The new UK National Cyber Strategy sees many government departments combine, each with a part to play in securing the digital world. They were due to come together at a launch event in Birmingham; due to the Omicron variant of the covid pandemic, many of those invited had to watch remotely instead; including Mark Rowe.
As on such occasions you have to wade through official jargon and buzz-words; plus a recent, Boris Johnson-era development of describing anything by the UK that is not obviously shambolic as ‘world-leading’ or ‘world class’. There was a fair share of that; such as describing the UK as a ‘global cyber power’. It did have merit because of the nature of cyber; it’s global; anyone’s cyber security is only as strong as the weakest link; whether you are buying a smart fridge for Christmas, or a business looking for opportunity in digital risks.
A theme of a launch panel this morning compered by Dr Emma Philpott of certification body IASME was of opportunity; and of something else besides, whether cyber is a necessity, or a risk to manage. Digital tech comes with pitfalls; but, with the right skills, knowledge, and governance, among other things, you – a tech user, a business, or a citizen accessing government services – can have confidence despite those risks.
Lindy Cameron, chief of the UK official National Cyber Security Centre (NCSC), noted that the strategy re-affirms the NCSC as a technical authority. She set out the case for understanding the most sophisticated threats (whether from organised crime, or nation states) and using that to make the UK the safest place to live and work online. She welcomed also the strategy’s looking into the future, for she predicted that the internet will change a lot in the next decade.
She was one to say that the UK wants to be a ‘cyber power’, making sure that the UK, and the world, can use tech as safely as possible, and not be paralysed by the idea of a threat that we cannot deal with.
Also on the panel, Oz Alashe, spoke of the ‘yin and yang’, of ‘opportunity and challenge’. The UK is one of the most digitised societies; and a ‘hugely ambitious’ country.
There are things, Lindy Cameron said, that people can do, to look after themselves, and others, online; if you see a scam text, or a suspicious email, you can report it to the NCSC. The strategy, she said, has different messages for different audiences; for whether you use a personal device; or whether you are a CEO, and what you ought to ask your CISO (chief security information officer). She reminded us that we would not have got through the pandemic if we were not equipped with laptops – as seen again in the last week, as the Omicron variant has made an impact.
The panel dwelt on matters strictly for the cyber specialists. Staying with the pandemic, there was a comparison made with healthcare. Public perspective on healthcare does not focus on the gory bits and death, but the benefits of healthcare; so it should be with cyber, it was suggested, rather than a narrow focus on the negative, criminal side of cyber. For cyber security to become a profession calls for standards; ethics; and qualifications for people to gain and for organisations to know to seek, for example for penetration testing.
Lindy Cameron returned here to her point about different audiences; cyber specialists need high end skills, hence the NCSC has recognised academic ‘centres of excellence’; and public users of tech need other skills.
The launch gave off different messages about how this relates to the rest of the world: both cooperation and competition were implied; the UK as both ‘global citizen’ and ‘global player’ that wants to ‘stay ahead of the pack’. Cyber is not something that a country can do in isolation; and if it is, then you miss out on digital business opportunity.
Lindy Cameron said that the UK does not have the option ‘to draw up some kind of mythical drawbridge and retreat’; hence the UK seeks to shape the ‘rules of the game’ in cyber; and, to challenge ‘poor behaviour’ in others.
You can read the strategy at https://www.gchq.gov.uk/news/national-cyber-strategy-2022.
