The UK Government announced its new National Cyber Strategy this week, outlining measures across the public, private, third, and defence sectors to ‘solidify the UK’s position as a global cyber power.’ It’s an ambitious document, and follows hot on the heels of the creation of a new National Cyber Force – a ‘partnership between defence and intelligence’ focused on ‘countering threats, [and] disrupting and contesting those who would do harm to the UK and its allies.’
Clearly this is an area the Government is keen to develop. Among other things, the new strategy encompasses hefty investment in private sector growth and innovation, diversity and inclusion, education (from schoolrooms to professional upskilling), and military capabilities. The word here is ‘integrated’ – everyone from high-profile spooks to office IT managers, from Whitehall to the school hall, are invited to do their bit.
A connected societal defence
A concerted national cyber effort on this scale is a good thing. It’s inescapably true that connected technology is the foundation of our modern society, and that as a result, cybersecurity and innovation are crucial to a safe, productive country.
That’s true across the board. We need cyber defences to protect key public services like the NHS and the National Grid from attack, just as much as we need to help companies protect their business against fraud or data loss. We also need to maintain individuals’ privacy in an increasingly connected world. No area of society is untouched, so the Government’s holistic approach needs to be unwaveringly focused.
Skills and mid-market responders
It is encouraging to see the inclusion of measures to “kickstart” cybersecurity careers with supported training, and to maximise diversity and inclusion in the sector. These actions are essential. As demand for effective cybersecurity continues to expand, and the need for top-flight innovation intensifies, we stand the very real risk of a skills shortage. The more people we can get enthused and trained in cybersecurity – at all stages and from all backgrounds – the stronger the position our businesses and organisations will be in.
The strategy also stresses the importance of the partnership between the private and public sectors. This is essential to a well-functioning cyber defence. Unlike in conventional warfare or crime prevention, which are the preserve of the armed forces and the police, many cyber battles are fought by private organisations. New threats are often discovered through attacks on the private sector (and more and more so, mid-sized organisations). If the UK is to keep up with evolving threats, it’s essential that the financial and technical heft of the public sector is married with the agility and lived experience of cyber responders in the mid-market.
Collaboration, the key to execution
The plan perhaps borders on the overambitious. Such a high level of collaboration between educators, defence specialists, tech companies, IT teams, entrepreneurs, and law enforcement is a lot easier said than done. As with all policy announcements, this part of the execution will be crucial. The ability to collaborate is an essential part of our future cyber defences.
There’s also a need to ensure that investment is funneled into the most effective areas of cyber innovation. As the strategy acknowledges in its section on Drivers of Change, ‘emerging technologies such as “large-scale autonomous systems – and the information they generate – will create new opportunities and risks and open up new cyber capabilities for attackers and defenders.” In other words, for this strategy to have an impact, it must focus on growing the UK’s capabilities in an autonomous cyber response.
Autonomous Integrated Cyber Security
Autonomous security is a critical weapon in the fight against ever-more numerous attacks. Being able to identify genuine threats and take action to mitigate them has to be quicker than the human eye. If we fall behind in this area, the results will be dire – but if we invest, the benefits of autonomous security will be felt right across the spectrum of sectors.
The specification of ‘the information they generate’ is also pertinent. We need to do more than just set up a whole raft of isolated security solutions, whether in our businesses or at a national level. Integration between systems is crucial, so that attack data from one vector can be analysed and shared with other defence solutions, decreasing the chance of an attack spreading through networks after evading one gatekeeper.
Overall, the National Cyber Strategy is good news for the UK cybersecurity sector, and the country. A proactive, integrated approach to security is essential, and though it may not be possible to deliver on every promise in the document, it’s certainly a step in the right direction. With a highly innovative private sector and committed public sector teams working in tandem, the future is bright for UK cybersecurity.