Security and prosperity through innovation

Security lock console background

Security lock console background. Credit: Yuri Samoilov CC BY 2.0

The government’s new Strategic Defence and Security Review (SDSR), updates and replaces the previous SDSR released in 2010. The new report places a strong emphasis on the importance of cybersecurity to the UK.

Like its predecessor, the new Review takes an expansive view on security, considering national threats as diverse as resource insecurity, organised crime, or biological weapon attacks. As with 2010’s National Security Strategy, hostile cyber-attacks are classified as the highest level of threat, comparable to terrorist attacks, international conflict, and pandemic disease.

Where the previous Review was predominantly focused on the nature of threats and the necessary precautions against them, the latest SDSR goes further, framing national security in terms of prosperity and international influence. To this end the Report uses more language reflecting growth, with references to prosperity and innovation rising from 14 and 4 to 71 and 39 respectively.

Making cybersecurity a priority

Cybersecurity is one of the disciplines which falls within the scope of the SDSR, and benefits from enthusiasm from within government. The report highlights the UK’s strong basis in both the practical and research aspects of cybersecurity with the stated ambition of harnessing this strength for both economic and security benefits. The role and importance of research in cybersecurity is the focus of ongoing work at the Royal Society.

As a form of defence, cybersecurity will become a core competency of the Armed Forces, and the intelligence agencies gain new staff and expanded roles in cyberdefence. Cybersecurity is also seen as a lucrative source of growth for the UK, an opportunity for ongoing academic and industrial activity which the nation should pursue in earnest.

The government also sees a leading role for the UK in forming an international consensus about how cybercrime should be considered, and how nations should treat digital spaces; this serves to enhance and project the UK’s international influence.

Cybersecurity research and innovation in the UK

The SDSR outlines several proposals to support and grow the UK’s cybersecurity industry and research base. The exact plans will not be known until the publication of the new National Cyber Strategy in 2016. We expect the proposals to build on existing strengths – both within academia and industry – to find better ways to develop discoveries into working products and services.

The Review’s proposals build on the style of existing programmes for research and innovation such as the network of Catapult Centres, the Academic Centres of Excellence (ACE) Scheme, and the Small Business Research Initiative; however the SDSR also features new and increased roles for GCHQ in this area.

While the ACE scheme is run by CESG – GCHQ’s information security division – the other schemes are run by Innovate UK. The recent Spending Review ensured that Innovate UK will continue to exist and is set to fall under the umbrella of Research UK as envisioned by the Nurse Review.

Meanwhile, the new programmes proposed for cybersecurity all have a mix of direct and indirect links to GCHQ. These initiatives include a new National Cyber Centre in Cheltenham, which will leverage the security expertise present in GCHQ to offer cybersecurity advice and support to companies, as well as two new cyber innovation centres – one of which will likely also be based in Cheltenham – which will serve as hubs for developing and marketing new cybersecurity products and services. These will benefit from part of the £1.9bn earmarked for a range of cybersecurity activities.

There is also a further special fund of £165m that will be used to procure cybersecurity products and services from UK start-ups and small businesses for defence purposes. How these new proposals will affect funding for cybersecurity research outside of government and build on the strength of UK academia and industry is unclear.