Our cyberdefense will punch back, UK leaders say

The British government is investing nearly £2 billion in cybersecurity and vows to respond aggressively when faced with online attacks.

Katie Collins Senior European Correspondent
Katie a UK-based news reporter and features writer. Officially, she is CNET's European correspondent, covering tech policy and Big Tech in the EU and UK. Unofficially, she serves as CNET's Taylor Swift correspondent. You can also find her writing about tech for good, ethics and human rights, the climate crisis, robots, travel and digital culture. She was once described a "living synth" by London's Evening Standard for having a microchip injected into her hand.
Katie Collins
3 min read
Gideon Mendel, Corbis via Getty Images

The UK is going all in on cybersecurity.

The country aims to create the world's most-secure online environment and will build both defense and attack capabilities so it can retaliate if targeted by foreign states, Chancellor of the Exchequer Philip Hammond said Tuesday.

Hammond announced the measures as part of the UK's National Cyber Security Strategy, which he launched Tuesday at Microsoft's Future Decoded conference in London. The government is putting £1.9 billion ($2.3 billion) behind the strategy, which is designed to protect the nation and make the UK a global leader in the cyberdefense industry.

In spite of a strong reputation for cybersecurity, the country has fallen victim to some major incursions. These include the DDoS attack last month that also pulled the rug out from under the internet in the US; the TalkTalk breach last year that left data of over 150,000 customers of the internet provider's customers exposed; and the 50,000 phishing emails that were until last month being sent every day from fake .gov addresses.

The new investment is designed to bring together industry, academics and government to defend British infrastructure and UK citizens against such attacks.

"In practice that means government taking a more active cyberdefense approach," said Hammond.

Defense is one prong of a three-pronged strategy. The second prong is offense. The government believes it can deter adversaries by building the capability to actively respond in cyberspace itself -- rather than sitting still and taking the hit or, at the other extreme, resorting to military intervention.

"There is no doubt in my mind that the precursor to any future state-on-state conflict would be a campaign of escalating cyberattacks, to break down our defenses and test our resolve before the first shot is fired," said Hammond. "We will not only defend ourselves in cyberspace, but we will strike back in kind."

The third prong of the strategy is to ensure the country is developing talent and creating a world-class cyberdefense workforce. Not only is cyberdefense an important sector of the tech industry itself, but it is crucial to making the UK a safe place to do business, said Hammond.

He pointed to the work of Alan Turing and the discovery of DNA as key points in the UK's legacy of tech innovation, and to today's efforts in areas such as autonomous driving, VR and artificial intelligence. The National Cyber Security Strategy will protect that environment, encouraging those businesses to remain in the UK -- something he believes is key "to future-proof the economy of post-Brexit Britain."

How dangerous is the internet, anyway?

Heading up the new National Cyber Security Centre, which launched last month and will be fully operational by early next year, is Ian Levy, who is determined to make cyberthreats easier for the public to understand.

"The cybersecurity industry runs on fear," said Levy, also speaking at Future Decoded. He branded commonplace rules -- such as not clicking on links and attachments and having different passwords, updated monthly, for everything -- as the most stupid pieces of advice he had ever heard. "We need to stop blaming the user," he said.

Instead he wants to "get underneath the hyperbole" and be transparent with the public so that people can make sensible risk-management decisions.

"People will be too scared to get into an autonomous vehicle because hackers can break it," said Levy. "We need to build trust in the technologies that people will start using in the future."