{"id":49482,"date":"2014-10-30T11:17:59","date_gmt":"2014-10-30T11:17:59","guid":{"rendered":"http:\/\/mostafa.openonline.co.uk\/?guid=3a2d062980bac7f26c2109feeef0e999"},"modified":"2014-10-30T11:17:59","modified_gmt":"2014-10-30T11:17:59","slug":"speech-francis-maude-speech-at-payments-council-cyber-security-seminar","status":"publish","type":"post","link":"https:\/\/mostafa.openonline.co.uk\/?p=49482","title":{"rendered":"Speech: Francis Maude speech at Payments Council cyber security seminar"},"content":{"rendered":"<div class=\"govspeak\">\n<h2 id=\"the-digital-transformation\">The digital transformation<\/h2>\n<p>It\u2019s a pleasure to open the tenth Payments Council Cyber Security Conference.<\/p>\n<p>Tomorrow is Halloween and part of my job description as Minister for Cyber Security is to speak at events like these to try and make the cyber threat sound as dark and menacing as possible so that people take steps to protect themselves.<\/p>\n<p>But this is also an opportunity to take stock of how the digital revolution has completely changed the way we work and live for the better \u2013 because as much as we focus on the threats, we must never lose sight of the benefits.<\/p>\n<p>When Tim Berners-Lee created the World Wide Web 25 years ago, he did so in a way that was open and free. That was an incredible gift to the world, because it made it possible for anyone to take this invention and use it to create new technologies, solutions and opportunities. And that\u2019s exactly what happened in your sector. <\/p>\n<p>This August saw the twentieth anniversary of the first online purchase \u2013 which, believe it or not, was a Sting CD. Despite that inauspicious start, Amazon, eBay and PayPal followed, changing the face of retail, and soon after banks made it possible for people to manage their accounts online.<\/p>\n<p>Alongside online shopping and banking came new ways to manage and transfer money. Over the last 10 years we\u2019ve seen the arrival of one new technology after another: from chip-and-pin to mobile and contactless payments.<\/p>\n<p>There are now more ways to pay than ever before. So the digital revolution has ushered competition, choice, speed and convenience into the world of payments.<\/p>\n<p>And the upside hasn\u2019t just been for consumers and businesses, it\u2019s been a boon for philanthropy too. The internet created new ways to buy but also to give, which has been fantastically useful for the marathon runners, cake bakers and skydivers among us. <\/p>\n<p>Every year payment systems process over 7 billion transactions, worth over \u00a375 trillion \u2013 everything from bills by direct debit to welfare payments by the state. So it\u2019s in all our interests to keep the sector safe.<\/p>\n<p>This should determine the spirit in which we approach cyber security \u2013 not because we\u2019ve been bowed and beaten into defending ourselves, but because we have something wonderful and transformational which we want to strengthen and advance. <\/p>\n<p>And that\u2019s why cyber security is an important part of our long term economic plan \u2013 because we want the UK to be one of the most secure places in the world to do business.<\/p>\n<h2 id=\"trust\">Trust<\/h2>\n<p>When eBay was attacked earlier this year, the damage wasn\u2019t just the theft of data or the possibility of fraud. It was about confidence too. 128 million customers had to change their passwords \u2013 and not all of them came back. <\/p>\n<p>One successful attack \u2013 caused perhaps by the smallest of chinks in a company\u2019s armour \u2013 can have massive repercussions. Whether someone\u2019s buying their Christmas presents online, or using the cashpoint in town, or texting money to a charity while on a train, they all want to be sure their money and their details are safe. <\/p>\n<p>Yet recently JP Morgan suffered a data breach which affected 76 million individual customers and 7 million small businesses in the United States. This is just one of the latest and most high profile examples \u2013 sadly businesses and banks experience these kinds of attacks all the time. And if the largest bank in America can fall victim to attack, then any business or online service can be vulnerable.<\/p>\n<p>This is the threat we face: relentless in nature; global in reach; and substantial in impact. So how do we retain trust and build confidence when faced against this? <\/p>\n<p>Law enforcement is certainly important. That\u2019s why we backed our <a href=\"https:\/\/www.gov.uk\/government\/collections\/cyber-security-strategy-progress-so-far--2\">National Cyber Security Strategy<\/a> \u2013 which celebrates its third anniversary next month \u2013 with \u00a3860 million of investment, much of which is directed toward beefing up our capabilities in this area.<\/p>\n<p>It\u2019s meant we\u2019ve been able to <a href=\"https:\/\/www.gov.uk\/government\/policies\/keeping-the-uk-safe-in-cyberspace\/supporting-pages\/setting-up-a-national-cyber-crime-unit\">establish the National Cyber Crime Unit<\/a> within the National Crime Agency. Half of the <abbr title=\"National Crime Agency\">NCA<\/abbr>\u2019s 4,000 officers are now being trained to become digital investigators and we\u2019re funding the College of Policing to train a further 3,000 officers by 2015. <\/p>\n<p>And earlier this year the Met Police launched <a rel=\"external\" href=\"http:\/\/content.met.police.uk\/Site\/falcon\">FALCON<\/a>, a new cyber crime and fraud team for London which is believed to be the largest of its kind in Europe. It will make the capital a hostile place for cyber criminals and fraudsters and build stronger relations between the Met and London\u2019s businesses. <\/p>\n<p>For the same reasons we\u2019re also establishing specialist cyber teams to run investigations and provide advice and support to the public and businesses in regions.