Sport’s latest Cyber Security Breaches Survey.

The firm has argued that response bias and the sample of participants makes it impossible to fully trust the data.

The DCMS report found that the cost of breaches has gone up for the third year in a row and suggests that fewer breaches are taking place (due to businesses being more secure).

Redscan has taken issue with that conclusion, with CTO Mark Nicholls stating that while the Government’s latest cybersecurity survey figures provide some interesting insights, response bias of the participants means we should avoid drawing any firm conclusions.

He said: “The finding that many businesses can identify a data breach instantly, for instance, just doesn’t ring true. Interpreting the results is also clouded by the fact that half of organisations surveyed were micro businesses with fewer than 9 employees. 

“While the report suggests that cyber security is becoming a higher priority among businesses, evidenced by more senior management buy in, businesses still struggle to properly assess the risks as well as identify and respond to breaches. 

“Despite an increase in the cost of breaches, the figures are still surprisingly low– likely due to businesses self-reporting, as well as the fact that these numbers don’t consider hidden costs such as reputational damage. 

“Nowhere near enough businesses have undertaken cyber risk assessments and less than a third made changes because of the GDPR’s introduction. These are very worrying statistics, no matter how you look at them. 

“The proportion of businesses identifying breaches or attacks (32%) is now lower than in 2018. The report suggests that this may be due to businesses being more secure, but many simply aren’t aware they’ve been breached. Attackers are getting stealthier and staying on the network undetected for longer. 

“As to the statistic that two third of business businesses can identify a breach instantly, this is patently false. Real-world data from the ICO suggests it takes closer to 60 days on average.” 

Government wants to ‘design out’ cyber threats

 960 640 Stuart O'Brien
By:
0
0

Business Secretary has announced measures for the UK to become a ‘world leader’ in the race against cyber security threats.

The government says businesses and consumers will benefit from increased security and protections built into digital devices and online services with the help of up to £70 million in government investment through the Industrial Strategy Challenge Fund, backed by further investment from industry.

This investment will support research into the design and development of hardware so that they will be more secure and resilient from the outset.

The ambitious aim is to ‘design out’ many forms of cyber threats by ‘designing in’ security and protection technology/solutions into hardware and chip designs, ultimately helping to eradicate a significant proportion of the current cyber risks for businesses and services in future connected smart products.

Clark said the best defence in the future is seen as developing innovative solutions that can work independently and protect against threats even during attacks and that the government wants to ensure that every UK organisation is as cyber secure and resilient as possible.

A further £30 million of government investment will aim to ensure smart systems, such as doors and central heating systems, are safe and secure, with more than 420 million such devices in use across the UK within the next 3 years.

The government is aiming for R&D investment to reach 2.4% of GDP by 2027.

Clark said: “This could be a real step-change in computer and online security, better protecting businesses, services and consumers from cyber-attacks resulting in benefits for consumers and the economy. With businesses having to invest more and more in tackling ever more complex cyber attacks, ‘designing in’ security measures into the hardware’s fabric will not only protect our businesses and consumers but ultimately cut the growing cybersecurity costs to businesses.

Nearly all UK businesses are reliant on digital technology and online services, yet more than 40% have experienced a cyber-security breach or attack in the last 12 months. Hackable home Wi-Fi routers can be used by attackers in botnets to attack major services and businesses. Moreover, consumers are often the worst affected by mass information leaks than the organisation that held their data. Businesses are having to spend increasing amounts on cyber security, up to 20-40% of their IT spend in some cases. And as more and more systems are connected, whether in the home or businesses, there is a need for security that is secure by design.

Digital Minister Margot James said: “We want the UK to be a safer place to live and work online. We’re moving the burden away from consumers to manufacturers, so strong cyber security is built into the design of products. This funding will help us work with industry to do just that, improving the strength and resilience of hardware to better protect consumers from cyber-attacks.”

Dr Ian Levy, National Cyber Security Centre’s Technical Director, said: “The National Cyber Security Centre is committed to improving security from the ground up, and we have been working closely with government to promote adoption of technology and practices to protect the UK.

“We hope this additional investment will drive fundamental changes to products we use every day. This is vital work, because improving hardware can eradicate a wide range of vulnerabilities that cause significant harm.”

  • 1
  • 2