{"id":63904,"date":"2015-11-09T17:30:49","date_gmt":"2015-11-09T17:30:49","guid":{"rendered":"http:\/\/mostafa.openonline.co.uk\/?guid=02b939ddbc5770e46c19bc4cfb4c9d4c"},"modified":"2015-11-09T17:30:49","modified_gmt":"2015-11-09T17:30:49","slug":"speech-secure-digital-transformation-ia15-matt-hancock-speech","status":"publish","type":"post","link":"https:\/\/mostafa.openonline.co.uk\/?p=63904","title":{"rendered":"Speech: Secure digital transformation IA15: Matt Hancock speech"},"content":{"rendered":"<div class=\"govspeak\">\n<p>There are many advantages to living in a city. Cities allow for complex trading networks, economic specialisation, jobs, prosperity, a chance to get on. But for most of human history life in a city also involved a high level of risk: from fire, from crime and most of all from disease. <\/p>\n<p>The point is this: economic progress always creates new risks. No sooner had the first coins been minted than people began to clip off the edges or dilute them with lower value metals. Insider trading is as old as the stock market. <\/p>\n<p>And once it became possible to store information on a digital network it was inevitable that people would try to break in and steal it.<\/p>\n<p>You might remember that famous episode of BBC Micro in 1983. The hosts logged in to one of the first commercially available email accounts, only to find it had been hacked on air. And as digital progress has grown, so the risks have grown. <\/p>\n<p>This is no longer an issue for the IT department. It\u2019s a boardroom issue, a cabinet table issue. <\/p>\n<p>And here\u2019s why it matters. We have one of the most digitally advanced economies in the world, and the digital economy depends on trust. If people don\u2019t trust that their data is safe they won\u2019t do business online. <\/p>\n<p>And it matters for government too because we\u2019ve begun to upload the state. We have one of the most digitally advanced governments in the world. And secure networks and secure data are both mission critical for securing public trust in what we\u2019re trying to do.  <\/p>\n<h2 id=\"the-scale-of-the-threat\">The scale of the threat<\/h2>\n<p>Any response must begin with a clear-eyed assessment of the threat. <\/p>\n<p>Let\u2019s look at the evidence. Massive security breaches are happening more often. Sony, TalkTalk, the United States Office of Personnel Management \u2013 these are just some of the more high profile cases. <\/p>\n<p>What you don\u2019t hear in the headlines is that this is a constant, relentless bombardment. Last year 90% of large businesses reported an information security breach. <\/p>\n<p>Nor is it just business. On average, 33,000 malicious emails are blocked at the gateway to the Government Secure Internet, every single month. Last summer GCHQ responded to around 200 incidents. This summer it was around 400. <\/p>\n<p>And the economic damage is growing. For larger companies, the average cost of the most severe breaches starts at \u00a31.5 million, up from \u00a3600,000 last year. <\/p>\n<p>The real figure may be much higher. One survey found that 70% of UK businesses didn\u2019t disclose their biggest security breach last year.<\/p>\n<h2 id=\"the-opportunity\">The opportunity<\/h2>\n<p>But it\u2019s not all doom and gloom. I\u2019m an optimist, and just as we\u2019ve tamed city living and currency security I think we are equal to this challenge. <\/p>\n<p>Again, let\u2019s look at the evidence. We are the country of Ada Lovelace, Alan Turing and Tim Berners-Lee. Today our universities produce cutting-edge research in crypto, network security and information assurance. <\/p>\n<p>We\u2019re one of the top 5 exporters of security services, with an industry that\u2019s growing at 15% a year. <\/p>\n<p>And we\u2019re leading the world in the digital transformation of government \u2013 even exporting GovTech as other countries borrow our code and methods.