February 15, 2022
UK Government’s Cyber Security Strategy
Our response to UK Government’s Cyber Security Strategy
At the end of January, the Government launched the first-ever Cyber Security Strategy, to further protect public services people rely on. According to the communications issued by the Cabinet Office, the public will be able to contribute to this effort by reporting cyber incidents or weaknesses with digital services. One of the most notable points in the strategy is around the creation of a New Cyber Coordination Centre which will be established in a bid to transform how data and cyber intelligence is shared. In response, we hear from James Holton, Cyber Security Lead at Trustmarque:
The following article was written by James Holton, Cyber Security Lead at Trustmarque.
I approached reading the government’s first-ever security strategy with a little scepticism. The UK’s digital attack surface reflects the diversity of the business and organisations that make up the UK. To say it is vast and rapidly changing would be an understatement.
In addition, the scale and resource of cyber attacks, whether financially motivated or nation-state led, dwarves our collective security spending. The task of better protecting the UK can seem enormous and this is before we even start to become aspirational and talk about the UK as a cyber leader and job creation on a global market.
However, I was left impressed by the approach the strategy lays out and it addresses two challenges that we should all welcome.
Build a strong foundation
Often organisations, especially in the public sector, struggle for an accepted version of what ‘good’ looks like for them. This makes technology decisions, strategies, and resourcing far harder. This strategy looks to address that by expanding the National Cyber Security Centre (NCSC) Cyber Assessment Framework (CAF) which previously only applied to Critical National Infrastructure and operators of essential services to all of public sector.
Defend as one
It is acknowledged that individual companies and public sector organisations are still almost 100% responsible for their own cyber security protection. In response, the government has created a new centre called the Government Cyber Coordination Centre (GCCC) to allow them to better respond to attacks on the public sector. In addition, a type of crowdsourced reporting solution called the vulnerability reporting service.
What can be achieved by 2025?
There will be significant work to be done, the government now explicitly states that we must take this seriously and can no longer be approached as a tick box exercise. The first milestones that appear are the Cyber Assessment Framework profiles which will begin to appear by the end of this year, with the adoption expected to have the first objectives completed by 2025.
About the UK Government’s Cyber Security Strategy
The new strategy will be backed by £37.8 million invested to help local authorities boost their cyber resilience – protecting the essential services and data on which citizens rely on including housing benefit, voter registration, electoral management, school grants and the provision of social care.