<\/p>\n<h2 id=\"international-co-operation\">International co-operation<\/h2>\n<p>All this will help but, by itself, won\u2019t be enough to keep us safe online. We must recognise that we can\u2019t do it alone. The internet is too large \u2013 and the threat too complex \u2013 for any single organisation to respond by itself.<\/p>\n<p>We will only be truly effective when we work together, pool resources, share information and co-ordinate our response. That\u2019s why our law enforcement agencies are working in partnership with their international counterparts.<\/p>\n<p>Our success against the recent Shylock malware, which had infected 30,000 PCs around the world, is a good example. In the first project of its kind for a UK law enforcement agency, the National Crime Agency led the international response from the European Cybercrime Centre at Europol in The Hague. Investigators from the <abbr title=\"National Crime Agency\">NCA<\/abbr>, FBI, the Netherlands, Turkey and Italy gathered to co-ordinate action in their respective countries, in concert with counterparts in Germany, Poland and France.<\/p>\n<p>The UK is actively engaged with developments in Europe, particularly the <a href=\"https:\/\/www.gov.uk\/government\/consultations\/eu-directive-on-network-and-information-security-call-for-evidence\">negotiation of the Network and Information Security Directive<\/a>: we need strong cyber security in all member states, and this Directive can help. However, this should not come at the cost of onerous regulation on business and we will continue to work hard to influence the negotiations.<\/p>\n<h2 id=\"domestic-co-operation\">Domestic co-operation<\/h2>\n<p>We also need to work together at home. Earlier this year, I opened <a rel=\"external\" href=\"https:\/\/www.cert.gov.uk\/\"><abbr title=\"UK Computer Emergency Response Team\">CERT-UK<\/abbr><\/a>, our first national Computer Emergency Response Team, which will bring about closer co-operation between businesses and the government and law enforcement agencies. It means that there is now a single organisation co-ordinating our response to cyber issues on a daily basis, which can identify and track risks as they emerge and, when necessary, bring others together to respond. <\/p>\n<p>Sitting as part of <abbr title=\"UK Computer Emergency Response Team\">CERT-UK<\/abbr> is the Cyber Security Information Sharing Partnership, or <abbr title=\"Cyber Security Information Sharing Partnership\">CISP<\/abbr> for short. <abbr title=\"Cyber Security Information Sharing Partnership\">CISP<\/abbr> enables government and business partners to exchange information on threats and vulnerabilities as they occur in real time. This enables a \u2018fusion cell\u2019 made up of analysts from business and law enforcement to draw together a single intelligence picture of cyber threats facing the UK. <\/p>\n<p>You\u2019re going to hear more about CERT a bit later on from its director, Chris Gibson, but I would encourage as many organisations as possible to join, because the more that do, and the more information that\u2019s shared, the better the overall picture and the greater our collective resilience.<\/p>\n<h2 id=\"protecting-businesses\">Protecting businesses<\/h2>\n<p>Better law enforcement \u2013 and better sharing of intelligence \u2013 helps us respond to cyber threats, but of course the most effective approach is to defend ourselves against the possibility of cybercrime before it occurs.<\/p>\n<p>Many of you will be familiar with the <a href=\"https:\/\/www.gov.uk\/government\/publications\/cyber-risk-management-a-board-level-responsibility\">10 Steps for Cyber Security guidance<\/a> that we published in 2012.<\/p>\n<p>Responsibility for good cyber security is shared at every level. There\u2019s an onus on the most junior employee to protect his or her passwords \u2013 just as there\u2019s an onus on the chief executive and the non-executive directors to ensure cyber security is taken seriously in board meetings. So if they haven\u2019t already done so, then companies need to have a plan in place to protect themselves, with tried and tested contingencies. <\/p>\n<p>And now there\u2019s a way for firms to show they\u2019re taking the threat seriously, in the form of the new <a href=\"https:\/\/www.gov.uk\/government\/publications\/cyber-essentials-scheme-overview\">Cyber Essentials scheme<\/a>. It gives businesses clarity on good basic cyber security practice and will provide protection against the most common threats. And after going through a certification process, businesses will be able to show they have the right measures in place by displaying the Cyber Essentials badge, which we hope becomes the cyber equivalent of the MOT certificate.