Sergey Nivens - Fotolia

UK government publishes export strategy for UK cyber security

The government has published a guide for UK cyber security firms on how it plans to support their efforts to find and secure opportunities to export their products and services

The accelerated pace of digital change brings a great opportunity to promote the UK’s cyber security expertise to international markets, according to Liam Fox, secretary of state for international trade.

“Exporting to existing and new markets will help build a Britain that is fit for the future,” he wrote in the foreword to the Department for International Trade’s cyber security export strategy.

The UK has an established, expert and innovative cyber security sector made up of companies across a full range of capabilities, and the government expects exports from this sector to rise to £2.6bn by 2021.

According to Fox, who is also the president of the Board of Trade, the strategy sets out how the government will strengthen support to UK firms with innovative cyber security offerings.

The government said the strategy will deliver a “tailored experience” for overseas buyers based on trusted insight, and help UK cyber security companies showcase their capability.

The document’s publication comes less than two weeks after the trade body representing defence, aerospace and security companies called on government to make it easier to export “non-contentious” cryptography to secure organisations against cyber crime.

The report also comes just months after it emerged that that the UK government approved the export of controversial surveillance equipment to the Republic of Macedonia in 2012, despite concerns over the country’s human rights record.

“Robust export control regimes will ensure that human rights are a key part of the process,” said Fox, who also noted that a thriving UK cyber security sector is a key national security and prosperity aim as set out in the government’s five-year National Cyber Security Strategy.

“Cyber space is an important and expanding part of our economy,” said Fox, adding that the UK is dedicated to working with all states to develop “a common understanding” of the benefits of a “free, open, peaceful and secure” cyber space.

The strategy document states that the UK operates one of the “most robust” export control regimes in the world and risks around human rights abuses are a key part of the assessment process.

Protecting exports

The Department for International Trade’s (DIT’s) Export Control Joint Unit (ECJU) is the national export licensing body and – supported by the National Cyber Security Centre (NCSC) – will advise companies on when an export licence may be needed.

“The licensing process examines each application against the consolidated EU and national arms export licensing criteria. Throughout this process, ECJU will be advised by Foreign and Commonwealth Office, Ministry of Defence and NCSC experts to ensure rigorous, well-informed and timely licensing decisions are reached,” the strategy stated.

It added that the DIT Cyber Security Team and techUK will continue to publish guidance on assessing cyber security export risks, including where products do not reach an export control threshold.

The DIT said the strategy harnesses DIT offices worldwide, working in close partnership with other parts of government, trade and commercial experts, academia, industry and industry-leading bodies such as the City of London Corporation and Healthcare UK.

The DIT will focus on support in pursuing business by acting as a trusted advisor to UK companies bidding for major opportunities to sell to overseas governments and critical national infrastructure providers.

It will also curate bespoke offers for the top buyers in key sectors that are threat actors’ biggest targets, and showcase the best of UK cyber security through developing and deploying updated branding and marketing deployed worldwide alongside new cyber content on the DTI website.

“The government will work with the UK cyber security industry to capitalise on its strengths in these areas, particularly as applicable to artificial intelligence (AI) and the digital economy,” the strategy states.

Read more about cyber security exports

According to the strategy document, UK companies have the capability to provide best-in-class services across a wide range of cyber security requirements, including incident investigation and cyber forensics, threat intelligence collection and analysis, security certification and training, vulnerability assessment and management, and professional services supporting governance, compliance and regulation.

The strategy also mentions financing, saying that UK’s export credit department UK Export Finance (UKEF) works to ensure that no viable UK export fails for lack of finance or insurance.

UKEF helps UK companies win export contracts by providing attractive financing terms to their buyers; fulfil contracts by supporting working capital loans; and get paid by insuring against buyer default

Commenting on the UK government’s cyber security export strategy, Peter Carlisle, vice-president for Europe at Thales eSecurity, said it is paramount that a unified and proactive approach is adopted to digital defences both nationally and globally to be successful in the war on cyber threats.

“Software is now more embedded in more aspects of critical infrastructure and organisations – both public and private – than ever before. Consequently, reactive endpoint security alone will not be enough to keep us safe, and it’s reassuring to see that the government has actively recognised this,” he said.

According to Carlisle, the strategy demonstrates a clear commitment from the government of the need to collaborate with industry experts on a global scale. “By not only honing our skills here in the UK, but by exporting our expertise overseas too, this will ensure that we ward off attacks from foreign actors whilst simultaneously strengthening our own capabilities,” he said.

Read more on IT suppliers