Build a strong foundation
Often organisations, especially in the public sector, struggle for an accepted version of what ‘good’ looks like for them. This makes technology decisions, strategies, and resourcing far harder. This strategy looks to address that by expanding the National Cyber Security Centre (NCSC) Cyber Assessment Framework (CAF) which previously only applied to Critical National Infrastructure and operators of essential services to all of public sector.
Defend as one
It is acknowledged that individual companies and public sector organisations are still almost 100% responsible for their own cyber security protection. In response, the government has created a new centre called the Government Cyber Coordination Centre (GCCC) to allow them to better respond to attacks on the public sector. In addition, a type of crowdsourced reporting solution called the vulnerability reporting service.
What can be achieved by 2025?
There will be significant work to be done, the government now explicitly states that we must take this seriously and can no longer be approached as a tick box exercise. The first milestones that appear are the Cyber Assessment Framework profiles which will begin to appear by the end of this year, with the adoption expected to have the first objectives completed by 2025.
About the UK Government’s Cyber Security Strategy
The new strategy will be backed by £37.8 million invested to help local authorities boost their cyber resilience – protecting the essential services and data on which citizens rely on including housing benefit, voter registration, electoral management, school grants and the provision of social care.