The new UK National Cyber Strategy has been widely welcomed, whether from industry bodies, or businesses in the field offering products and services.
At the defence and security trade association ADS Group, chief executive Kevin Craven described it as a major milestone following the publication of the Integrated Review. “Crucially, it provides welcome recognition of the need for government to closely partner with industry to respond to the rapid pace of technological and threat change. The new strategy and the accompanying ยฃ2.6bn of investment will strengthen the UKโs position as a global cyber power and foster economic prosperity and digital skills across all UK regions.”
Visit the defence think-tank RUSI’s website for comment by Conrad Prince, who points to ’emphasis on a comprehensive, cross-cutting whole of cyber approach’.
Ian McShane, CTO at Arctic Wolf described the strategy as well overdue and although it comes with a large budget thereโs likely to be a generational gap before we see meaningful changes, he argued. “There are some promising policies laid out – better law enforcement funding, extra investment in research capabilities and greater support for the public sector, but given how prolific adversaries have become I question whether this is actually going to be enough to help secure businesses today.
“Organisations are already struggling to cope with ransomware attacks and of course the spotlight is currently on pervasive vulnerabilities that are hard to mitigate and resolve. Without the ability to influence and hold software vendors to account, what meaningful improvements will this bring in the short term? Only time will tell if the government is actually waking up to this critical and urgent threat, or whether this is all political hot air.”
The stark reality is that UK businesses are still critically under-prepared and under-resourced for dealing with cybersecurity threats, and there is skepticism in the private sector about the governmentโs ability to take control of this issue.
Daniel Lattimer, Director Government & Defence, EMEA at CyberArk, said: “Itโs especially positive to see investment into securing the public sector, which has fallen victim to numerous potentially devastating supply chain attacks over the last year, showing attackers that itโs a viable route to crippling their operations. Todayโs measures are vital both in creating greater visibility, transparency and collaboration across organisations, and also improving trust across the entire software ecosystem.
โWhile โall parts of societyโ undoubtedly need to play their part in strengthening the UKโs cyber defence, this effort must be led from the top. The UK government needs to set the agenda for โ and adhere to โ best cybersecurity practices, while providing direction on how everyone can remain secure, including consumers and businesses alike. Increased budget, new focus areas, and new legislation (such as the Telecommunication Infrastructure Bill) should make this possible, provided closer working relationships are formed within cyber defence from the introduction of the National Cyber Advisory Board and National Laboratory for Operational Technology Security.
โAbove all, this new strategy and investment contribute to the countryโs cyber resilience, and thatโs the most important thing for securing the UKโs cyber future.โ
Saj Huq, Director of Innovation at Plexal co-working space on the 2021 Olympics site in east London hailed ‘Strengthening the UKโs cyber ecosystem’ as a key pillar in the new strategy. He said: “Innovation will be at the heart of this, where big and small companies, as well as the public and private sectors, come together. There is a recognition in the strategy that more needs to be done to help early-stage startups to launch, grow and scale their businesses and bring to market products and services that not only meet the needs of industry but of society too.
“Given the impact on early-stage investment during COVID-19, weโre supportive of efforts to further grow and sustain the UKโs innovation pipeline and growing community of cyber security SMEs and startups. The new strategy celebrates the success of the ecosystem and how weโre supporting startups that are using technology to solve big cyber challenges and enable digital innovation. But we canโt afford to be complacent. Thereโs a sense of distrust and scepticism about the potential of startups among industry and investors, and they are finding it increasingly challenging to tell marketing hype from true product innovation. This is a market failure that we need to address as an industry. The strategy recognises this and references the NCSCโs new technology assurance strategy, which will help create a more trusted market place for key cyber technologies.”
The hardest part of the strategy will be getting people to share information, said Anthony Gilbert, Cyber Threat Intelligence Lead, c. “Naturally, many people working within cyber security are wary of divulging information, however, if we can break down these silos within industry and government, great improvements will be made. The strategy focuses very much on the public sector and law enforcement and could be strengthened it was to a bigger emphasis on collaboration with the private cyber security companies too.
“While the strategy includes the establishment of a new National Cyber Advisory Board, itโs vital that this doesnโt just involve large corporations like Google and Microsoft, but also those in industries that are seeing the biggest cyber threats, such as retail, supply chain and finance. Also, the plan focuses heavily on developing the skills of the future through greater awareness and training in young people, however, it has neglected the huge skills gap we have now. More action needs to be taken to up-skill those who may have relevant security backgrounds but not cyber, to help fill the growing skills gap in the industry.”
You can read the strategy at https://www.gov.uk/government/publications/national-cyber-strategy-2022.
