The UK government has launched the second phase of its National Cyber Strategy, with a broader focus to strengthen the national cyber security ecosystem, backed with £2.6bn over the next three years – a considerable increase on the £1.9bn allocated to the previous strategy.
The first iteration of the strategy, launched in 2016, reflected in large part the response to what was then regarded as a top-level threat to the country’s national security – and despite drawing some criticism over missed targets, it has generally been quite successful in its aims, with its most significant achievement being the creation of the National Cyber Security Centre (NCSC), now a world-beating authority.
But much has changed since 2016, with exponential advances in technology, a rapidly evolving threat landscape, and many other factors combining to make cyber security a “whole-of-society” concern.
The new strategy reflects this, centring issues such as improving cyber skills in the service of building a resilient and prosperous digital economy, improving industry diversity, levelling up regional security sectors, and advancing the UK’s global influence and leadership in the field, as well as detecting, deterring and disrupting adversaries. Many of these issues were previously trailed in the Integrated Review earlier in 2021.
“The new National Cyber Strategy transforms how the UK will advance its national interests in cyber space and is a major milestone following the publication of the Integrated Review earlier this year,” said Steve Barclay, chancellor of the Duchy of Lancaster.
“It sets out a clear vision for building cyber expertise in all parts of the country, strengthening our offensive and defensive capabilities and ensuring the whole of society plays its part in the UK’s cyber future, and comes with record funding to match.”
Among the concrete pledges in the strategy are: to increase police funding to tackle cyber crime, to bolster investment in the National Cyber Force, to expand the NCSC’s research capabilities, to implement the Product Security and Telecommunications Infrastructure Bill enforcing minimum standards in connected products, and to invest in public sector security to help key public services keep their heads above water.
The new strategy also recognises the important role of the private sector in the country’s cyber security, with the industry now encompassing more than 1,400 homegrown businesses contributing billions to the economy, and supporting almost 50,000 jobs.
The government hopes to further public-private sector collaboration on cyber with the establishment of a National Cyber Advisory Board (NCAB), bringing together security leaders to “challenge, support and inform” government security policy, as well as the creation of a new National Laboratory for Operational Technology Security, bringing together government industry and academia.
Five pillars
The new strategy has five pillars, which are:
Strengthening the cyber ecosystem
- Strengthening structures, partnerships and networks in service of the “whole-of-society” approach.
- Enhancing and expanding cyber skills at every level, from schools outreach through a new Cyber Explorers scheme, to adult programmes to equalise access to the security workforce and improve diversity, and support for the UK Cyber Security Council’s remit to bring cyber jobs in line with other regulated professional occupations, such as accountancy or law – the Council has just received its Royal Charter from the Queen.
- Fostering a “sustainable, innovative and internationally competitive” cyber sector, delivering quality services to meet the needs of both government and the wider economy.
Building a resilient and prosperous digital UK
- Improving understanding of risk to drive effective action on security and resilience among businesses.
- Promoting effective risk management to help UK organisations better prevent and resist cyber attacks.
- Strengthening national and organisational resilience to prepare for, respond to, and recover from attacks.
Taking the lead in technologies vital to cyber power
- Improving the UK’s ability to anticipate, assess and act on relevant science and technology developments regarded as most vital to cyber power.
- Fostering and sustaining the advantage the UK and its key allies hold in security.
- Preserving a robust and resilient national crypt-key enterprises to meet the needs of government customers, partners and allies.
- Securing the next generation of connected technologies and infrastructure, mitigating the risk of dependence on global markets and ensuring access to safe and diverse tech supply.
- Working with the community to shape the development of digital technical standards that uphold the UK’s values, secure its strategic advantages in science and technology, and ensure its national cyber security.
Advancing UK global leadership and influence
- Strengthening and security and resilience of the UK’s allies and taking action alongside them to disrupt and deter adversaries.
- Taking the lead on global governance in the service of a free, open, peaceful and secure internet.
- Leveraging and exporting the UK’s cyber capabilities and expertise.
Detecting, disrupting and deterring adversaries
- Detecting, investigating and sharing information on state or criminal cyber actors and activities to protect UK interests, organisations and citizens.
- Taking action in and through cyber space to support the UK’s national security, and prevent and detect serious crime.
GCHQ director Jeremy Fleming commented: “The National Cyber Strategy builds on the country’s strong foundations in cyber security that GCHQ’s work has been part of, particularly through the NCSC. But it goes beyond that – it brings together the full range of cyber activities, from skills to communities, and to the use of offensive cyber capabilities through the newly established National Cyber Force.
“It shows how the UK can build capacity across the country to continue to prosper from the opportunities of cyber space, and, as a leading responsible cyber power, can build alliances with democratic partners around the world to protect a free, open and peaceful cyber space.”