Ilias Chantzos, senior director, legal & public affairs, Symantec:
Symantec welcomes the UK Government’s initiative to the continuously evolving threat of cyber attacks. The strategy announced today reaffirms the UK Government’s commitment to tackling this complex issue and highlights a pertinent focus on leadership and international cooperation.
The pivotal role played by the Internet in public and private lives of UK citizens is driving an increased level of reliance and interconnectivity between individuals, organisations, information and devices. Consequently, against a backdrop of continuing global economic instability, understanding the link between security and economic growth is vitally important.
The Cyber Security Strategy aims to support businesses to innovate and drive growth through a secure cyber environment and we support this forward-thinking view.
It is promising that public private partnerships are a key tenet of the strategy; this is particularly the case for critical infrastructure industries but applicable across all areas. Only by the timely sharing of actionable information can we respond to the evolving threat landscape and ensure better preparedness against attacks. Education and awareness remain key issues that should continue to be absolute priorities in tacking cybercrime.
Symantec supports the steps outlined in the strategy to strengthen the agencies that fight cybercrime or protect the national infrastructure. Perhaps most importantly, we believe that every national security and defence strategy needs to have a cyber defence element, which is why this strategy is so important and very much welcomed.
David Emm, senior security researcher, Kaspersky Lab:
The Internet now permeates all aspects of society. Organisations of all kinds – including government agencies – are now dependent on it and huge numbers of individuals now bank, shop and socialise online. The threat from cybercrime is real and growing. So a ‘joined-up’ strategy for tackling cybercrime is a must – one that encompasses all areas of society, individuals, businesses and government.
It’s encouraging to hear that the Government understands the need to help individuals combat the threat of cybercrime. For all their sophistication, many of today’s attacks start by tricking people into undermining security.
Unfortunately, there’s no ‘online common sense’ to match the common sense we use to stay safe in the real world. And as a society, we need to develop this – especially among children – to reduce our exposure to the threat from cybercrime.
Martin Sutherland, managing director of BAE Systems Detica:
What the Government’s UK Cyber Security Strategy, announced today, clearly shows is that there has been a really important shift in emphasis surrounding the role of the private sector in improving cyber security.
We believe this shift of emphasis accurately reflects the fact that our private sector companies are on the front line facing increasingly sophisticated cyber attacks against our common interests.
With the Strategy very much aligning the country’s economic prosperity with national security, the key to success will be ensuring that private companies see it as beneficial to their business to work in partnership with Government. The question is whether they will do this voluntarily, or whether the Government finds, in addition, that it needs to provide some incentive for this to happen.
In a nutshell, cyber security has become about minimising the harmful effects of cyber attacks and maximising the economic opportunities that the reduction of the threat would bring.
This is an attractive vision, but no one should underestimate either the scale of the ambition or the complexities it raises. Things now need to happen quickly – this is not a theoretical debate. Cyber attacks are here and now, occurring on a daily basis and the impact is very real
Ross Brewer, vice president and managing director for international markets, LogRhythm:
It is great to finally see the UK government starting to take the cyber threat seriously and provide a framework to help organisations protect their assets.
Much of the advice may seem pretty basic, for example GCHQ recently warned that 80% of successful attacks could be thwarted by following simple step like updating anti-virus, but it is often these little details that are key to maintaining security.
However, today it is an unfortunate fact that some attacks will be successful no matter what perimeter defences you have in place – making it vitally important that organisations are able to spot threats as soon as they occur.
This is a bigger problem than it sounds – earlier this year Baroness Neville-Jones, the Prime Minister’s special representative to business on cyber security, stated that many organisations miss security threats because they do not know enough about their own systems to understand what normal functioning looks like.
Frank Coggrave, general manager EMEA, Guidance Software:
The launch of the Government’s long awaited new cyber security strategy is a positive step in the right direction; however the fact that the scheme has taken so long to develop gives us pause for thought. Can we fully rely on the efficacy of a strategy when its public unveiling has been delayed twice?
The Government maintains that it’s vital to take a collaborative approach and work together to combat cyber crime, which is still an important issue. However, the sensitive commercial implications of knowledge sharing and this suggestion of an "open internet" need to be carefully thought out. Many organisations simply do not want to share their secrets, so as not to compromise competitive advantage.
Another concern is whether the strategy is too ‘political’ to be effective; if the cause becomes too bureaucratic it doesn’t necessarily have the rapid response approach needed to deal with the full gamut of cyber threats. Only time will tell if it will hit the mark and resonate with the audiences that truly need high levels of guidance to cope with the advanced threat landscape.
Ultimately, we all need to work hard to combat the problem, and, as always, it’s actions not words that will prove the success of this strategy. We need to go further to respond to the challenges we’re faced with, and the Government needs to clearly communicate exactly how the strategy will be implemented and by whom – there needs to be a clear pathway to make this work.
Paul Davis, director of Europe, FireEye:
The announcement that Government wants to reach out to the private sector and cooperate on addressing cyber security issues is welcome. The exchange of information, leading to greater visibility, is the first step in seriously tackling this growing threat to the UK.
Yet it is the lack of real understanding of the threat landscape, how quickly it’s evolving and the growing threat to UK Plc, coupled with actionable data, which is the biggest hurdle in progressing this initiative.
There are a number of security professionals and companies both here in the UK and abroad that could make a significant contribution to this initiative. I trust the recognition of this "new" threat brings with it a new approach in engaging with the industry.
A cyber security hub centred on government but encompassing critical national infrastructure and potentially extending across key industries should be, and can be with the right political support, developed quickly.
David Cameron, Prime Minister:
While the internet is undoubtedly a force for social and political good, as well as crucial to the growth of our economy, we need to protect against the threats to our security.
This strategy not only deals with the threat from terrorists to our national security, but also with the criminals who threaten our prosperity as well as blight the lives of many ordinary people through cyber crime.
Francis Maude, Minister for the Cabinet Office and lead spokesperson on cyber security:
The growth of the internet has transformed our everyday lives. But with greater openness, interconnection and dependency comes greater vulnerability.
The threat to our national security from cyber attacks is real and growing. Organised criminals, terrorists, hostile states, and ‘hacktivists’ are all seeking to exploit cyber space to their own ends.
The Government cannot tackle this challenge alone. The private sector – which owns, maintains and creates most of the very spaces we are seeking to defend – has a crucial role to play too.
This strategy outlines how we will cement a real and meaningful partnership between the Government and private sector in the fight against cyber attacks, to help improve security, build our reputation as a safe place to do business online, and turn threats into opportunities by fostering a strong UK market in cyber security solutions.
Related content:
You can read CBR’s original take on the Cyber Security Strategy announcement here. We have also pulled some of the choice quotes out of the report for you to read here.