Cyber security has become one of the UK’s top security priorities, and continued investment in this domain remains an essential part of the nation’s wider counter-terrorism efforts. Ahead of last year’s Strategic Defence and Security Review (SDSR), Chancellor George Osborne announced plans to double investment in cyber security by the end of parliament in 2020, taking total government spend to £1.9Bn.
Mr Osborne’s announcement highlighted the importance of cyber security for the protection of UK businesses, infrastructure and the general public. It is crucial that the services essential to the economy and the safety of the public remain uncompromised which is why so much resource will be invested into countering the growing cyber threat.
Equally importantly, both large enterprises and SMEs should be looking to adopt a strong cyber security strategy to help protect their commercial interests. British industry needs to be aware that every British company is a target, that every British network will be attacked, and that cyber crime is not something that happens to other people.
From 1st January 2016, the Ministry of Defence will require prospective suppliers for all new requirements to have obtained certification from the Government’s Cyber Essentials scheme by any potential contract start date at the latest, and for such certification to be renewed annually. This requirement must further be flowed down the supply chain.
Cyber Essentials is a Government-backed initiative launched in 2014 to guide organisations in protecting themselves against the cyber threat. In order for businesses to work with the MOD or central government more widely, they must demonstrate they have measures in place to guarantee the integrity of their cyber activity. Government guidance documents, cyber security awareness campaigns and major funding have been made available over the last year with the aim of helping to educate businesses of all shapes and sizes about the importance of keeping their business safe from cyber attacks and security breaches.
Recognising the help available, Dr Phil Jones, Head of Cyber Security at Airbus Defence and Space UK, commented: “With my colleague Richard Goodall I attended the launch of the Cyber-security Information Sharing Partnership back in March 2013. CiSP is a government initiative that aims to promote cyber security awareness across industry. I think this kind of initiative and some of the other ones included in last year’s SDSR announced at GCHQ are very good. It shows the UK Government is being proactive and trying to figure out how it can best influence the environment in which people are conducting cyber activity.”
The latest government-commissioned Information Security Breaches Survey conducted in 2015 found that the average cost of the most severe online security breaches for big business started at £1.46M rising to £3.14M, a huge increase from the previous year. For SMEs, the most severe online security breaches can now cost as much as £311,000, more than double the previous year. These rising costs are important to the national economy as well as individual organisations.
There are a variety of methods that government and the military use to ensure their confidential data is kept secure. One of those methods is encryption. Encryption is considered the most effective way to achieve full data security. It involves the conversion of electronic data into another form called ciphertext; this cannot be understood easily by anyone except authorised parties. The purpose of this action is to protect the confidentiality of digital data that may be transmitted via the internet or other computer networks.
Encryption does not prevent the interception of data but it does deny the message content to anyone who may be trying to intercept it. An encryption scheme usually uses a pseudo-random encryption key which is generated by an algorithm. Authorised recipients can easily decrypt the coded message with the key provided by the sender.
Richard Goodall, Head of Cyber Security Engineering at Airbus Defence and Space UK, explained: “Good encryption will protect your data, keeping it secret between two points. In order to minimise exposure to a cyber attack, it is important for us to develop an architecture which is appropriate and minimises customer risk. Encryption is one component of the overall architectural design.”
Airbus Defence and Space has a substantial history in the UK in both encryption and key management, the elements that make up its ‘trusted infrastructure’ offering of high-grade solutions to mainly government customers. The company is using this expertise to expand its products and services to provide protection for organisations that are considered part of the Critical National Infrastructure.
Dr Jones said: “Our main business here in the UK is information assurance. We’re one of a very small number of UK companies that provides encryption capability to all the high-grade levels as accredited by CESG, which is the technical arm of GCHQ. We provide encryption capability to government in all of its forms but we also provide key management. Keys are long strings of information which effectively enable our military platforms to operate.”
Airbus Defence and Space is the only company in the UK that has both encryption expertise and key management capability in its portfolio. Their successes in securing key management systems include the Eurofighter Typhoon combat aircraft and the Airbus A400M military transport aircraft.
The most recent solution from Airbus Defence and Space is Ectocryp Blue; an updated version of an existing encryption device. This is the next generation of the Ectocryp which has been refreshed to comply with the latest set of CESG standards. The company is also releasing V2.0 of Ectocryp Yellow, which provides cost savings by minimising the number of routers required in the customer’s network.
Mr Goodall detailed the capabilities of the new product range: “We’ve developed a generic standard platform which can then be tailored to multiple products. We’ve taken a design-based view of the way we can build a product like that, so now we have a portfolio of products with Ectocryp Yellow and Blue which both abide by the same standards. The Blue is our core product; with a speed of 1GB per second it is one of the fastest high-grade encryption devices on the UK market. The Yellow has a speed of 100MB per second; however, it has a much smaller form factor, ideal for use on desktops. Both solutions can secure up to TOP SECRET level and remove the inconvenience of air-gapping or the cost of expensive private infrastructure.”
Products such as Ectocryp can help prevent cyber attacks and the mass loss of confidential data. Organisations could potentially save millions of pounds by investing in cyber security products and services to help safeguard their businesses against the many different cyber threats. Companies that invest in cyber security can demonstrate that they are serious about adopting a strong cyber security posture, and may help them to gain Cyber Essentials certification thereby enabling them to confidently pursue new business opportunities with both government and the MOD.
If you would like to read more articles like this then please click here
Airbus Cyber cyber security encryption George Osborne Government Government’s Cyber Essentials Information Security Breaches Survey MOD security SME Strategic Defence and Security Review