Interviews

UK National Cyber Strategy welcomed

by Mark Rowe

The new UK National Cyber Strategy has been widely welcomed, whether from industry bodies, or businesses in the field offering products and services.

At the defence and security trade association ADS Group, chief executive Kevin Craven described it as a major milestone following the publication of the Integrated Review. “Crucially, it provides welcome recognition of the need for government to closely partner with industry to respond to the rapid pace of technological and threat change. The new strategy and the accompanying £2.6bn of investment will strengthen the UK’s position as a global cyber power and foster economic prosperity and digital skills across all UK regions.”

Visit the defence think-tank RUSI’s website for comment by Conrad Prince, who points to ’emphasis on a comprehensive, cross-cutting whole of cyber approach’.

Ian McShane, CTO at Arctic Wolf described the strategy as well overdue and although it comes with a large budget there’s likely to be a generational gap before we see meaningful changes, he argued. “There are some promising policies laid out – better law enforcement funding, extra investment in research capabilities and greater support for the public sector, but given how prolific adversaries have become I question whether this is actually going to be enough to help secure businesses today.

“Organisations are already struggling to cope with ransomware attacks and of course the spotlight is currently on pervasive vulnerabilities that are hard to mitigate and resolve. Without the ability to influence and hold software vendors to account, what meaningful improvements will this bring in the short term? Only time will tell if the government is actually waking up to this critical and urgent threat, or whether this is all political hot air.”

The stark reality is that UK businesses are still critically under-prepared and under-resourced for dealing with cybersecurity threats, and there is skepticism in the private sector about the government’s ability to take control of this issue.

Daniel Lattimer, Director Government & Defence, EMEA at CyberArk, said: “It’s especially positive to see investment into securing the public sector, which has fallen victim to numerous potentially devastating supply chain attacks over the last year, showing attackers that it’s a viable route to crippling their operations. Today’s measures are vital both in creating greater visibility, transparency and collaboration across organisations, and also improving trust across the entire software ecosystem.

“While ‘all parts of society’ undoubtedly need to play their part in strengthening the UK’s cyber defence, this effort must be led from the top. The UK government needs to set the agenda for – and adhere to – best cybersecurity practices, while providing direction on how everyone can remain secure, including consumers and businesses alike. Increased budget, new focus areas, and new legislation (such as the Telecommunication Infrastructure Bill) should make this possible, provided closer working relationships are formed within cyber defence from the introduction of the National Cyber Advisory Board and National Laboratory for Operational Technology Security.

“Above all, this new strategy and investment contribute to the country’s cyber resilience, and that’s the most important thing for securing the UK’s cyber future.”

Saj Huq, Director of Innovation at Plexal co-working space on the 2021 Olympics site in east London hailed ‘Strengthening the UK’s cyber ecosystem’ as a key pillar in the new strategy. He said: “Innovation will be at the heart of this, where big and small companies, as well as the public and private sectors, come together. There is a recognition in the strategy that more needs to be done to help early-stage startups to launch, grow and scale their businesses and bring to market products and services that not only meet the needs of industry but of society too.

“Given the impact on early-stage investment during COVID-19, we’re supportive of efforts to further grow and sustain the UK’s innovation pipeline and growing community of cyber security SMEs and startups. The new strategy celebrates the success of the ecosystem and how we’re supporting startups that are using technology to solve big cyber challenges and enable digital innovation. But we can’t afford to be complacent. There’s a sense of distrust and scepticism about the potential of startups among industry and investors, and they are finding it increasingly challenging to tell marketing hype from true product innovation. This is a market failure that we need to address as an industry. The strategy recognises this and references the NCSC’s new technology assurance strategy, which will help create a more trusted market place for key cyber technologies.”

The hardest part of the strategy will be getting people to share information, said Anthony Gilbert, Cyber Threat Intelligence Lead, c. “Naturally, many people working within cyber security are wary of divulging information, however, if we can break down these silos within industry and government, great improvements will be made. The strategy focuses very much on the public sector and law enforcement and could be strengthened it was to a bigger emphasis on collaboration with the private cyber security companies too.

“While the strategy includes the establishment of a new National Cyber Advisory Board, it’s vital that this doesn’t just involve large corporations like Google and Microsoft, but also those in industries that are seeing the biggest cyber threats, such as retail, supply chain and finance. Also, the plan focuses heavily on developing the skills of the future through greater awareness and training in young people, however, it has neglected the huge skills gap we have now. More action needs to be taken to up-skill those who may have relevant security backgrounds but not cyber, to help fill the growing skills gap in the industry.”

You can read the strategy at https://www.gov.uk/government/publications/national-cyber-strategy-2022.

Related News

  • Interviews

    Bug bounty

    by Mark Rowe

    Ryan O’Leary, pictured, VP Threat Research Centre at web security product company WhiteHat Security, discusses why running a bug bounty programme has…

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing