REPORT BY THE COMPTROLLER AND AUDITOR GENERAL HC 890 SESSION 2012-13 12 FEBRUARY 2013 Cross-government The UK cyber security strategy: Landscape review Our vision is to help the nation spend wisely. We apply the unique perspective of public audit to help Parliament and government drive lasting improvement in public services. The National Audit Office scrutinises public spending for Parliament and is independent of government. The Comptroller and Auditor General (C&AG), Amyas Morse, is an Officer of the House of Commons and leads the NAO, which employs some 860 staff. The C&AG certifies the accounts of all government departments and many other public sector bodies. He has statutory authority to examine and report to Parliament on whether departments and the bodies they fund have used their resources efficiently, effectively, and with economy. Our studies evaluate the value for money of public spending, nationally and locally. Our recommendations and reports on good practice help government improve public services, and our work led to audited savings of more than £1 billion in 2011. Cross-government The UK cyber security strategy: Landscape review Report by the Comptroller and Auditor General Ordered by the House of Commons to be printed on 11 February 2013 This report has been prepared under Section 6 of the National Audit Act 1983 for presentation to the House of Commons in accordance with Section 9 of the Act Amyas Morse Comptroller and Auditor General National Audit Office 5 February 2013 HC 890 London: The Stationery Office £16.00 This landscape review describes government’s evolving approach to cyber security and describes the programme of work it has under way. © National Audit Office 2013 The text of this document may be reproduced free of charge in any format or medium providing that it is reproduced accurately and not in a misleading context. The material must be acknowledged as National Audit Office copyright and the document title specified. Where third party material has been identified, permission from the respective copyright holder must be sought. Links to external websites were valid at the time of publication of this report. The National Audit Office is not responsible for the future validity of the links. Printed in the UK for the Stationery Office Limited on behalf of the Controller of Her Majesty’s Stationery Office 2540545 02/13 PRCS Contents Key facts 4 Introduction 5 Part One The UK cyber security strategy 10 Part Two Challenges for government 24 Annex Assessing the value for money of cyber security 32 Appendix One Our audit approach 36 Appendix Two Our evidence base 38 The National Audit Office study team Endnotes 40 consisted of: Veronica Marshall, Linda Mills, Jeremy Weingard and James Young, under the direction of Sally Howes This report can be found on the National Audit Office website at www.nao.org.uk/cyber-security-2013 For further information about the National Audit Office please contact: National Audit Office Press Office 157–197 Buckingham Palace Road Victoria London SW1W 9SP Tel: 020 7798 7400 Enquiries: www.nao.org.uk/contactus Website: www.nao.org.uk Twitter: @NAOorguk 4 Key facts The UK cyber security strategy: Landscape review Key facts Opportunities Threats 3bn £121bn 44m £18bn–£27bn people will be value of the UK’s cyber attacks estimated annual cost using the internet internet-based in 2011 in the UK to UK of cybercrime worldwide by 2016 economy in 2010 8% No.1 80% Cyber attacks proportion of UK GDP UK ranked against of cyber attacks could ranked as one accounted for by other G20 countries be prevented through UK internet economy, based on its ability to simple computer and of top four UK a greater share than for withstand cyber attacks network ‘hygiene’ national risks any other G20 country and develop strong digital economy in 2010 The UK cyber security strategy and programme Additional funding of £650 million to protect and promote 2011-12 2012-13 2013-14 2014-15 £105 million £155 million £180 million £210 million November 2011 – December 2012 – The Cabinet Office The Cabinet Office publishes UK cyber reports progress after security strategy: one year of the UK Protecting and cyber security strategy, promoting the UK sets out plans and in a digital world commits to report back on progress in 2013 Fifteen government organisations working together on four objectives 1 To tackle cybercrime 2 To make the UK 3 To help shape an 4 To build the UK’s and make the UK one more resilient to cyber open, stable and vibrant cross-cutting knowledge, of the most secure attack and be better able cyberspace that the skills and capability to places in the world to protect its interests UK public can use safely underpin all cyber to do business in cyberspace and that supports security objectives open societies The UK cyber security strategy: Landscape review Introduction 5 Introduction Opportunities Threats 1 The growth of the internet, or cyberspace, has impacted profoundly on everyday life and the global economy. By enabling people to exchange knowledge and ideas all 3bn £121bn 44m £18bn–£27bn over the world, the internet has contributed to a more open society and greater freedom people will be value of the UK’s cyber attacks estimated annual cost of speech. It has transformed the conduct of business and opened up new markets. using the internet internet-based in 2011 in the UK to UK of cybercrime The internet is also making governments more accountable and transparent and is worldwide by 2016 economy in 2010 changing the way they deliver public services. 