The UK Government has just published its new Cyber Security Strategy which aims to "set out how the UK will support economic prosperity, protect national security and safeguard the public’s way of life by building a more trusted and resilient digital environment."
The Government is aiming to work more closely with the private sector. To do so, the Government will create a joint private/public sector cyber security 'hub' to exchange actionable information on threats and manage the response to these threats. This plan, which will begin as a pilot with 5 strategic sectors, encourages businesses to admit security breaches and share their experiences. I'm a little bit skeptical about whether or not this program will foster the kind of sharing the Government hopes (there is, after all, no requirement in the UK to disclose breaches).
The Strategy outlines the funding for National Cyber Security Programme investment with the bulk of the £650 million (allocated over 4 years) going into a 'Single Intelligence Account' that funds MI5, MI5 and GCGQ. Unfortunately, most of the details on how these agencies plan to detect and counter cyber attacks is labelled as classified. Another segment of money will go into bolstering awareness of the existing Get Safe Online website.
There are many key actions set out in the strategy, outlined in the Cabinet Office summary here.
There is criticism already to the Strategy, with Sophos' Naked Security asking if the strategy will "make a difference". What's your take?