The following is a speech by John Hayes, Security Minister at the UK Home Office at the 8th International Cybersecurity Forum in Lille #FIC2016.
Monsieur le Ministre Cazeneuve, mesdames et messieurs les organisateurs du Forum International de la Cybersécurité, je vous remercie de me donner l’occasion de prendre la parole au sujet de la sécurité des données et de la vie privée.
[Monsieur Cazeneuve, ladies and gentlemen organisers of the International Cyber Security Forum, I thank you for giving me the occasion to speak about the security of data and privacy.]
Forums such as this, drawing international visitors – from governments, citizens, business and research – serve a vital role in bringing us together to explore the threats and the opportunities that arise because we all now live in a digital world.
Living in this digital world, all of us here today understand that data security, and with that, wider cyber security, underpins the digital economy. It is needed to keep businesses, citizens and public services safe. After all, trust and confidence in the security and privacy of data is crucial for consumers, businesses and investors.
As we all know, the scale of the threat to security of data is significant. In the UK alone, 90% of large businesses and 74% of small businesses had a cyber-breach in the past year. These breaches can be hugely costly and damaging to businesses. But, as we all know, cybercrime and wider issues of cyber security transcend national boundaries, we cannot therefore deal with these threats alone.
Our two countries already recognise the need to work together to face this threat through strong government to government dialogue.
The UK National Cyber Crime Unit, part of the National Crime Agency works closely with French (and other European) colleagues in Europol’s Joint Cyber Crime Action Taskforce (J-CAT). While the NCA has a dedicated International Liaison Officers located here in France so that we might achieve quicker, more effective criminal investigations between our two countries.
We continue to strengthen this important relationship. In the coming months we hope to welcome colleagues from French Customs and Police Nationale to the National Cyber Crime Unit to continue to identify mutual opportunities in dealing with mutual threats; long may this cooperation continue.
When I consider the approaches we, as Governments have taken to set the direction for how we deal with cyber security – and with that, cybercrime, I welcome the parallels that can be drawn between your National Digital Security Strategy, and the UK National Cyber Security Strategy. This isbecause both recognise the two key approaches to cyber security;
(1) Working in partnership – with business, with public services and with citizens, and
(2) Closing the skills gap in cyber security and cyber crime.
I’d like then, to outline how the UK has approached these, before setting out, in brief our broader approach.
First published in 2011, through the UK’s Cyber Security Strategy, we have invested £860m in a National Cyber Security Programme to support the UK’s economic prosperity, protect our national security and safeguard the public’s way of life, to building a more trusted and resilient digital environment
Adopting a partnership based approach, we have worked with industry to transform business understanding and response: To date a huge amount has been achieved.
One success is the ‘Cyber Essentials’ certification scheme. Launched in 2014 as joint industry and Government scheme, this sets out clear basic standards for cyber security. We know the majority of successful cyber-attacks exploit basics weaknesses. Cyber Essentials addresses those basic weaknesses. The message behind it is clear: If you adopt Cyber Essentials in your business, you will protect your business against the majority of threats on the internet.
The Cyber Essentials scheme isn’t just aimed at the large prime firms – it is also intended to help them manage their third party risks, which is why we have made the scheme suitable for smaller businesses, including those who are part of larger supply chains. Over 1,200 Cyber Essential certificates have now been issued. In Government, we now require suppliers of most contracts and services to hold a Cyber Essentials certificate.
We are also working with the audit community to take cyber security out of the IT department and into the boardroom. The Cyber Governance Health Check, now in its third cycle, helps the UK’s top firms understand and improve their level of cyber security; last year’s health check data demonstrates good progress. For example, 88% of FTSE 350 firms now include cyber security in their risk register, up from 58% in 2013.
The National Cyber Security Programme also invested in law enforcement capability and skills: establishing the National Cyber Crime Unit (NCCU), located in the NCA to provide a strong overarching response to combatting the most serious cyber criminals.
The NCA is also investing in state of the art equipment and specialist expertise: keeping pace with the criminals who threaten the public.
There are also cyber teams established within each of the Regional Organised Crime Units (ROCUs) across England and Wales to bolster the national and local response and have introduced Crime Training courses for all police forces.
Finally, we are also training police officers and staff in how to identify and secure evidence on digital devices.
But now, in 2016, we are looking to develop the next National Cyber Security Strategy. We are going to nearly double our investment – £1.9 Billion over the next five years – to protect Britain from cyber-attack and develop sovereign capabilities in cyberspace and it will continue to focus on partnership with business, with public services and with citizens. We will:
As a former Minister for skills who oversaw a substantial increase in apprenticeships I know the importance of Continuing to address the skills gap in cyber security; building on the 2011 programme the Government has now put in place interventions to improve cyber security skills at every level of the education – from coding in schools, to cyber security at post-graduate and doctoral level. The challenge now is to hugely increase the numbers of young people and existing workers moving into the cyber security profession, to ensure we have the skills we need now and in the future
We will continue to work with Industry, supporting the best cyber start-ups through the creation of two cyber innovation centres and we will launch a £165 million Defence and Cyber Innovation Fund, to support innovative procurement across both defence and cyber security.
The National Cyber Security Strategy also reflects our need to build on our capability to address cyber security threats in 2016 and beyond.
There will be an increase in the capabilities of the National Cyber Crime Unitto develop stronger defences for government systems; this will include further investment to develop law enforcement capabilities at a national, regional and local level to investigate, disrupt and protect against cyber crime
We will create a new National Cyber Centre which will work with industry, academia and, most importantly our international partners to protect against cyber-attacks,
Using these strengthened capabilities, we need to continue work together to disrupt the criminal market place and target those criminals who believe they can act anonymously online. We also need to go after the infrastructure and financial networks that are the source of attacks and profits for cyber criminals
One of the greatest British Prime Ministers Benjamin Disraeli once said:
‘Circumstances are beyond human control, but our conduct is in our own power’.
We all know that the issues surrounding cyber security are not going away. The threat to data security and privacy remains significant. But, although we cannot determine the circumstances we face, we can determine our response.
By continuing to work in partnership we can continue to tackle this threat.
Chacun parmi nous joue son rôle dans ces efforts, et il est très important que nous continuions de le faire dans l’avenir. Je vous remercie de votre attention.
[Everyone amongst us plays a role in these efforts, and it is very important that we continue to do so in the future. Thank you for your attention]