Britain will announce on Thursday that firms wishing to bid for certain areas of government procurement will have to meet a new standard demonstrating basic levels of cyber security.
The scheme forms part of the latest plank of Britain’s attempt to counter a growth in hostile cyber assaults, which has been earmarked as a top national security issue but whose progress has come in for severe criticism from lawmakers.
“The cyber attack will remain a serious threat to our national security,” said Francis Maude, the minister responsible for cyber security.
“We still have work to do but investment, partnerships, skills, resilience and awareness are in a far stronger position today than before this programme was launched.”
Cyber crime is estimated to cost the economy up to 27 billion pounds every year. Defence Secretary Philip Hammond said in September cyber defences had blocked around 400,000 attacks on the government’s secure internet alone last year.
The new measures to be detailed later on Thursday are the latest part of Britain’s National Cyber Security Strategy, launched in 2011 with 650 million pounds of investment over four years and now boosted with an additional 210 million pounds.
British officials say they are doing more cyber work than most EU nations and the strategy aims to make Britain one of the safest in the world to do business in cyber space.
The plans will include creation of a government-backed cyber standard for businesses which would be adopted for future procurement, while also designed to give insurers, investors and auditors something “they can bite on” when they weigh how good companies are at managing risks.
“With our own suppliers we will be saying you need to have this badge if you want to do business with government in certain categories of procurement,” said a senior government official, speaking on condition of anonymity.
“If you had this standard it will not protect you against the very highest and most sophisticated threats but it would make sure you weren’t going to be easy meat.”
Ministers will also detail plans to boost “cyber exports” – products and services to protect computer networks – from 850 million pounds to 2 billion a year by 2016 by allowing businesses to state they supply the government.
There will also be steps to raise cyber awareness among the public and small businesses, while the government has developed some “guiding principles” with internet service providers to help improve their customers’ online security.
The announcements come a few months after lawmakers on parliament’s Home Affairs Committee said Britain was losing the battle against cyber crime, while in January the Defence Committee said Britain’s armed forces could be “fatally compromised” by a sustained cyber attack.
“I wouldn’t accept that we were losing the war,” said the official, adding the government would detail later efforts they had made to “up their game on this”.
That includes an operation with the U.S. Federal Bureau of Investigation a month ago which led to arrest of 11 people for offences estimated to involve about 200 million of losses to individuals and businesses. (Reporting by Michael Holden; editing by Ralph Boulton)