Britain has launched a new national cyber security strategy, promising to spend $3.1 billion over the next five years to strengthen the defences of government, critical national infrastructure sectors and the wider economy.
That includes the ability to mount offensive cyber action to retaliate against state or criminal actors.
The announcement from chancellor of the exchequer (finance minister) Philip Hammond on Tuesday comes as Ottawa enters the last month of its public consultation on updating Canada’s national security policy framework, which includes cyber issues.
Questions raised in the Canadian consultation paper include under what conditions telecom and Internet providers should have to give police and intelligence agents access to basic subscriber information, whether providers should have to buy equipment to give police access to communications, how much subscriber data should providers have to keep and for how long and whether makers of encryption products should have to have a back door for law enforcement and intelligence agencies.
As a result a number of ITC lobbying groups, including the Information Technology Association of Canada (ITAC), the Canadian Wireless Telecommunications Association (CTWA), the Canadian Advanced Technology Alliance (CATA) and the Canadian Network Operators’ Consortium (CNOC) are expected to make submissions by the Dec. 1 deadline.
Although it has some similar issues the national security consultation is broader than the separate and just-completed consultation on Canadian cyber security strategy for protecting critical infrastructure and raising awareness of cyber crime.
Ottawa hasn’t announced a timetable for updating national security policy, however there is an expectation it will want to move early next year to at least set a lawful access policy.
In Britain Hammond said as part of his government’s cyber security polity it “will work in partnership with industry to apply technologies that reduce the impact of cyber-attacks, while driving up security standards across both public and private sectors.
“We will ensure that our most sensitive information and networks, on which our government and security depend, are protected. In practice, that means government taking a more active cyber defence approach – supporting industry’s use of automated defence techniques to block, disrupt and neutralize malicious activity before it reaches the user.
He also said the government “will focus on raising the cost of mounting an attack against anyone in the U.K., both through stronger defences and better cyber skills. This is no longer just an issue for the IT department but for the whole workforce. Cyber skills need to reach into every profession.”
Hammond announced the creation of a cyber security research institute, which he described as a virtual network of U.K. universities dedicated to technological research. It will look to improve the security of smart phone, tablets and laptops “through innovative use of novel technology.”
Britain just opened a new National Cyber Security Centre, which pulled in the UK Computer Emergency Readiness Team (CERT) for the public and private sector. Hammond said the centre will make it much simpler for business to get advice on cyber security and to interact with government on cyber security issues.