Secure digital transformation IA15: Matt Hancock speech
The Minister for the Cabinet Office Matt Hancock spoke about how the government is working with other sectors to improve cyber security.
There are many advantages to living in a city. Cities allow for complex trading networks, economic specialisation, jobs, prosperity, a chance to get on. But for most of human history life in a city also involved a high level of risk: from fire, from crime and most of all from disease.
The point is this: economic progress always creates new risks. No sooner had the first coins been minted than people began to clip off the edges or dilute them with lower value metals. Insider trading is as old as the stock market.
And once it became possible to store information on a digital network it was inevitable that people would try to break in and steal it.
You might remember that famous episode of BBC Micro in 1983. The hosts logged in to one of the first commercially available email accounts, only to find it had been hacked on air. And as digital progress has grown, so the risks have grown.
This is no longer an issue for the IT department. It바카라 사이트™s a boardroom issue, a cabinet table issue.
And here바카라 사이트™s why it matters. We have one of the most digitally advanced economies in the world, and the digital economy depends on trust. If people don바카라 사이트™t trust that their data is safe they won바카라 사이트™t do business online.
And it matters for government too because we바카라 사이트™ve begun to upload the state. We have one of the most digitally advanced governments in the world. And secure networks and secure data are both mission critical for securing public trust in what we바카라 사이트™re trying to do.
The scale of the threat
Any response must begin with a clear-eyed assessment of the threat.
Let바카라 사이트™s look at the evidence. Massive security breaches are happening more often. Sony, TalkTalk, the United States Office of Personnel Management 바카라 사이트“ these are just some of the more high profile cases.
What you don바카라 사이트™t hear in the headlines is that this is a constant, relentless bombardment. Last year 90% of large businesses reported an information security breach.
Nor is it just business. On average, 33,000 malicious emails are blocked at the gateway to the 바카라 사이트 Secure Internet, every single month. Last summer GCHQ responded to around 200 incidents. This summer it was around 400.
And the economic damage is growing. For larger companies, the average cost of the most severe breaches starts at £1.5 million, up from £600,000 last year.
The real figure may be much higher. One survey found that 70% of UK businesses didn바카라 사이트™t disclose their biggest security breach last year.
The opportunity
But it바카라 사이트™s not all doom and gloom. I바카라 사이트™m an optimist, and just as we바카라 사이트™ve tamed city living and currency security I think we are equal to this challenge.
Again, let바카라 사이트™s look at the evidence. We are the country of Ada Lovelace, Alan Turing and Tim Berners-Lee. Today our universities produce cutting-edge research in crypto, network security and information assurance.
We바카라 사이트™re one of the top 5 exporters of security services, with an industry that바카라 사이트™s growing at 15% a year.
And we바카라 사이트™re leading the world in the digital transformation of government 바카라 사이트“ even exporting GovTech as other countries borrow our code and methods.
Seventy years ago we cracked the Enigma code, at a time when real bombardments were raining down on our cities. It didn바카라 사이트™t just help win the war, it also led to huge advances in computer science.
In securing our defences, we too have an opportunity. Not just to avert disaster, but to grow our economy and make government work better for the citizens we serve.
So today I want to talk about what we can do as a government, and what we can all do together.
What we can do as a government
I바카라 사이트™ll start with government. Our goal is to make Britain one of the safest places in the world to access public services or do business online.
In 2011 we launched the UK바카라 사이트™s first National Cyber Security Strategy, setting out how this would be achieved.
Since then, we바카라 사이트™ve invested £860 million in cyber security.
That includes:
- risk reviews of companies
- establishing the
- setting up a
- creating Cyber Essentials to show businesses how to get the basics right
- funding cyber-skills at every level of the education system; and
- leading on this agenda internationally
But it바카라 사이트™s more than that. We바카라 사이트™re also fundamentally rethinking the way we design and build digital public services. This is mission critical when money is tight and the public바카라 사이트™s expectation for those services is higher than ever.
So this is the approach we will take.
