A cybersecurity official has revealed how the government will spend £650m earmarked for cybersecurity, saying it will spread the funds across GCHQ, government departments and agencies, and the police.
The funds will also be used to develop links with the private sector, Ian McGhie, deputy director of the Office of Cyber Security and Information Assurance (Ocsia), said on Wednesday.
A government official has revealed details of cybersecurity spending, with funds to be administered by departments including the Ministry of Defence (above). Photo credit: Chris Guy/Flickr
"We've been talking to defence companies and ISPs, but we're not just concerned with one area of the private sector," McGhie told ZDNet UK. "We hope more companies will get involved, and I personally would like to see more industry bodies involved, as they tend to have clout."
In October, the government pledged to invest over £500m to boost critical national infrastructure and improve cybersecurity as part of its five-year defence plan, the Strategic Defence and Security Review (SDSR). This figure was later set at £650m.
The £650m will go towards the National Cyber Security Programme (NCSP), a series of projects designed to enhance unity of action against cyberthreats across government, the private sector, individuals and international entities, McGhie said in a speech at the Counter Terrorism Expo 2011 in London.
The government will concentrate on four 'pillars' in the NCSP: improving national cybersecurity, improving cyber-defence of critical infrastructure, combating cybercrime, and enhancing education and skills.
Overall, the £650m will be divided between 65 percent spent on capabilities, 20 percent on critical cyber-infrastructure, nine percent on cybercrime specifics, one percent on education, and five percent on reserves, according to McGhie.
To improve national cybersecurity, the Department for Business, Innovation and Skills (BIS) will use a portion of the funds "to provide clever strategic leadership" in developing cybersecurity capabilities in the private sector, said McGhie. The government wants to balance providing incentives to get businesses to improve information security with regulation — which would be used as a last resort.
"There's no appetite to put down the rule of law, but a delicate balance needs to be struck with regulation," said McGhie.
Different departments will work with different industries on efforts to boost cybersecurity. BIS will work with the telecoms sector, the Treasury will work with the financial sector, while the Department of Energy and Climate Change (DECC) will work with the energy sector.
The second strand, cyber-defence, covers national operational architecture projects. These are delivered by the GCHQ intelligence agency and its information assurance arm CESG, as well as the Ministry of Defence (MoD).
GCHQ wants to improve capabilities, and looks to detect and defend against cyberattack.– Ian McGhie, Ocsia
McGhie said the government is keen to maintain a "sovereign capability" when it comes to information assurance (IA) and security products, meaning the UK should rely on products built or tested within its borders and not have to rely on those created in other countries.
"The information-assurance community is failing to deliver common, good solutions," said McGhie. "GCHQ wants to improve capabilities, and looks to detect and defend against cyberattack."
He added that GCHQ will plug some of the money into the 'Five Eyes' forum, which consists of the UK, US, Canada, Australia and New Zealand. The organisation is dedicated to co-operation on cybersecurity issues.
The Cyber Security Operations Centre (CSOC), the UK government cyber-defence and attack centre linked to GCHQ, wants to improve national and international awareness of cybersecurity, and to "assess and respond to incidents better than it has done in the past" according to McGhie.
The CSOC will have a specific focus on security for the Public Sector Network (PSN), a cluster of government networks, and the G-Cloud, the government's cloud. The CSOC will look at authentication and identification standards that are PSN-wide, and will look at hardening G-Cloud and PSN datacentres.
Some of the funds will go to the Centre for the Protection of National Infrastructure (CPNI), so it can give cyber-protection advice to companies working in the life sciences and low-carbon technology sectors.
The Cabinet Office will use a portion of the funds to better align cybersecurity and information assurance, and to try to make sure the two separate streams are integrated smoothly. The government will work with...