Safety by trust: British model of cyber security. David Wallace, First Secretary, Head of of the Policy Delivery Group British Embassy in Warsaw

Transcription

1 Safety by trust: British model of cyber security David Wallace, First Secretary, Head of of the Policy Delivery Group British Embassy in Warsaw

2 Strategy Structure Campaign Partnerships

3 Strategy

4 The UK s Cyber Security Strategy THE VISION Our vision is for the UK in 2015 to derive huge economic and social value from a vibrant, resilient and secure cyberspace, where our actions, guided by our core values of liberty, fairness, transparency and the rule of law, enhance prosperity, national security and a strong society. THE FOUR STRATEGIC OBJECTIVES Tackling cyber crime and making the UK one of the safest places to do business online Making the UK more resilient to cyber attack and better able to protect our interests in cyberspace Helping shape an open, vibrant and stable cyberspace that supports open societies Building the UK s cyber security knowledge, skills and capability from The UK Cyber Security Strategy, 25 November 2011

5 The National Cyber Security Programme Further deepen our national sovereign capability to detect and defeat high-end threats; Ensure law enforcement has the capabilities it needs to tackle cyber crime and maintain the confidence needed to do business on the internet; Ensure critical UK systems and networks are robust and resilient; Improve cyber awareness and risk management amongst UK business;

6 The National Cyber Security Programme: 860m over five years The NCSP, complemented by existing departmental cyber spend, has funded a step change in the UK s cyber capabilities. The programme is co-ordinated by the Cabinet Office, which allocates funds, monitors progress against deliverables, and is developing a set of metrics to measure the impact of the programme.

7 Structure

8 Office for Cyber Security and Information Assurance (OCSIA) Programme Management (Non policy team) Delivery Reporting Benefits assessment Performance management Communication Department for Culture, Media and Sport: Internet governance Home Office : Cyber crime, Data retention, Security exports Cabinet Office, Director: James Quinault Public Sector & Threats (Policy team) Public Services Offensive cyber Telecoms Science & Technology Science & Technology including Academic Centres of Excellence Supply chain management Ministry of Defence: EU/NATO, Offensive cyber National Crime Agency: Cyber crime, training No. 10 / National Security Council OCSIA Reporting to National Security Secretariat (NSS) Private Sector (Policy team) Critical National Infrastructure (CNI) Financial sector Energy sector Regulation / standards (NIS directive) Exercises Skills & Education Security & Intelligence Agencies CERT UK Cyber Policy Department, FCO (Joint unit with OCSIA) Director: Chloe Squires EU & NATO Internet governance International Security Bilateral Alliances & Operational Engagement Cyber Security Capacity Building Export risks and prosperity Cyber crime Skills & Education Key Whitehall departments including the FCO with cyber interests and reporting to the National Cyber Strategy Programme run by OCSIA Business, Innovation and Skills: EU, EU cloud/ Big Data, cyber essentials, standards, Academic UKTI : Cyber exports Cyber Growth Partnershi p and UK Cyber industry

9 Security of government ICT Systems CESG provides: a service to government departments and agencies on managing cyber threats and risks to information they hold or carry, guidance, including security guidance covering eleven common desktop and mobile platforms; accreditation for skilled personnel on cyber security; training; advice on application of specific solutions; use and deployment of cryptographic products and in-depth technical consultancy if required; GovCERT, computer emergency response team which supplies urgent alerts and advice to departments on specific cyber threats and attacks as well as responses to incidents.

10 Partnerships

11 Partnership with the industry The Cyber-security Information Sharing Partnership (CiSP), part of CERT-UK, is a joint industry government initiative to share cyber threat and vulnerability information in order to increase overall situational awareness of the cyber threat and therefore reduce the impact on UK business. CiSP allows members from across sectors and organisations to exchange cyber threat information in real time, on a secure and dynamic environment, whilst operating within a framework that protects the confidentiality of shared information. CiSP members are also able to receive network monitoring reports. This free service allows users to receive tailored feeds of information from CERT-UK covering any malicious activity that we see on your network. Users can sign up for this service when they join CiSP or register your interest and a member of the team will get back to you when you have the necessary information.

12 Campaigns

13 A number of voluntary schemes Examples: Cyber streetwise Cyber essentials 10 steps to cyber security

14 Cyber streetwise

15

16 10 steps to cyber security

17 Cyber Essentials

18 Thank you