The UK recently ranked cyber-attack as one of the gravest threats to its national security. In response, our national cyber-security strategy set out how the government aims to meet this threat while continuing to seize the economic and social opportunities of the online world. For Britain, international treaties are not the answer; co-operation with business is key.
That is because across Europe the critical infrastructure of cyber-space is largely owned and managed by the private sector. This means governments have to do more than share actionable information on cyber-threats. They have to find innovative ways to become partners with companies to ensure their systems and data are secure. In return, companies have to raise their awareness of threats, and invest more in protecting their systems.
Co-operation with the public is, of course, also necessary. Governments have to help individuals acquire the know-how to protect personal computers and devices. But people also have a responsibility to be careful about the information they put online, as well as making sure they keep their security software updated.
At the international level, the UK does not believe that binding treaties between governments are the answer. They could take decades to negotiate, by which time cyber-space will have changed beyond recognition. A more practical goal is to build an international consensus on ‘rules of the road’ – an agreed set of norms governing behaviour in cyber-space. This must involve businesses and civil society around the globe as well as governments, since an open, trusted and stable cyber-space is of benefit to us all.
One area where additional government action is required, though, is practical, confidence-building measures between states to avoid the risk of misunderstandings during responses to cyber-incidents. The recent London conference on cyber-space laid the foundations for such an approach, which will be followed up in Hungary this year.
The author is the Former National Security Advisor, UK Cabinet Office.