Please note that this is a page from a previous version of Continuity Central and is no longer being updated.

To see the latest business continuity news, jobs and information click here.

Business continuity information

Comment on the UK Cyber Security Strategy

As reported earlier this week, the UK government has released a new strategy document delineating a future approach towards cyber security. In the following short article Amichai Shulman gives some personal reflections on the Strategy’s strengths and weaknesses.

First, some positives:

  • The problem has been analysed correctly and the right strategic goals have been identified. For instance, for the first time, we see an emphasis on protecting data and intellectual property versus the past emphasis solely focused on network security.
  • The objective to make the UK a safe place to conduct business in cyberspace is an impressive one. This is probably the first time physical borders have been recognised in cyberspace. This is an important goal and will be interesting to see how it is achieved.
  • There is a strong and substantive emphasis on coordination. The government seems quite serious about organizing various security centres around the country to monitor and exchange information about attacks. This type of coordination is essential for a successful cyber defence.

But, sadly, there are negatives as well. The biggest? There is no real innovation or no innovative attempt to achieve the goals set. Most telling, the UK has set a budget of £650 million to be spent over the next four years (by 2015), however the money is being spent very traditionally.:

The vast majority of funds will be used to protect military, government and critical national infrastructure; and very little money is being allocated to the private sector and to individual citizens.

The strategy has given only a few insights on how government is going to help businesses and individuals protect themselves. In fact, it has taken the traditional approach of non-intrusive, general advisor for tasks left to the individuals to do, e.g., keep safe and stay current with the latest threats.

As we know, most consumers and enterprises don't do that; which explains why we're in the cyber crime mess we live in today. While the document considers ‘treating cybercrime conceptually like other forms of crime’ to be a critical success criteria, the strategy fails to present a clear plan in this direction. In particular it basically says, ‘deal with shoplifting and burglary yourself as they are small crimes but we will help with bigger crimes.’

Sadly, the UK has completely missed the point in helping secure business and the individual – they are not stepping up to the challenge. They have done all the right stuff for critical national infrastructure and government but nothing for private businesses and individuals.

The author
Amichai Shulman is CTO and co-founder of Imperva.

Make a comment

•Date: 2nd December 2011 • Region: UK •Type: Article • Topic: Critical infrastructure protection

Business Continuity Newsletter Sign up for Continuity Briefing, our weekly roundup of business continuity news. For news as it happens, subscribe to Continuity Central on Twitter.

How to advertise How to advertise on Continuity Central.

To submit news stories to Continuity Central, e-mail the editor.

Want an RSS newsfeed for your website? Click here