On 25 November, the government published its cyber security plan setting out in greater detail how it intends to work with the private sector in countering cyber risk. What is becomingly increasingly clear is that responding to this risk is something that is best tackled by a public-private partnership. Given the austere economic climate, this approach may present both public and private concerns alike with new opportunities.

The Minister for the Cabinet Office and Paymaster General, Francis Maude, explained in a written statement that the purpose of "...this strategy [is to] outline how we will cement a real and meaningful partnership between the Government and private sector in the fight against cyber attacks". She also emphasises that the private sector "has a crucial role to play" in carrying out the government's plans since it "owns, maintains and creates most of the very spaces [the government] are seeking to defend".

The plans include a new national cyber security 'hub' that will allow the Government and businesses to exchange information on threats and responses with the private sector. A pilot will commence in December and will involve five business sectors: defence, finance, telecommunication, pharmaceuticals, and energy.

Other highlights of the government's anti-cyber crime strategy include:

  • " Creation of a new national cyber crime capability as part of the new National Crime Agency by 2013, and enhancing the work of the Metropolitan Police's eCrime Unit by expanding the deployment of 'cyber-specials';
  • " By the end of 2011, building a single reporting system for citizens and small businesses to report cyber crime so that action can be taken and law enforcement agencies can establish the extent of cyber crime (including how it affects individuals and the economy);
  • " Promoting greater levels of international cooperation and shared understanding on cyber crime as part of the process begun by the London Conference on Cyberspace, in addition to promoting the Council of Europe's Convention on Cybercrime (the Budapest Convention) and building on the new EU Directive on attacks on information systems, as well as contributing to the review of security provisions of the EU Data Protection Directive and the proposed EU Strategy on Information Security;
  • " Working with domestic, European, global and commercial standards organisations to stimulate the development of industry-led standards and guidance that help customers to navigate the market and differentiate good cyber security products;
  • " Creating and building a dedicated and integrated civilian and military capability within the MoD, mainstreaming cyber within the organisation and setting up a Defence Cyber Operations Group (DCOG). An interim DCOG will be in place by April 2012 and will achieve full operational capability by April 2014;
  • " Undertaking a review of policy and regulation of the UK communication sector, with a view to publishing a Green Paper early in 2012 followed by a White Paper and a draft Bill by 2013;
  • " Supporting net neutrality and the open internet by working with the Broadband Stakeholder Group to develop industry-wide principles on traffic management and non-discrimination and reviewing its transparency code of practice in early 2012;
  • " Establishing a certification scheme for certifying the competence of information assurance and cyber security professionals by March 2012, and a scheme for certifying specialist training in 2012. Continuing to support the Cyber Security Challenge as a way of bringing new talent into the profession; and
  • " Identifying Centres of Excellence in cyber research to locate existing strengths and providing focused investment to address gaps, with the first focused investment occurring by March 2012.

It seems this strategy will require responses at a national level as well as greater international collaboration, not to mention the orchestration of resources within and outside the traditional defence communities. This raises its own challenges, but if ever there was a common cause, this is it. Or is it? Some nations may prefer to allow cyber strikes to be launched from its shores in the hope of receiving the benefit of any stolen assets. Watch this space. There may also be opportunities for employers to engage cyber poachers turned gamekeepers to assist defence and IT security. The level of support that government can lend to such employment opportunities will undoubtedly determine its success.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.