The Government is aiming to build a long term partnership between public, private and third sectors in a ‘whole of society’ effort as part of its new National Cyber Strategy.
It has highlighted the move as one of the key shifts in its approach compared with the previous strategy published in 2016 and called on all parts of society to play a role in reinforcing the UK’s strengths in cyber space.
The new strategy emphasises the role of government in bringing together the intelligence to understand the most sophisticated threats, enforce the law, set national standards and counter threats from hospital actors – including conducting cyber operations. It says there will be an investment in strengthening national cyber capabilities.
Although it does not provide detail of spending plans, it says this should ensure that critical functions are significantly hardened to cyber attack by 2025 and that all organisations across the public sector are resilient to known vulnerabilities and attack methods by 2030. It will involve increased accountability, standards and independent assurance, and investment to address problems with legacy IT.
Efforts will also be made to provide a more resilient critical national infrastructure, with advanced protection according to the risk posture and an understanding of risks arising from digitalisation and new technologies.
The devolved governments of Scotland, Wales and Northern Ireland are expected to provide input and investment, especially for dealing with threats to operations within their policy areas. This should come with regular and early engagement with the Cabinet Office and other departments – although the devolved governments will continue to develop their own cyber strategies.
New national board
The strategy also includes the creation of a National Cyber Advisory Board to bring together senior leaders from private and third sectors to inform the Government’s approach, and a National Laboratory for Operational Technology Security involving the public sector, industry and academia.
This will require more diversity in the workforce, levelling up the cyber sector across UK regions, expanding offensive and defensive capabilities and prioritising cyber security in the workplace and digital supply chains.
Compared with the previous strategy the new one is more comprehensive, drawing together capabilities inside and outside government, and giving greater weight to the critical technologies and infrastructure that underpin cyber space.
Other key changes include a more proactive approach to fostering and protecting the UK’s competitive advantage in relevant technologies, and more integrated and sustained campaigns to disrupt and deter adversaries. In addition, the Government plans to place cyber power at the heart of the UK’s foreign policy agenda, recognising that every part of the strategy requires international engagement.
The announcement also highlighted the creation of Cyber Explorers online training platform to teach young people relevant skills in classrooms, an adult scheme to bring people from all backgrounds into cyber jobs, and a royal charter for the UK Cyber Security Council.
Building on foundations
Sir Jeremy Fleming, director of GCHQ, said: “The National Cyber Strategy builds on the country’s strong foundations in cyber security that GCHQ’s work has been part of, particularly through the NCSC (National Cyber Security Council).
“But it goes beyond that. It brings together the full range of cyber activities, from skills to communities, and to the use of offensive cyber capabilities through the newly established National Cyber Force.
“It shows how the UK can build capacity across the country to continue to prosper from the opportunities of cyberspace. And, as a leading responsible cyber power, can build alliances with democratic partners around the world to protect a free, open and peaceful cyber space.”
All of the plans are supported by the £2.6 billion investment in cyber announced in this year’s Spending Review.
Image from iStock, benoitb