The Britain’s Strategic Defense and Security Review (SDSR), unveiled on 23 November 2015, inverts some of the significant cutbacks in military capability that had been made by the previous government. In particular, the Review directs additional resources especially to intelligence, counter-terrorism and cyber-defence.
About cyber-security and cyber-defence, this is not surprising. British businesses and government, including the security and intelligence agencies, are working hard to make the UK a world leader in those fields.
Since the publishing of the first National Cyber Security Strategy, in 2011, the UK’s government indeed invested £860 million in new technology and capabilities, strengthening the national cyber-defence, the partnership between government, the private sector and academia, and establishing the Centre for Cyber Assessment and the UK’s Computer Emergency Response Team (CERT-UK).
Over the next five years, the UK government will invest £1.9 billion in protecting the country from cyber-attack and developing sovereign capabilities in cyber-space, and, starting from this year (2016), the UK government will publish a second five-year “National Cyber Security Strategy”, and will launch a further five year “National Cyber Security Programme”.
The Britain’s Strategic Defense and Security Review (SDSR) also pinpoints the next steps of the UK in protecting systems from cyber-attacks. These pillars are:
- Develop a series of measures to actively defend UK against cyber-attacks.
- Invest in capabilities to detect and analyse cyber-threats, pre-empt attacks and track down those responsible.
- Improve the national ability to respond quickly and effectively to cyber-attacks. To reach this goal, the UK government will create a new “National Cyber Centre”. This Centre will operate under GCHQ leadership, and will manage the future operational response to cyber-incidents, ensuring to protect the UK against serious attacks and minimise their impact.
- Build a new secure, cross-government network to improve joint working on sensitive cyber issues.
- Help companies and the public to do more to protect their own data from cyber-threats, providing specialist information. This will include simplifying private sector access to government cyber-security advice, and the new “National Cyber Centre” will form a single point of contact for companies seeking advice.
- Create a new intelligence unit dedicated to tackling the criminal use of the ‘dark web’.
- Ensure that the Armed Forces will have strong cyber-defences, and that in the event of a significant cyber-incident in the UK, they are ready to provide assistance. The government will provide the Armed Forces with advanced offensive cyber-capabilities, drawing on the “National Offensive Cyber Programme” run in partnership between the MOD and GCHQ.
- Continue to help NATO and other allies to protect their networks using UK’s intelligence and technical insights.
What emerges from the reading of the Britain’s Strategic Defense and Security Review is that the UK government has emphasised the armed forces’ requirement for strong (active) cyber-defence and for advanced cyber-offensive capabilities, which will support national and coalition operations. This makes the UK one of a very few states that has a formal declaratory policy on the offensive use of cyber-capabilities. When fully implemented, it will maintain the UK as one of the leadership countries in EU and abroad in cyber-security and cyber-defence fields.