UK Cyber Security Strategy themes revealed

UK Cyber Security Strategy themes revealed

Summary: Businesses will be asked to share sensitive security information with competitors as part of the UK government's upcoming Cyber Security Strategy, ZDNet UK has learned

TOPICS: Security

The UK government will urge businesses to form 'uncomfortable partnerships' with competitors as part of the upcoming UK Cyber Security Strategy, ZDNet UK has learned.

Businesses must look to forming close working relationships with competitors to share sensitive cybersecurity information, they will be told when the document is published. The UK Cyber Security Strategy is due on 25 November, a Cabinet Office spokesman confirmed on Thursday.

The document, already delayed twice, will update a two-year-old strategy and lay out the government's plans for dealing with the problems of cybercrime and cyber-espionage. The Cabinet Office leads the UK government's cybersecurity response, in conjunction with the Office of Cyber Security and Information Assurance (Ocsia) and the Cyber Security Operations Centre (CSOC) at Cheltenham.

ZDNet UK has learned from two separate sources that Owen Pengelly, deputy director of Ocsia, talked about the upcoming strategy in a closed session at the London Conference on Cyberspace on 2 November. Press movements were severely limited at the conference and even after lengthy accreditation and security procedures, journalists were barred from attending any of the sessions.

Businesses will be asked to form "uncomfortable partnerships", according to Pengelly, to share knowledge about cyberthreats and attacks. Organisations have historically been wary of sharing sensitive security information with competitors, due to concerns that rivals may gain commercial advantage or leak the information to damage business reputation.

New forms of partnership will include an extension of the Virtual Taskforce model of information-sharing between banks and the police. This will extend to more business sectors, and retain the 'cyber hub and nodes' system for collating and distributing data on attacks. The Metropolitan Police eCrime Unit is one of the law enforcement agencies in the Virtual Taskforce which currently shares information about crimes such as the online theft of financial credentials with banks and other agencies at home and abroad, including the FBI.

UK government agencies will look to share more cybersecurity information with organisations as part of the strategy, the ZDNet UK sources said.

Major themes in the Cyber Security Strategy include a focus on efforts to make the UK more resilient to cyberattack. The government set up CSOC in 2010 to coordinate its response to attempts on information systems, while agencies such as the Centre for the Protection of National Infrastructure (CPNI) also work with the private sector to strengthen information and physical security.

The Cyber Security Strategy also aims to better protect UK interests on the internet, according to ZDNet UK sources, as the government wants the UK to be seen as a safe place to do business online. No details of how it will do this are known.

The government will push for an 'open' internet, without censorship or restrictions on access to information., and will aim for better information assurance and incident response in organisations. It has been making a number of efforts to improve IT security skills in the public sector, including asking CESG, the information assurance arm of GCHQ, to appoint skills certification bodies such as BCS, IISP and Crest.

A government spokesperson confirmed the Cyber Security Strategy plans on Thursday.

The government has placed increasing emphasis on cybersecurity, amid growing concerns about the possible economic impact of successful attacks on information systems. In October 2010, it announced it had elevated cyberattacks to 'tier-one' threats, alongside terrorism, military crises and major disasters, and said that it was putting £650m into UK cyber-response.

The British government has faced a number of criticisms in the past over its approach to cybersecurity, including that it does not share enough information on cyber-threats with critical national infrastructure organisations.

Topic: Security

Tom Espiner

About Tom Espiner

Tom is a technology reporter for He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


1 comment
Log in or register to join the discussion
  • Cyber-security *snort* that’s whilst they rely on COTS (commercial off the shelf) proprietary software for those supposed solutions. Apple recently announced their new sandbox is not as secure as they imagined, Microsoft Window's has a history of supplying its user base with security updates far too late whilst they happily bundle a yearly license subscription leaving those users to pay extra to outside security firms and anti-viral vendors whom they then rely on for protection which is known to be ineffective and insufficient.

    Home users can't afford to buy industrial strength firewall solutions and vendors offer cheap COTS options that are just not up to the task of handling every conceivable threat.

    When it comes to cyber-security the onus has always been on the end-user. Most people at home connect to broadband for there first time without a hardware firewall then only discover too late whilst they're disinfecting their COTS installation why that was a huge mistake.

    The truth is commercial off the shelf will never meet the demands placed upon it by the end-users for their protection, the only recourse left is for them to turn to a none commercial solution and spend the next 20 years becoming a security guru whilst incorporating a variety of possible solutions both hardware based and software based to deal with the evolving threat model.