What is the government doing to keep the UK safe?

True cyber resilience requires a coordinated response from the public and private sector, writes the Minister of State for Security

Sign Up

Get the New Statesman's Morning Call email.

From smartphones and social media, to online shopping and banking, the advent of the digital age has made our lives easier at work and at home, and brought us closer together in a multitude of ways.

But advances in technology have also brought with them new challenges, because the technology that has transformed the way we live can also be turned against us.

It has given criminals and hostile states the opportunity to try to interfere with our national infrastructure, attack our businesses and steal personal data more easily and quickly, and from anywhere in the world. The National Crime Agency (NCA) estimates that cybercrime costs the United Kingdom billions of pounds every year.

 We’ve all seen the headlines: the cyberattack against British Airways in 2018 that saw hundreds of thousands of its customers’ data compromised, breaches affecting Eurostar, Dixons, Carphone Warehouse and Ticketmaster. The WannaCry ransomware was one of the largest and most disruptive attacks that the UK has faced, hitting the public and private sector alike, and affecting the vital work of the National Health Service. We have subsequently linked the attack to a group in North Korea, known as the Lazarus Group, which has been responsible for a range of cyberattacks across the globe.

As the minister of state for security, I am clear that we must use all the levers at our disposal to tackle cybercriminals head on. The government is committed to safeguarding our digital information, data and networks at home and abroad. Our Five Eyes partnership with Australia, Canada, New Zealand and the United States is vital to this work. This year’s five-country ministerial meeting saw representatives discuss the common risks posed by new technologies, and we agreed to continue to develop and share learning on these evolving threats to improve the collective response.

 We are also working closely with operational partners and European Union member states to prepare for our departure from the bloc. After Brexit, we will continue to work together with our European partners to promote cooperation and stability in cyberspace. The UK is, and will continue to be, one of the safest countries in the world.

 Collaborative work is crucial, not just because cybercrime threatens our national security but because being the victim of a hack can be frightening, embarrassing and costly. Both individuals and organisations can be caught up in these incidents. Around a third of all UK businesses and one in five charities reported having cyber security breaches or attacks in the last 12 months.

 Our five-year National Cyber Security Strategy, launched in 2016, brings together the best from government and industry to strengthen our defences and fight criminals. It is backed by £1.9bn worth of investment. The National Cyber Security Centre (NCSC), NCA and police are at the heart of this strategy. Together, they form a world-leading cyber security team for the UK which has given advice, coordinated the government response, and provided reassurance in relation to in excess of 1,800 incidents.

One example is an email scam last year where criminals tried to send more than 200,000 emails purporting to be from a UK airport and using a non-existent gov.uk address to try and defraud people. These emails never reached the intended recipients thanks to the NCSC’s world-leading Active Cyber Defence system, which detected the suspicious domain name, meaning the recipient’s mail providers never delivered the fraudulent messages.

Building the resilience of businesses and individuals to this type of crime and ensuring law enforcement agencies have the capabilities they need to tackle it, are also important aspects of our updated Serious and Organised Crime Strategy, published last November. The NCA leads the law enforcement response to cybercrime, coordinating investigations across dedicated teams in every police force in England and Wales. This approach is vital to preventing this type of crime, pursuing the perpetrators and protecting victims. Driving up arrests and convictions will help to deter potential criminals, and we are determined to ensure there is no safe space for them to operate in.

An example of this valuable work is the NCA’s investigation into 24-year-old Zain Qaiser, a prolific cybercriminal who targeted millions of computers with ransomware in an internet blackmail campaign. Investigators identified that he received more than £700,000 through multiple bank accounts – although the total is likely to have been much higher. He was brought to justice following a complex investigation by the NCA, in conjunction with international partners, and jailed for more than six years in April.

An NCA-led Prevent programme has been designed to divert talented young people away from cybercrimes like these and into lucrative roles in the tech sector. The Home Office, meanwhile, funds officers at the national, regional and local tiers of law enforcement. This means that in every one of the 43 force areas there is someone dedicated to helping businesses and individuals guard themselves online.

But there is more that needs to be done. Crime is changing, and we must evolve to keep pace with it. Businesses have a responsibility to protect themselves and their customers, as most attacks could be prevented by adopting simple security measures. And every citizen must also play their part. Advice and guidance are available from the NCSC and Cyber Aware, the government programme to help individuals and smaller organisations protect themselves online.