The first duty of government is to keep the nation and its people safe. This means everyone, in all parts of society, wherever and however they live and work.
Cyberspace is becoming increasingly important for both the functioning of government and its delivery of services to citizens. Indeed, it has become a critical space for us to protect and maintain, an indispensable link between the citizen and the state. It is relied upon as much as, if not more than, the vital and tangible infrastructure we have always worked so hard to protect.
New technologies and methods for delivering public services have undoubtedly brought incredible gains in terms of efficiency and effectiveness. Inevitably though, they also bring new vulnerabilities. No longer the stuff of spy thrillers and action movies, cyber attacks are a now a daily reality. In the public sector we face a range of adversaries, from organised crime, ‘hactivists’ and rogue individuals, both internal and external, through to state-sponsored actors and foreign states. Attacks cause economic damage, erode public trust in online services and do real harm to citizens, their property and their privacy. Examples of this damage abound: in September, Yahoo confirmed that 500 million user details had been accessed in a historic data breach, while an attack on a western Ukrainian electricity distribution company last December caused a blackout for 220,000 customers. Only last week, Tesco Bank suffered a significant cyber fraud.
We cannot be passive in the face of this threat. That is why, on 1 November, the Government launched its five-year National Cyber Security Strategy, committing £1.9 billion of investment in measures the better to defend the UK against cyber attacks and deter actors from targeting the UK. The strategy addresses important questions such as how we build the industrial and academic base needed to keep ahead of emerging threats. We have also launched the National Cyber Security Centre as the single point of expert advice on protecting against cyber attacks.
The range of liabilities that we, as members of the Government, face in this area is vast. As a set of institutions, we must be proactive, rigorous, collaborative and comprehensive in our approach. The public sector holds huge quantities of sensitive data enabling it to provide online services relied on by millions up and down the country. The integrity of our systems is now critical to the delivery of these public services. Delivering secure and reliable public services means it is our clear responsibility to ensure our own systems are cyber secure. So, from now on, the Government will make sure that all new digital services are also ‘secure by default’ with cyber security built in at the outset.
To strengthen our own defences we are also working with industry on automated defence techniques to reduce the threat of hackers by preventing viruses and spam emails from reaching their targets, for example. We are already more effective in countering cyber attacks: phishing sites that impersonate government departments now stay active for less than five hours instead of two days.
Yet it is not just about having the latest systems in place. Individual civil servants have an obligation to maintain the integrity of our systems. We should all apply the same safeguards at work as we would at home. Protecting our data and identity should be second nature, like putting on a seat belt or locking the front door.
Leaders and managers must prioritise cyber security, making their workforces aware of the threats and what they can do to counter them. We can all cut out bad habits that could open us up to cyber attack. Do not use work email accounts for personal communications and be aware of who, inadvertently, you may be sharing information with publicly, particularly on social media.
We must also beware of 'spear-phishing' email attacks. These messages use personal information and are crafted to sound genuine but often contain viruses or malware that you activate when you click on links or attachments. This may expose sensitive information on your computer or your organisation’s wider computing infrastructure to hostile actors.
A government that works for everyone means protecting everyone. That is why we are taking the decisive action needed to protect our country, our economy and our people. That action will only be successful if all of us in public service play our part.