UK Commonwealth cyber security funding welcomed

The security community has welcomed the UK government announcement of funding to help Commonwealth countries strengthen their cyber security capabilities

The UK government has committed to provide up to £15m in funding to help strengthen cyber security in Commonwealth countries.

The funding is also aimed at assisting efforts to tackle criminal groups and hostile state actors who pose a global threat to security, including in the UK.

At the Heads of Government Meeting (CHOGM) in London, leaders are due to sign a cyber declaration, which will be the world’s largest and most geographically diverse inter-governmental commitment on cyber security cooperation.

In making the announcement, the UK government said that supporting other countries to build their cyber resilience helps them prevent criminals and hostile state actors from operating online and targeting other countries.

The Commonwealth Cyber Declaration sets out, for the first time, a common vision for ensuring the internet remains free and open across the Commonwealth.

It will commit members to raising national levels of cyber security and increased cooperation to counter those who seek to undermine nations’ values, security, even the integrity of elections.

The new funding will help Commonwealth countries to prevent and respond to cyber security risks affecting governments, businesses and citizens.

Some £5.5m of the funding has been earmarked to enable low- and middle-income Commonwealth members to carry out national cyber security capacity reviews before the next CHOGM in 2020.

Prime minister Theresa May said cyber security affects all countries because online crime does not respect international borders.

“I have called on Commonwealth leaders to take action and to work collectively to tackle this threat,” she said. “Our package of funding will enable members to review their cyber security capability, and deliver the stability and resilience that we all need to stay safe online and grow our digital economies.

“The Commonwealth plays a pivotal role in shaping the future for many of its members. We have put security on the agenda for the first time so we can work together and build a safer future, both for Britain and for the 2.4 billion people around the world who live in the Commonwealth.”

Mark Adams, regional vice-president for the UK and Ireland at Veeam, said it is encouraging to see the UK government acknowledging collective responsibility for the safety of the Commonwealth from the rising threat of cyber criminals and hostile state actors.

“If the last few years have shown us anything, it is that data theft is now a booming business and the damage that can be done by the likes of ransomware can be staggering,” he said.

“Nobody can afford to be caught out by such potent threats. Especially with GDPR [General Data Protection Regulation] coming into force in a matter of days, the risks to both our reputations and our bank balances are simply too high.

“We cannot continue to see businesses suffer publicly because they haven’t been adequately prepared to cope with the latest and most sophisticated cyber attacks.”

Andrew Davidson, head of marketing, enterprise and cyber security EMEIA at Fujitsu Global, said the UK funding is the right approach to tackling an increasing complex problem.

“The cyber security threat is evolving with remarkable speed, and malignant actors are constantly finding new ways to harm organisations,” he said. “Bringing together a variety of cyber security experts will enable these countries to tap into diverse capabilities and approaches to defence.

“And at a time when businesses operate in globalised markets, cyber attackers often seek back doors into organisations, attacking them at their weakest point and using that as a beachhead into the most sensitive data. This means that borders are irrelevant to cyber security.

“A weakness in New Zealand can be used to get into the British part of a business. While it is alarming to note that only 10% of businesses see cyber crime as the biggest threat to their success, it is great to see the government stepping in with an international approach to cyber security.”

Biggest challenges

Keith Graham, CTO at SecureAuth, said cyber threats are one of the biggest challenges facing governments, businesses and society.

“While this declaration is a clear acknowledgment of this from Theresa May, £15m across the Commonwealth will need to be used extremely wisely, addressing the weakest areas of cyber defences first,” he said.

Graham said there is no “lifelong solution” to cyber security, and because it is a constantly evolving and moving target, strategies for cyber defence should operate at two levels.

“Firstly, there is an argument that for cyber security to be effectively addressed at a government, corporate and citizen level, there needs to be an independent layer overseeing how cyber security is handled and tackled – reflecting the fact that there are no international borders for cyber criminals,” he said.

“Second, with stolen credentials at the heart of the majority of data breaches, there is a strong need for governments and businesses alike to look at identity and access management first. Organisations need to protect identity, protect access upfront, protect networks and applications.

“This two-pronged approach can deliver best-practice cyber security strategy and intelligence sharing based on international cooperation, while employing the latest technologies to defeat criminals on the front line.”

Read more on Hackers and cybercrime prevention