UK Gov Launches First Ever Government Cyber Security Strategy
As the growing global dependence on digital services and connectivity increases, a reliance accelerated by Covid-19, the volume of cyber-attacks has exploded. Between September 2020 and August 2021, of the 777 incidents managed by the National Cyber Security Centre, around 40% were aimed at the public sector. With this upward trend unlikely to abate, the UK government is pushing forward plans to address the threat, while also establishing the country as a legitimate and responsible cyber power.
In support of this ambition, the UK government has launched its first ever Government Cyber Security Strategy, which Adarma are delighted to have helped create and design with several other cyber industry partners. The Strategy, which builds on the National Cyber Security Strategy launched last year, outlines the government’s plan to make its core functions, such as the delivery of essential public services to the protection of critical national infrastructure, more resilient to cyber-attack by 2025.
The Strategy aims to have all government organisations across the whole public sector resilient to known vulnerabilities and attack methods no later than 2030.
The government’s approach is built on around two key pillars:
1 – To build a strong foundation of organisational cybersecurity resilience
2 – To ‘defend as one’
To support these pillars, the government has set five objectives that outline the dimensions of cyber resilience, providing a consistent framework and common language that can be applied across the whole government.
These 5 objectives include:
1- Manage cyber security – increase visibility and understanding of threats and assets, while embedding clear accountability and strong assurance to ensure risk owners understand their responsibilities and manage them appropriately.
2- Protect against cyber-attack – adopt a ‘secure by design’ framework to ensure all technology and digital services are planned, procured, designed, built, operated, modified, and decommissioned securely, enabling them to be consistently and continuously assured against best practice and robust standards.
3- Detect cyber security events – implement mechanisms to ensure incident information can be easily and securely shared in an automated way to escalate alerts swiftly with clear and defined paths for doing so.
4- Develop the right cybersecurity skills, knowledge, and culture – invest in developing cybersecurity skills, a cybersecurity culture that promotes sustainable change, and improves attraction and retention rates.
5- Minimise the impact of cybersecurity incidents – put in place structures and capabilities to triage cybersecurity incidents and rapidly assess their impact, with clear escalation pathways to ensure that the right people have the expertise and resources needed to respond effectively.
As part of the Strategy, the government also plans to establish a new Government Cyber Coordination Centre, which it says will transform how data and cyber threat intelligence is shared, analysed, and acted on.
The Strategy outlines further plans for establishing:
– A new, more detailed assurance regime for the whole government, which will include a robust assessment of departmental plans and vulnerability, providing central government with a more detailed picture of its cyber health.
– A new vulnerability reporting service that allows individuals to report weaknesses in digital service.
– An accelerated work programme to manage the growing risk from the supply chains of commercially provided products in government systems.
– A learning academy aimed at up-skilling government security professionals and the wider civil service, which will develop both technical and non-technical skills, providing masterclasses and access to qualifications.
Due to a growing skills gap and dearth in talented cybersecurity professionals, the Strategy highlights a strong need for the government to continuously develop its cybersecurity workforce, in both capability and diversity. The government says it will continue to develop comprehensive career pathways that will provide diverse and fulfilling cybersecurity careers.
John Maynard, CEO of Adarma said: “We are delighted to have helped design, create and shape the UK’s first ever Government Cyber Security Strategy. From the UK Government’s Integrated Review through to the National Cyber Strategy and now the UK Government Cyber Security Strategy, we welcome the focus on improving cyber security and resilience in the UK.
“We have seen a marked increase through 2021 in cyber-attacks in the UK such as ransomware and remain concerned over the level of organisational preparedness. The 5 objectives contained within the UK Government’s Cyber Security Strategy will raise awareness, skills and standards, accountability and coordination and will improve cyber security resilience when implemented across all UK public sector organisations.”
Commenting on the government’s resolve to achieve its cyber objectives, Steve Barclay, Chancellor of the Duchy of Lancaster and Minister for the Cabinet Office, said “This is an ambitious strategy that demands action across all of government. We must meet our responsibility to ensure that government’s functions and services are resilient to the cyber threats they face – creating a stronger, better-defended government that is the foundation of our status as a cyber power.”