The task of the UK’s National Cyber Security Strategy is far from complete, according to a ‘progress report’. The geopolitical, technological and threat environment is constantly evolving, said Chancellor of the Duchy of Lancaster David Lidington in a foreword.
“We must therefore look now to the future beyond 2021 and identify how we can sustain a long term national response. We cannot do this alone. We need to work even more closely with industry and wider society in the UK and internationally, to ensure that the best ideas are put into action.”
The report claimed ‘significant achievements’ and that the UK is safer now than it was in 2016 as a result of the strategy, pointing for example to the setting up of the National Cyber Security Centre (NCSC). However, the expansion of digital and mobile connectivity and proliferation of ‘Internet of Things’ (IoT) devices has not been accompanied by improved security in internet infrastructure or hardware and software design, the report warned. “It is easier and cheaper for criminals to get hold of the tools and exploits required to launch high volume, low sophistication cyber attacks.”
The report admits the sheer scale of organised, international cyber-crime: “Over the last two years we have carried out 665 disruptions, including arrests, dismantling criminal infrastructure, and working with partners to prevent and disrupt offenders in international jurisdictions. We have analysed and shared information with service providers on the compromised details of 1.5 million victims to ensure their private information could not be exploited further by criminals.”
Comments
Kat Sommer, head of public affairs at NCC Group said: “The NCSS should be recognised for materially strengthening the UK’s cyber resilience over the past two and a half years. The NCSC’S world-leading role in distilling cyber security knowledge to private and public sector organisations is its most visible achievement to date, but initiatives to equip citizens with the knowledge and tools to tackle cyber risks have been equally important.
“By democratising cyber skills, the strategy has facilitated enhanced collaboration between the government, businesses and consumers by broadening each party’s understanding of the role they can play in strengthening both the UK and rest of the world’s cyber resilience. However, we cannot rest on our laurels – especially when we’re still addressing the legacy of security mistakes made over the last 20 years. To build on the positive foundations that have already been established, the second half of the strategy must focus on making cyber security a science by establishing benchmarks to measure and improve our cyber resilience.
“While progress has been made in working collaboratively domestically, we would also encourage the government to focus on strengthening relationships even further with our international partners to stem the growing tide of cyber nationalism.”
Matt Johnson, CTO at Intercity Technology said: “The implementation of the National Cyber Security Strategy has led to a clear shift in mindset for businesses and individuals alike over the last few years. The result has been that both are now far better equipped with the knowledge and tools needed to effectively tackle changing security threats as a priority.
“Much of this maturity is no doubt due to collaboration between government, academic institutions, and the tech industry, which is playing a key role in translating cyber risk into a language that both businesses and consumers can understand, as well as developing truly effective solutions. However, these efforts need to be ongoing. It is now vital to continue this investment, particularly into the UK’s tech sector, so that organisations are resilient enough to face an ever-evolving threat landscape.”
For the 24-page document in full visit https://www.gov.uk/government/publications/national-cyber-security-strategy-2016-to-2021-progress-so-far.
