Britain’s National Cyber Security Strategy

The British government’s has publishes it annual progress report on the National Cyber Security Strategy 2016-2021 (NCSS) and reflects on progress already made against the NCSS goals and outlines future priorities as the strategy enters its final year. 

The Covid-19 pandemic has highlighted the vulnerability of the UK’s Critical National Infrastructure (CNI) to disruption by malicious actors,and ensuring the resilience of such essential services will be a clear priority throughout 2021. 

The tumultuous events of the Coronavirus pandemic has done much to reinforce the importance of cyber security to the UK’s national wellbeing.  “Millions of us have been relying more heavily on digital technology to work, shop and socialise,” it says in the introduction. “It has been an empowering and liberating force for good at a time when people have felt confined. It has been a lifeline keeping people connected with family and friends, ensuring the most vulnerable receive medicines and food deliveries, and is underpinning the operational delivery of our ongoing response to the pandemic... alongside the clear benefits technology brings come growing opportunities for criminals and other malicious actors, here and abroad, to exploit cyber as a means to cause us harm."

In particular, the UK’s departure from the European Union presents over the life of the current 5 year strategy offers  new opportunities to define and strengthen Britain's position as independent country, including how the nation tackles existing and emerging cyber security threats at a time when the global landscape is rapidly changing.

In the past year, the government has run several initiatives to evolve and strengthen the approaches that CNI organisations take to cyber security, working across government, with various regulators and public and private sector organisations to build a collective understanding of the challenges faced by CNI owners, and develop new strategies to address them. This work has included improvements to cyber security regulatory frameworks and the establishment of a Cyber Security Regulators Forum, and the ongoing implementation of the Network and Information Systems (NIS) regulations, which a post-implementation review seems to suggest are proving quite effective at strengthening security approaches among operators of essential services. 

Throughout this year, the government will continue to work across CNI sectors to improve assessment and reporting processes, and plans to develop bespoke penetration testing frameworks to help telecom operators in particular defend against, manage and recover from cyber attacks. It will also put more energy into improving understanding of the UK’s supply chains and dependencies – which is especially vulnerable to disruption thanks to the government’s approach to Brexit. 

The report outlined plans to extend the deployment of the National Cyber Security Centre’s (NCSC’s) Active Cyber Defence (ACD) programme beyond traditional government sectors in support of private sector CNI. 

An ACD Broadening project will aim to build on the success of the programme and expand it out to a broader range of sectors to allow them to benefit from automated protection from commodity cyber threats. Currently, the service includes protective domain name services, web and mail checks, host-based capability, logging, vulnerability disclosure, the Exercise in a Box programme and the Suspicious Email Reporting Service (SERS). 

The NCSS progress report also outlined other key priorities for 2021, which include: enhancements to the UK’s threat intelligence capabilities; the expansion of cyber crime deterrence programmes such as the National Crime Agency’s (NCA’s) CyberChoices scheme. However, 2021 also marks the end of the NCSS in its current form, and there is still no clear idea as to what comes next. The NCSS has been heavily criticised, including by the National Audit Office, for missing targets and goals, and although the report made no mention of its misfires, it did highlight the need to plan for the future. 

The report highlighted several developing trends that will inform government strategy after 2021, notably: the increasing reliance on digital networks and systems as surfaced by the pandemic. 

The increasing pace of technological change and greater global competition; a wider range of cyber adversaries as more criminal groups gain access to commoditised attacks. State-backed actors enhance their capabilities; and competing visions for the future of the open Internet and the possible risk of its fragmentation, which the government said will make consensus on norms and ethics in cyber space harder to reach. 

The UK’s approach to these challenges are largely defined by the outcomes of the Integrated Review of Security, Defence, Development and Foreign Policy. “The achievements of the last four years mean we start from a position of strength,” wrote the report’s authors. “Cyber security is an area where the UK can genuinely claim to be world-leading. But a changing global context will require a renewed response.... The UK will need to strengthen our cyber resilience to drive economic recovery, get ahead of changing technologies, and enhance our international cooperation and engagement to work towards a more stable cyber space...  We will not achieve this unless we continue to work ever more effectively with partners in the UK and abroad, the devolved administrations, businesses, universities, local authorities, civil society, international allies and individual citizens, wherever they share our vision of the benefits that cyber space can bring."

The rapid evolution of the cyber landscape will constantly throw up new challenges as technology evolves which  Britain adversaries will act to exploit and the the strategy objective is to provide a range of policies, tools and capabilities that will ensure Britain can respond quickly and flexibly to each new challenge.

Gov.UK:     Gov.UK:     Security Newsdesk:      Computer Weekly:       Six Degrees:      Image: Unspalsh

You Might Also Read:

Britain's Cyber Force Toughens Up:

 

« Minimising The Impact Of Ransomware
The Qualities That Make A Successful Cyber Team »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Wall Street Technology Association (WSTA)

Wall Street Technology Association (WSTA)

The Wall Street Technology Association (WSTA) provides financial industry technology professionals with forums to learn from and connect with each other.

Splunk

Splunk

Splunk provide real-time Security Information & Event Management solutions for Enterprise Networks, Cloud and small-scale IT environments

GTB Technologies

GTB Technologies

GTB Technologies is a cyber security company that focuses on providing enterprise class data protection and data loss prevention solutions.

Avatier

Avatier

Avatier identity management software products automate identity access management, user provisioning and IT governance to ensure information security and compliance.

Nakivo

Nakivo

NAKIVO is dedicated to delivering the ultimate backup, ransomware protection and disaster recovery solution for virtual, physical, cloud and SaaS environments.

GlobalPass

GlobalPass

Covering 200+ countries with 78 000 databases, GlobalPass provides sophisticated facial biometrics verification and deep screening, delivering peace of mind to every client.

Plexal

Plexal

Plexal is East London's innovation centre and co-working space. We offer startups flexible memberships, giving them access to office space plus all the benefits and support they need to scale.

InterGuard

InterGuard

As the pioneer for Unified Insider Threat Prevention and productivity monitoring tools, InterGuard offers on premise and SaaS-based services that are easily available and affordable.

Industrial Defender

Industrial Defender

Committed to ICS Cybersecurity. Industrial Defender provides a fully automated solution to discover, track and report on assets across your ICS footprint.

Viakoo

Viakoo

Viakoo is an Enterprise IoT Applications Management company providing performance, security, and compliance. Viakoo enables you to be proactive in maintaining cyber hygiene and protecting your network

Cyber Security for Europe (CyberSec4Europe)

Cyber Security for Europe (CyberSec4Europe)

CyberSec4Europe is designing, testing and demonstrating potential governance structures for a European Cybersecurity Competence Network.

nsKnox

nsKnox

nsKnox is a fintech-security company, enabling corporations and banks to prevent fraud and ensure compliance in B2B Payments.

blueAllianceIT

blueAllianceIT

blueAlliance IT is an investment and growth platform that unites local MSP and IT companies around the nation, helping them to grow and operate competitively.

Aegis Security

Aegis Security

Aegis Security helps clients to secure their systems against potential threats through pre-emptive measures, such as security assessments, and cutting-edge solutions to security challenges.

NetTech

NetTech

NetTech’s Managed CyberSecurity and Compliance/HIPAA services are designed to help your company prevent security breaches and quickly remediate events if they do happen to occur.

Profian

Profian

Profian’s hardware-based solutions maintain your data's confidentiality and integrity in use, providing true confidential computing to meet regulatory and audit requirements.