First, we바카라 사이트™re treating security as a core responsibility, rather than outsourcing it to our suppliers.
Many successful attacks exploit out-of-date systems and GovTech used to date very quickly indeed. Some of our legacy systems were designed before the invention of the web. Security had to be bolted on top, rather than designed in from the outset.
So we바카라 사이트™re now phasing out the large inflexible contracts that locked us into aging IT. And we바카라 사이트™re building iterative, adaptive systems, which allow us to rapidly react to new threats.
We can change the code that runs 바카라 사이트 within an hour for example. We now need to embed this approach across Whitehall.
Second, we now recognise that modern data security and effective data management go hand in hand.
We바카라 사이트™ve come a long way since 2007, when HM Revenue & Customs was posting CDs with everyone바카라 사이트™s child benefit details in unrecorded packages. Departmental data is not only more open and more shared but better organised and better audited.
Modern data usage is essential to better data security. Knowing exactly what data you own makes it more secure and easier to rationalise, cutting out duplication and bringing us closer to canonical datasets 바카라 사이트“ the foundation of sound data infrastructure.
We also know that it sometimes makes more sense to decentralise citizen data. Look at Verify, our new ID platform, which allows you to prove who you are so you can access services safely online.
It offers a level of identity security which wasn바카라 사이트™t previously possible online, yet it doesn바카라 사이트™t rely on a central database containing all the user바카라 사이트™s details. Instead you choose a certified company, then a range of certified ID assurance providers can vouch for you by verifying your identity to a level of security that meets published government standards.
Third, we바카라 사이트™re treating usability as a security feature.
The biggest weakness in any system is a human being. We are all fallible creatures, programmed to take shortcuts, prone to find the path of least resistance, if not all of the time then at least some of the time. If you don바카라 사이트™t think that바카라 사이트™s true, ask someone who바카라 사이트™s married.
If your system demands too many long, complex passwords people will just write them down on a post-it and stick it on their monitor.
When security trumps usability, people just find new ways to use technology. Following the user need itself improves security.
What we can do together
So government action is vital, but we can바카라 사이트™t do this on our own. This is already a tight-knit community, with well-established collaborative networks between industry, government and academia.
And I want us to go further. Further on skills. We all need to work together to deliver both a ready supply of talent and a basic level of knowledge among UK citizens.
As a government, as well as putting coding in the curriculum from age 8, we will make sure that all young people leave education with a basic understanding of cyber security and how to stay safe online.
We바카라 사이트™re expanding the STEM subjects that open doors to a career in this field 바카라 사이트“ from school to postgraduate level.
We need businesses to offer more training and apprenticeship opportunities.
In the last Parliament GCHQ launched its own apprenticeship programme, 80 have already graduated and we바카라 사이트™re making an additional 140 placements available over the next 2 years.
But we need more businesses following our lead, and I바카라 사이트™m pleased to see that BT are already recruiting more cyber security apprentices.
We also need to go further on research.
This is a constantly evolving field and everyone has a duty to keep themselves informed of the threat, to scan the horizon for trends, and to act on them.
We know that businesses want to invest in research, but some find it difficult to target the right opportunities and where investments are made they바카라 사이트™re not always visible and focused.
So today we바카라 사이트™re a new public-private partnership, bringing together government and industry to invest in and support the development of cutting edge cyber security research.
And we need to go further on the tech itself.
Open and collaborative development between government and the leading industry players means we can build products quickly and cost-effectively, and then share the results of our innovation.
Conclusion
I want to end where I began, with the city. Because if the story of the nineteenth century was one of migration from country to city, the story of this one is about migration from an analogue to a digital world.
And just as then, we바카라 사이트™re capable of evolving and adapting. Confronted with urban squalor, our forebears tunnelled and pumped and engineered their way to a solution. Now we too must harness human ingenuity in the service of our nation: with modern cyber security, modern information security and modern, effective use of data.
It바카라 사이트™s critical that we succeed. Everyone has a part to play. And I look forward to working with you to make it happen.