Only a few days to go: We’re raising £25,000 to keep TheyWorkForYou running and make sure people across the UK can hold their elected representatives to account.Donate to our crowdfunder
With permission, Mr Speaker, I will make a statement on the Government’s national cyber-security programme.
Every day, the cyber threat is growing and we face ever more sophisticated attacks. According to one survey, 81% of large businesses and 60% of small businesses suffered a breach last year. Back in 2010 the coalition Government identified cyber as one of four tier 1 national security threats, and Britain has been among the fastest adopters of the digital economy. We are a world leader in digital services, which are a key part of our long-term economic plan. We cannot let our economic progress be undermined by those who would do us harm. No national Government can tackle the cyber threat alone, and international collaboration is central to our strategy, as is the closest partnership with the business community.
In 2011 we published our cyber-security strategy and have committed £860 million of funding over five years to the national cyber-security programme. That is to ensure that Britain remains one of the safest places to do business online. Cyber-security skills are scarce, and collaboration between Government, industry and academia is essential to build the skills and expertise we need.
Despite the huge budget deficit that we inherited, we have invested in our intelligence agencies and the National Crime Agency to build our capabilities to understand cyber threats and tackle cybercrime. GCHQ—often the object of poorly informed criticism—is home to a hugely impressive and patriotic collection of public servants, and I put on record my appreciation for the dedicated and highly skilled work they do to keep Britain safe.
We have worked with business to establish the cyber essentials scheme to raise awareness of five basic measures to keep companies safe. That scheme is now mandatory for certain types of Government procurement, and today 88% of FTSE 350 companies have cyber-security firmly on their risk registers. We created the national computer emergency response team—CERT-UK—to respond to major cyber incidents, and it played a significant role in protecting the Commonwealth games and the NATO summit in Wales. Following the Prime Minister’s successful visit to the US, CERT-UK will be leading joint exercising with its American counterpart later this year. The cyber-security information sharing partnership, based within CERT-UK, provides a safe space for businesses and Government to exchange information and develop responses in real time. CiSP now has 914 members and reports on 215,000 abused IP addresses daily.
Technology moves at an astonishing pace and we cannot stand still. Today I will set out further steps to keep us safe. Our new Cyber First scheme will be an elite development programme for the next generation of UK cyber-security talent. It draws heavily on Israel’s hugely successful Talpiot programme, which I saw first-hand on a visit to Israel in November. Talpiot provides the state of Israel with formidable cyber-security skills, and is also the seedbed for a fertile array of new businesses. Partly as a result, Israel now has more start-ups per capita than any other country.
Initially we will pilot Cyber First with a few tens of students. Each will receive £4,000 funding per year to study relevant undergraduate courses in science, technology, engineering and maths. They will be required to work during summer vacations or years out, either within Government or in leading UK cyber-security companies. Participation in this elite programme will carry a commitment to work for the Government for at least three years before members start to see their financial support written down. This programme will be a vital pipeline of top-end cyber talent in the service of Britain’s national security.
Cyber First is the latest in a series of initiatives building cyber skills, including new apprenticeships, and introducing cyber-security to the National Citizen Service and ensuring that it is included in relevant courses leading to computing and digital qualifications for 16 to 19-year-olds. We sponsor cyber competitions in schools, as well as technical apprenticeships and PhDs; we are building cyber-security into computer science and computing degrees, and so far we have accredited six master’s degrees in cyber-security, created two new centres of doctoral training, three research institutes and 11 academic centres of excellence in cyber-security research. Two further universities—Kent and Surrey—have today been awarded centre of excellence status in cyber research. I can also announce the funding of three UK-Israel cyber research projects. Similar projects with Singapore will follow later this year, and I look forward to seeing the first cohort of joint UK-US Fulbright cyber-security scholars before too long.
All that builds on our much broader work to improve cyber skills, which has already seen 40,000 people enrol in the Open University cyber-security open online course. We have made good progress in developing digital and cyber skills more widely across the economy, and I warmly commend the work that my hon. Friend the Minister for Culture and the Digital Economy has done and continues to do on that.
For Government services, online safety is central. GOV.UK Verify, funded by the national cyber-security programme, is our world-leading identity assurance programme. I can announce today that we have put in place a new contractual framework for identity providers that will increase choice for citizens who wish to prove their identity online. I will announce shortly the details of the additional identity providers.
We have to worry about cyber-security because of the growth and development of the internet in the past 20 years. The internet has an amazing power to change people’s lives for the better. Cyber is a huge opportunity, as well as a threat. Britain’s cyber-security sector is worth more than £6 billion a year and employs some 40,000 people. We are on track to double cyber-security exports to £2 billion by next year. Our aim is to increase that to £4 billion by 2020, and we will promote more regional clusters to support more British cyber-businesses. We want Britain to benefit from the best digital economy in the world. Effective cyber-security is central to that success. I commend this statement to the House.