Security

Our cyberdefense will punch back, UK leaders say

The British government is investing nearly £2 billion in cybersecurity and vows to respond aggressively when faced with online attacks.

Gideon Mendel, Corbis via Getty Images
img1594.jpg

Philip Hammond unveils the UK's National Cyber Security Strategy at Microsoft's Future Decoded conference in London.

Katie Collins/CNET

The UK is going all in on cybersecurity.

The country aims to create the world's most-secure online environment and will build both defense and attack capabilities so it can retaliate if targeted by foreign states, Chancellor of the Exchequer Philip Hammond said Tuesday.

Hammond announced the measures as part of the UK's National Cyber Security Strategy, which he launched Tuesday at Microsoft's Future Decoded conference in London. The government is putting £1.9 billion ($2.3 billion) behind the strategy, which is designed to protect the nation and make the UK a global leader in the cyberdefense industry.

In spite of a strong reputation for cybersecurity, the country has fallen victim to some major incursions. These include the DDoS attack last month that also pulled the rug out from under the internet in the US; the TalkTalk breach last year that left data of over 150,000 customers of the internet provider's customers exposed; and the 50,000 phishing emails that were until last month being sent every day from fake .gov addresses.

The new investment is designed to bring together industry, academics and government to defend British infrastructure and UK citizens against such attacks.

"In practice that means government taking a more active cyberdefense approach," said Hammond.

Defense is one prong of a three-pronged strategy. The second prong is offense. The government believes it can deter adversaries by building the capability to actively respond in cyberspace itself -- rather than sitting still and taking the hit or, at the other extreme, resorting to military intervention.

"There is no doubt in my mind that the precursor to any future state-on-state conflict would be a campaign of escalating cyberattacks, to break down our defenses and test our resolve before the first shot is fired," said Hammond. "We will not only defend ourselves in cyberspace, but we will strike back in kind."

The third prong of the strategy is to ensure the country is developing talent and creating a world-class cyberdefense workforce. Not only is cyberdefense an important sector of the tech industry itself, but it is crucial to making the UK a safe place to do business, said Hammond.

He pointed to the work of Alan Turing and the discovery of DNA as key points in the UK's legacy of tech innovation, and to today's efforts in areas such as autonomous driving, VR and artificial intelligence. The National Cyber Security Strategy will protect that environment, encouraging those businesses to remain in the UK -- something he believes is key "to future-proof the economy of post-Brexit Britain."

How dangerous is the internet, anyway?

Heading up the new National Cyber Security Centre, which launched last month and will be fully operational by early next year, is Ian Levy, who is determined to make cyberthreats easier for the public to understand.

"The cybersecurity industry runs on fear," said Levy, also speaking at Future Decoded. He branded commonplace rules -- such as not clicking on links and attachments and having different passwords, updated monthly, for everything -- as the most stupid pieces of advice he had ever heard. "We need to stop blaming the user," he said.

Instead he wants to "get underneath the hyperbole" and be transparent with the public so that people can make sensible risk-management decisions.

"People will be too scared to get into an autonomous vehicle because hackers can break it," said Levy. "We need to build trust in the technologies that people will start using in the future."