On the 15th of December, the Government in the United Kingdom (“UK) published a new National Cyber Strategy, outlining how the UK will cement its position as a global cyber power. The strategy builds upon the Government’s Integrated Review, published earlier this year, and on the previous National Cyber Security Strategy 2016-2021.
What is the National Cyber Strategy about?
At a high level, the UK’s National Cyber Strategy aims to tackle the information security risks associated with rapid innovation and digitalisation. The UK and its citizens have become more dependent on digital infrastructure across sectors such as finance, energy, food distribution, healthcare and transport.
While this digitalisation brings a host of benefits, it also increases the risks of cyber-attacks and data theft. Therefore, the National Cyber Strategy aims to boost the UK’s resilience against these threats.
At the same time, the paper recognises cyber resilience is not just a defensive tactic but a strategic advantage. It notes, by strengthening its cyber power, the UK can set an example to other countries and better support innovation domestically.
What are the goals of the National Cyber Security Strategy?
The Integrated Review, published earlier this year, set out five actions which formed the basis of the strategy. These actions have been formulated into five key pillars, each with granular goals to be achieved by 2025.
The long-term aim of the strategy, as laid out in the paper, is for the UK: “to continue to be a leading responsible and democratic cyber power, able to protect and promote its interests in and through cyberspace in support of national goals by 2030.” Below is an overview of each pillar.
Pillar 1: Strengthen the UK cyber ecosystem
The paper acknowledges the need to build a diverse and technically skilled cyber workforce in the UK. To encourage this, the Government has announced several initiatives. For example, the “Cyber Explorers” online training platform will teach young people cyber security skills at school, while a similar initiative is in the works to assist adults from all backgrounds to access jobs in cyber security, to improve diversity.
As well as this, a new “Royal Charter” for the UK Cyber Security Council has been approved by the Queen. This will establish professional standards and pathways into and through a cyber career.
Lastly, the Cyber Runway scheme will empower over 100 cyber security start-ups to develop their businesses, focusing on helping companies outside London. The paper notes, repeatedly, the importance of supporting growth and skills across the UK, rather than London-based initiatives.
Pillar 2: Build a resilient and prosperous digital UK
In this pillar, the Government has set out plans to lead by example regarding cyber resilience while also equipping UK businesses with the tools they need to stay safe. Key goals from this pillar include a pledge to increase the government’s knowledge of Computer Misuse Act (“CMA“) offences to better understand and protect against online criminal activity.
The Government also mentioned plans to drive behavioural change by developing market incentives and regulations which improve domestic cyber security practices. It notes the National Cyber Security Centre (“NCSC“) will be a crucial lever for delivering insights and expertise to support businesses.
Pillar 3: Take the lead in the technologies vital to cyber power
The paper acknowledges emerging technologies such as 5G, artificial intelligence and blockchain will be intrinsic to the UK’s development as a cyber power. It, therefore, sets out a broad stroke plan to establish a function which anticipates scientific and technical advancements and their cyber implications.
The paper also promises to support academics and researchers who focus on emerging technologies, offering them funding to support their research. This includes the establishment of a national laboratory to analyse operational technology security.
For connected products, which are increasingly becoming a part of our everyday lives, the paper notes the planned implementation of a dedicated bill to enforce minimum security standards for connectable consumer products sold in the UK.
Pillar 4: Advance UK global leadership and influence for a more secure, prosperous and open international order
This pillar is focused on creating a harmonious and peaceful international cyberspace and using the UK’s leadership role to support developing areas, including places in Africa and the Indo-Pacific, to harness the power of technology for global benefit.
To achieve this, the UK will continue to work with international bodies such as NATO, the Commonwealth, the OECD and the Global Forum on Cyber Expertise (“GFCE”) to build international accountability frameworks for cyber security.
At this stage, the objectives in this pillar are high-level. We can expect more details in the coming months.
Pillar 5: Detect, disrupt and deter our adversaries to enhance UK security in and through cyberspace
To defend against cyber threats, the UK will continue developing and investing in offensive cyber capabilities through the National Cyber Force (“NCF”). This includes plans to update the Counter State Threats Bill, introducing new legislation relating to cybercrime offences, which will give authorities more power to prosecute malicious actors who are found guilty of cyber-crime.
At this time, the breakdown of funding for the strategy is not available, but we know these pillars are to be supported by a £2.6 billion investment in cyber announced in this year’s Spending Review.
Many of the goals announced are not new but are a natural evolution of the Government’s previous strategy. For UK businesses, the main takeaway is you have a role to play. Cyber security can be a competitive advantage and encourage innovation, but it can also be a critical risk if ignored. By being proactive about cyber security, organisations can better adapt to changing economic conditions and boost trust with their suppliers, partners and customers.
If you need help or advice on managing your business’s security, we’re here to help. We can advise on your security vulnerabilities, select the right security technology and check that your systems are configured correctly. We can also put policies in place and run staff training exercises. Contact us for a friendly chat.