Within the complex landscape of cyber-security threats
and responses, it is imperative that each agency, department and
Minister knows what it is that they are responsible for, either
uniquely or in partnership with others. This role must be articulated
clearly and understood fully in government at large. The amorphous,
boundary-less nature of cyberspace, and the specific skills and
capabilities needed to operate within it, mean that responsibilities
which apply in the physical sphere cannot simply be read across
to the analogous activity in the cyber sphere.
We welcome the Government's commitment to foster
a vibrant and innovative cyber-security sector in the UK including
a distinct role for the MoD to deliver military capabilities both
to confront high-end threats and to provide potential offensive
capability. However, we are concerned that in the long term, under
unforeseen circumstances, such a narrow role might prove untenable.
Our national understanding of 'defence' has widened to encompass
a range of security threats not traditionally within the purview
of the Armed Forces, and the same may be true of the cyber domain.
For this reason, we consider that the Government as a whole needs
to base decisions about responsibilities on a clear and conscious
rationale, and be prepared to re-examine those decisions as events
warrant. We recommend
that the MoD and the National Security Council keep under review
the delineation of the military role in national cyber-security,
not with a view to expanding that role unnecessarily, but to ensure
that threats are dealt with in the most appropriate and effective
manner, and that the MoD can focus its resources accordingly.
The cyber threat is, like some other
emerging threats, one which has the capacity to evolve with almost
unimaginable speed and with serious consequences for the nation's
security. The Government needs to put in place - as it has not
yet done - mechanisms, people, education, skills, thinking and
policies which take into account both the opportunities and the
vulnerabilities which cyber presents. It is time the Government
approached this subject with vigour.