2 If the internet were a national economy in its own right, it would be the fifth largest 1 8% No.1 80% Cyber attacks in the world. The internet has evolved from initial experiments to link computer systems in the US in the 1960s, to the global interconnected network of systems and information proportion of UK GDP UK ranked against of cyber attacks could ranked as one accounted for by other G20 countries be prevented through that it is today. Commercial investment and technical innovation have driven these UK internet economy, based on its ability to simple computer and of top four UK changes. International governments have intervened little. Nobody controls the internet, a greater share than for withstand cyber attacks network ‘hygiene’ national risks centrally or globally. Although no one person owns it, 80 per cent of the internet lies in any other G20 country and develop strong the private sector. It is impossible to predict how people will use the internet in the future. digital economy in 2010 With digital information growing, combined with new technologies, government, industry and citizens are likely to depend increasingly on the internet. Approximately three billion 2 The UK cyber security strategy and programme people will be using the internet by 2016. However, the internet was not designed with security in mind. Additional funding of £650 million to protect and promote 2011-12 2012-13 2013-14 2014-15 An open internet £105 million £155 million £180 million £210 million 3 An open internet that is safe for everyone to use and that supports economic November 2011 – December 2012 – growth is central to the government’s vision: The Cabinet Office The Cabinet Office publishes UK cyber reports progress after security strategy: one year of the UK “… for the UK in 2015 to derive huge economic and social value from a vibrant, Protecting and cyber security strategy, resilient and secure cyberspace, where our actions, guided by our core values promoting the UK sets out plans and for liberty, fairness, transparency and the rule of law, enhance prosperity, in a digital world commits to report back national security and a strong society.”3 on progress in 2013 4 The UK currently has one of the world’s largest internet-based economies, valued Fifteen government organisations working together on four objectives at £121 billion in 2010. This is equivalent to 8 per cent of the UK’s GDP, which is a greater share than for any other G20 country.4 A secure internet is therefore vital for the UK’s 1 To tackle cybercrime 2 To make the UK 3 To help shape an 4 To build the UK’s and make the UK one more resilient to cyber open, stable and vibrant cross-cutting knowledge, economic prosperity and to support government plans to make all public services digital. of the most secure attack and be better able cyberspace that the skills and capability to places in the world to protect its interests UK public can use safely underpin all cyber to do business in cyberspace and that supports security objectives open societies 6 Introduction The UK cyber security strategy: Landscape review Threats to the internet 5 Although providing opportunities, the internet also poses new and growing threats. As the internet is borderless and nobody polices it, legitimate users of the internet are vulnerable to attack. One report estimated that the UK suffered around 44 million cyber attacks in 2011, compared with one billion attacks across the world, although we must treat data on such events with caution.5 6 The government has recognised the existing and evolving threats to the internet and is focusing on: • serious organised crime using the internet to steal personal or financial data to commit fraud, steal corporate intellectual property, or launder money; • political activists hacking and using the internet to steal information or damage computer systems to serve political agendas; and • state supported espionage and attacks on critical national infrastructure. 7 In June 2012, the head of MI5 warned that malicious activity in cyberspace had increased.6 The Foreign Secretary recently announced that the computer systems supporting the London 2012 Olympics and Paralympics were attacked every day during the Games.
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages43 Page
-
File Size-