<\/p>\n<p>Since October this year government now requires all suppliers bidding for certain personal and sensitive information handling contracts to be Cyber Essentials certified \u2013 because we want good cyber practice to cascade down our supply chain. <\/p>\n<h2 id=\"public-awareness\">Public awareness<\/h2>\n<p>Businesses and government alike must also work together to educate the public \u2013 and online consumers in particular \u2013 so they are better informed of the risks and how they can reduce them. <\/p>\n<p>I hope you have seen our <a rel=\"external\" href=\"https:\/\/www.cyberstreetwise.com\/\">Cyber Streetwise campaign<\/a> in action. It\u2019s a major public awareness campaign delivered in association with a number of private sector partners including Facebook, BT, anti-virus firms and banks.<\/p>\n<p>The first phase of the campaign successfully ran in the beginning of the year and from the evidence we believe it helped avert losses of \u00a327.2 million among the public. And I\u2019d like to thank the Payments Council for supporting the <a rel=\"external\" href=\"https:\/\/www.getsafeonline.org\/get-safe-online-week\/\">Get Safe Online Week<\/a>.<\/p>\n<p>The involvement of government and businesses has helped it become the UK\u2019s leading source of unbiased, factual and easy to understand information on online safety. Recent evidence from the National Fraud Intelligence Bureau revealed that \u00a3670 million was lost nationwide to the top 10 internet frauds in the space of a year.<\/p>\n<p>So it\u2019s the simplest steps that are the most effective such as regularly updating anti-virus software or treating unsolicited emails with caution. And we all need to be repeating these basic messages again and again. Because ultimately it comes back to trust \u2013 if government and businesses come together to present a clear, consistent message to the public, then they will have confidence in our advice and can take the necessary steps to protect themselves. And trust cuts right to the heart of how we build modern digital services, whether in the public sector or in business and retail. <\/p>\n<h2 id=\"govuk-verify\">GOV.UK Verify<\/h2>\n<p>The more we spend our life online, the more important it becomes that someone signing in to use a service is who they say they are. Until now, we\u2019ve had to rely on offline methods, or on digital systems that that don\u2019t give a high enough level of confidence for modern, sophisticated services. <\/p>\n<p>That\u2019s why we\u2019re developing <a href=\"https:\/\/www.gov.uk\/government\/publications\/introducing-govuk-verify\">GOV.UK Verify<\/a>. For the first time it will allow people to prove their identity in an entirely digitally way. And it will allow government \u2013 and eventually private sector services too \u2013 to trust that a user is who they say they are. <\/p>\n<p>This work is still at an early stage \u2013 it went into public beta earlier this month \u2013 but we are working with business to develop the service so that, in time, it can make a real contribution to trust and security in the digital age.<\/p>\n<h2 id=\"conclusion\">Conclusion<\/h2>\n<p>So, in conclusion, the march of technology means there are more ways to pay than ever before. This is good news for businesses and the public alike.<\/p>\n<p>But it does mean we must be vigilant and protect ourselves online. And cyber security must not just be an issue for the IT department \u2013 it\u2019s an issue for the boardroom too. <\/p>\n<p>So my message today is that we must continue to work together. Because only by working together can we share the information and intelligence necessary to combat the threats more effectively. And only by working together we can educate businesses and the public, so we can mitigate our weaknesses before cyber criminals have an opportunity to exploit them.<\/p>\n<p>This will help make the UK one of the most secure places in the world to do business. And it will help ensure people have confidence in the security of new technologies \u2013 so they can continue to benefit from the many ways in which the digital revolution is transforming our lives.<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Francis Maude spoke about improving our cyber security through trust, co-operation and GOV.UK Verify which will prove identities digitally.<\/p>\n","protected":false},"author":8,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13],"tags":[],"_links":{"self":[{"href":"https:\/\/mostafa.openonline.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/49482"}],"collection":[{"href":"https:\/\/mostafa.openonline.co.uk\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mostafa.openonline.co.uk\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mostafa.openonline.co.uk\/index.php?rest_route=\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/mostafa.openonline.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=49482"}],"version-history":[{"count":0,"href":"https:\/\/mostafa.openonline.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/49482\/revisions"}],"wp:attachment":[{"href":"https:\/\/mostafa.openonline.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=49482"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mostafa.openonline.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=49482"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mostafa.openonline.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=49482"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}