<\/p>\n<p>Seventy years ago we cracked the Enigma code, at a time when real bombardments were raining down on our cities. It didn\u2019t just help win the war, it also led to huge advances in computer science. <\/p>\n<p>In securing our defences, we too have an opportunity. Not just to avert disaster, but to grow our economy and make government work better for the citizens we serve. <\/p>\n<p>So today I want to talk about what we can do as a government, and what we can all do together. <\/p>\n<h2 id=\"what-we-can-do-as-a-government\">What we can do as a government<\/h2>\n<p>I\u2019ll start with government. Our goal is to make Britain one of the safest places in the world to access public services or do business online. <\/p>\n<p>In 2011 we launched the UK\u2019s first <a href=\"https:\/\/www.gov.uk\/government\/collections\/cyber-security-strategy-progress-so-far--2\">National Cyber Security Strategy<\/a>, setting out how this would be achieved. <\/p>\n<p>Since then, we\u2019ve invested \u00a3860 million in cyber security. <\/p>\n<p>That includes:<\/p>\n<ul>\n<li>risk reviews of <a rel=\"external\" href=\"http:\/\/www.cpni.gov.uk\/about\/cni\/\">Critical National Infrastructure<\/a> companies<\/li>\n<li>establishing the <a rel=\"external\" href=\"https:\/\/www.cert.gov.uk\/what-we-do\/\">National Computer Emergency Response Team<\/a> <\/li>\n<li>setting up a <a rel=\"external\" href=\"http:\/\/www.nationalcrimeagency.gov.uk\/about-us\/what-we-do\/national-cyber-crime-unit\">Cybercrime Unit in the National Crime Agency<\/a>\n<\/li>\n<li>creating <a href=\"https:\/\/www.gov.uk\/government\/publications\/cyber-essentials-scheme-overview\">Cyber Essentials<\/a> to show businesses how to get the basics right<\/li>\n<li>funding cyber-skills at every level of the education system; and<\/li>\n<li>leading on this agenda internationally<\/li>\n<\/ul>\n<p>But it\u2019s more than that. We\u2019re also fundamentally rethinking the way we design and build digital public services. This is mission critical when money is tight and the public\u2019s expectation for those services is higher than ever. <\/p>\n<p>So this is the approach we will take. <\/p>\n<p>First, we\u2019re treating security as a core responsibility, rather than outsourcing it to our suppliers. <\/p>\n<p>Many successful attacks exploit out-of-date systems and GovTech used to date very quickly indeed. Some of our legacy systems were designed before the invention of the web. Security had to be bolted on top, rather than designed in from the outset. <\/p>\n<p>So we\u2019re now phasing out the large inflexible contracts that locked us into aging IT. And we\u2019re building iterative, adaptive systems, which allow us to rapidly react to new threats.   <\/p>\n<p>We can change the code that runs <a href=\"https:\/\/www.gov.uk\">GOV.UK<\/a> within an hour for example. We now need to embed this approach across Whitehall. <\/p>\n<p>Second, we now recognise that modern data security and effective data management go hand in hand. <\/p>\n<p>We\u2019ve come a long way since 2007, when HM Revenue &amp; Customs was posting CDs with everyone\u2019s child benefit details in unrecorded packages. Departmental data is not only more open and more shared but better organised and better audited. <\/p>\n<p>Modern data usage is essential to better data security. Knowing exactly what data you own makes it more secure and easier to rationalise, cutting out duplication and bringing us closer to canonical datasets \u2013 the foundation of sound data infrastructure.  <\/p>\n<p>We also know that it sometimes makes more sense to decentralise citizen data. Look at <a href=\"https:\/\/www.gov.uk\/government\/publications\/introducing-govuk-verify\">Verify<\/a>, our new <abbr title=\"identity\">ID<\/abbr> platform, which allows you to prove who you are so you can access services safely online.    <\/p>\n<p>It offers a level of identity security which wasn\u2019t previously possible online, yet it doesn\u2019t rely on a central database containing all the user\u2019s details. Instead you choose a certified company, then a range of certified <abbr title=\"identity\">ID<\/abbr> assurance providers can vouch for you by verifying your identity to a level of  security that meets published government standards. <\/p>\n<p>Third, we\u2019re treating usability as a security feature. <\/p>\n<p>The biggest weakness in any system is a human being. We are all fallible creatures, programmed to take shortcuts, prone to find the path of least resistance, if not all of the time then at least some of the time. If you don\u2019t think that\u2019s true, ask someone who\u2019s married. <\/p>\n<p>If your system demands too many long, complex passwords people will just write them down on a post-it and stick it on their monitor. <\/p>\n<p>When security trumps usability, people just find new ways to use technology. Following the user need itself improves security.  <\/p>\n<h2 id=\"what-we-can-do-together\">What we can do together<\/h2>\n<p>So government action is vital, but we can\u2019t do this on our own. This is already a tight-knit community, with well-established collaborative networks between industry, government and academia. <\/p>\n<p>And I want us to go further. Further on skills. We all need to work together to deliver both a ready supply of talent and a basic level of knowledge among UK citizens. <\/p>\n<p>As a government, as well as putting coding in the curriculum from age 8, we will make sure that all young people leave education with a basic understanding of cyber security and how to stay safe online. <\/p>\n<p>We\u2019re expanding the <abbr title=\"science, technology, engineering and maths\">STEM<\/abbr> subjects that open doors to a career in this field \u2013 from school to postgraduate level. <\/p>\n<p>We need businesses to offer more training and apprenticeship opportunities. <\/p>\n<p>In the last Parliament GCHQ launched its own apprenticeship programme, 80 have already graduated and we\u2019re making an additional 140 placements available over the next 2 years. <\/p>\n<p>But we need more businesses following our lead, and I\u2019m pleased to see that BT are already recruiting more cyber security apprentices. <\/p>\n<p>We also need to go further on research. <\/p>\n<p>This is a constantly evolving field and everyone has a duty to keep themselves informed of the threat, to scan the horizon for trends, and to act on them. <\/p>\n<p>We know that businesses want to invest in research, but some find it difficult to target the right opportunities and where investments are made they\u2019re not always visible and focused.  <\/p>\n<p>So today we\u2019re <a rel=\"external\" href=\"http:\/\/www.gchq.gov.uk\/press_and_media\/press_releases\/Pages\/cyberinvest-boosts-uk-cyber-research.aspx\">launching CyberInvest,<\/a> a new public-private partnership, bringing together government and industry to invest in and support the development of cutting edge cyber security research. <\/p>\n<p>And we need to go further on the tech itself. <\/p>\n<p>Open and collaborative development between government and the leading industry players means we can build products quickly and cost-effectively, and then share the results of our innovation. <\/p>\n<h2 id=\"conclusion\">Conclusion<\/h2>\n<p>I want to end where I began, with the city. Because if the story of the nineteenth century was one of migration from country to city, the story of this one is about migration from an analogue to a digital world. <\/p>\n<p>And just as then, we\u2019re capable of evolving and adapting. Confronted with urban squalor, our forebears tunnelled and pumped and engineered their way to a solution. Now we too must harness human ingenuity in the service of our nation: with modern cyber security, modern information security and modern, effective use of data. <\/p>\n<p>It\u2019s critical that we succeed. Everyone has a part to play. And I look forward to working with you to make it happen. <\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>The Minister for the Cabinet Office Matt Hancock spoke about how the government is working with other sectors to improve cyber security.<\/p>\n","protected":false},"author":8,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13],"tags":[],"_links":{"self":[{"href":"https:\/\/mostafa.openonline.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/63904"}],"collection":[{"href":"https:\/\/mostafa.openonline.co.uk\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mostafa.openonline.co.uk\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mostafa.openonline.co.uk\/index.php?rest_route=\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/mostafa.openonline.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=63904"}],"version-history":[{"count":0,"href":"https:\/\/mostafa.openonline.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/63904\/revisions"}],"wp:attachment":[{"href":"https:\/\/mostafa.openonline.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=63904"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mostafa.openonline.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=63904"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mostafa.openonline.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=63904"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}