In common with many countries around the world, the UK Government has recently focused on updating its national cybersecurity objectives and strategies. In particular, there have been two new and significant policy announcements; one focused on the use of cyber power in support of national goals, and another setting out plans to more effectively protect public sector organisations from the impact of cyber attack
The UK National Cyber Strategy for 2022, outlined government plans to “. . . ensure that the UK continues to be a leading responsible and democratic cyber power.” This is a wide-ranging assessment focusing on the need to improve cyber resilience, embrace technology advantages and advance UK global leadership to – among other priorities – disrupt and deter adversaries.
Technology is at the heart of this strategy, and the report highlights a range of key innovations that will be prioritised as part of the government’s efforts – it includes but isn’t limited to: 5G and 6G, Artificial Intelligence (AI), and blockchain.
Meanwhile, the government has also published its ‘Cyber Security Strategy: 2022 to 2030’, which aims to ensure all public sector organisations are “resilient to known vulnerabilities and attack methods no later than 2030.”
This is an ambitious and important aim, and the document acknowledges that “ . . . there remains a significant gap between where government cyber resilience is now and where it needs to be. This gap is brought into sharp focus by the sheer volume of cyber attacks that the government sector experiences, and the evolving capabilities and techniques of the broad range of malicious actors conducting them.”
These policy announcements are the latest in what is becoming a series of public statements setting out the UK government position on these key issues. Back in December, for example, intelligence and cybersecurity representatives from the UK and US reaffirmed a joint commitment to disrupt and deter new and emerging cyber threats.
This followed annual bi-lateral discussions between representatives from Government Communications Headquarters (GCHQ), the National Security Agency (NSA), and the US Cyber Command.
A joint statement issued at the time said that the “ . . . strategic engagement in cyberspace is crucial to defending our way of life, by addressing these evolving threats with a full range of capabilities. To carry this out, we will continue to adapt, innovate, partner, and succeed against evolving threats in cyberspace.”
As seen in other countries – particularly the US – high profile criminal and nation-state attacks on government networks, private companies and critical infrastructure have prompted authorities to act. The acid test will be whether these plans can ensure those targeted are in a better position to proactively protect their systems and data in the years ahead.