Britain’s eyes on the prize

The UK's new focus on cybersecurity should be a model for the Trump administration.

5956775821 5ac6842f29 o
Glen Scarborough via Flickr

On May 11, after numerous delays, President Trump signed an Executive Order on cybersecurity that, among other things, holds Federal agencies accountable for the data they store.  The Order has been repeatedly delayed, and while it is a welcome bit of legislation during the ransomware attack this past month, the U.S. still lags behind other countries in addressing the computer hacking problem. Our friends across the Atlantic however are taking bold steps we would do well to emulate.

Back in February, Queen Elizabeth opened the new National Cyber Security Centre (NCSC) in London.  The new facility is an offshoot of the Government Communications Headquarters (GCHQ), Britain’s intelligence and security agency for signals intercept. 

Britain has one of the most digitally dependent economies in the world, estimated to be over $150BIL per year.  The government is so concerned over the rise of cloud computing that last year it published a guide on security concerns that come with the use of Amazon’s Web Services. The NCSC is intended to improve the nation’s resilience to cyber-attacks and to be a close partner to domestic and foreign businesses operating in Britain.

The private sector has long complained Britain’s intelligence apparatus was difficult to work with – too entrenched in its history of secrecy to be effective.  GCHQ’s main facility is located a hundred miles away from London’s tony business center.  The new NCSC is located in Victoria, near Central London, part of a $2.5BIL initiative started last year to boost the nation’s cyber defenses.

Steeped in history

During the grand opening, NCSC Director Robert Hannigan noted that in World War II, King George VI was told that British mathematicians and engineers were building the world’s first digital computer.  Invented for code breaking by a team at Bletchley Park, they could never have conceived the legacy it would create.

Bletchley Park was the epicenter of Britain’s desperate attempts to break Germany’s military communication codes in 1942.  It was there that thousands of young Brits, including the now famous Cambridge professor Alan Turing, enabled the Allies to listen in on Nazi communications, setting up the battlefield successes that led to Hitler’s downfall. 

A nonprofit consortium is restoring Bletchley Park’s crumbling infrastructure and building new facilities in partnership with this recent cybersecurity effort.  It will soon house the new National College of Cybersecurity, scheduled to open in 2018, in the hopes of meeting a national shortage of cybersecurity sleuths.

Commercial protection a key focus

Britain’s Chancellor announced the creation of an "Industry 100" scheme, which will grant temporary NCSC assignments to private sector staff.  This will place 100 industry-funded private sector cyber professionals in the NCSC by the end of the next fiscal year, and commercial partnerships are already underway.  Britain considers cyber risks to be a serious threat to the economy and has devoted significant attention to the problem.

It was the GCHQ who first alerted the U.S. government of Russian hacking into the Democratic National Convention email servers.  The new NCSC has taken the lead in the investigation into the hack of retail giant Tesco in 2016.  Britain fears cloud computing could increase these types of attacks.  While the cloud’s reduced capital, labor, and deployment prices are attractive, there is still a cost.

Nearly 40% of cloud services are now commissioned without the input of an organization’s IT Department.  This can put critical customer data at risk if due diligence is sacrificed in the name of expediency.  Securing devices, connections, batch compiling, and finished analysis remains the customer’s responsibility - one that small and medium-sized firms are increasingly unable to do on their own due to a lack of qualified expertise.

Conclusions

Because cybersecurity must be built into technology before it is released to the public, the British government is making a concerted effort to partner with business.  The GCHQ is also embracing startups, welcoming seven companies into a new incubator for young cybersecurity firms.

Britain is not alone in addressing cyber issues.  China's new cybersecurity law just went into effect.  But unlike Britain's very specific efforts, Beijing's new law is unusually ambiguous, and foreign firms in particular remain uncertain just where they stand in China's new Internet frontier.

The Trump administration would do well to consider the British model, pushing aside political squabbling and protecting business interests from their own shortsightedness, before the next big security breach hits.

This article is published as part of the IDG Contributor Network. Want to Join?

New! Download the State of Cybercrime 2017 report