The British government has launched a new National Cyber Security, which is being hailed as a ‘blueprint' to protect the UK from cyber threats and ‘solidify its position as a global cyber power'. The document also signals further moves to reduce the UK's reliance on international suppliers or technologies that do not share ‘the UK's values'.
Whilst not saying so explicitly in the document, the promise to pursue sovereign capability where necessary can be seen as a threat to place further limitations on suppliers from nation's such as China and Russia. The latest strategy follows the government's ban of Chinese electronics and communications giant Huawei from Britain's rollout of 5G networks.
The strategy does however point to specific nations that pose an international cyber threat more generally, and says:
During 2021, the UK continued its work with global partners to detect and disrupt shared threats, the most consistent of these emanating from Russia and China. In addition to the direct cyber security threats posed by the Russian state, it became clear that many of the organized crime gangs launching ransomware attacks against Western targets were based in Russia.
China remained a highly sophisticated actor in cyberspace with increasing ambition to project its influence beyond its borders and a proven interest in the UK's commercial secrets. How China evolves in the next decade will probably be the single biggest driver of the UK's future cyber security.
While less sophisticated than Russia and China, Iran and North Korea continued to use digital intrusions to achieve their objectives, including through theft and sabotage.
The previous National Cyber Security Strategy was launched in 2016, but has since been lambasted by the influential Public Accounts Committee, which argued that it contained a lack of evidence and no business case for the £1.9 billion funding it received - making it hard to measure success.
The new strategy and its plans are supported by a £2.6 billion investment in cyber that was announced in this year's Spending Review.
In its opening foreword, the Rt Hon Steve Barclay MP Chancellor of the Duchy of Lancaster and Minister for the Cabinet Office, said:
The United Kingdom is an open and democratic society, whose record in collaboration and innovation underpins our success as an outward-looking global nation. We see this in our response to international health emergencies and in our promotion of Net Zero targets. But nowhere are the advantages of this approach more evident than in cyber.
Whether it's realizing the wide-ranging benefits that cyber offers our citizens and our economy as we level up and unite the entire country; working with partners towards a cyberspace that reflects our national values or using the full extent of our cyber capability to influence global events, the UK sees cyber as a way to protect and promote our interests in a landscape being reshaped by technology.
Taking over where the pioneering National Cyber Security Strategy of 2016 leaves off, this next chapter leads us into a future where the UK is even more resilient to cyber attack. As lead minister, I am clear about two of its core aims: first that we should strengthen our hand in technologies that are critical to cyber; second, that we should limit our reliance on individual suppliers or technologies which are developed under regimes that do not share our values.
A five pillar approach
The new strategy aims to build on the National Cyber Security Strategy 2016-2021 and the conclusions set out in the government's Integrated Review of Security, Defence, Development and Foreign Policy.
The Integrated Review set out five ‘priority actions' for this strategy and the document released today uses these as the pillars of its strategic framework. These pillars will guide and organize the specific actions the government will take and the outcomes it hopes to achieve by 2025. The pillars are:
Pillar 1 - strengthening the UK cyber ecosystem, investing in people and skills and deepening the partnership between government, academia and industry
Pillar 2 - building a resilient and prosperous digital UK, reducing cyber risks so businesses can maximize the economic benefits of digital technology and citizens are more secure online and confident that their data is protected
Pillar 3 - taking the lead in the technologies vital to cyber power, building the UK's industrial capability and developing frameworks to secure future technologies
Pillar 4 - advancing UK global leadership and influence for a more secure, prosperous and open international order, working with government and industry partners and sharing the expertise that underpins UK cyber power
Pillar 5 - detecting, disrupting and deterring adversaries to enhance UK security in and through cyberspace, making more integrated, creative and routine use of the UK's full spectrum of levers
Commenting on the strategy, Priti Patel, the Home Secretary, said:
Cybercrime ruins lives and facilitates further crimes such as fraud, stalking, and domestic abuse. Billions of pounds are lost each year to cybercriminals who steal or hold personal data to ransom and who disrupt key public services or vital sectors of the national economy.
This strategy will significantly improve the Government's response to the ever-changing threat from cybercrime and strengthen law enforcement's response in partnership with NCSC and the National Cyber Force. We all have a part to play in protecting ourselves from cybercrime. It is important that as a society, we take this threat seriously.
Some specific actions the government has said that it intends to take include:
Bolstering law enforcement with "significant funding" so that they can ramp up their targeting of criminals;
Increasing investment in the National Cyber Force which represents the UK's offensive capability to counter, disrupt, degrade and contest those who would do harm to the UK and its allies;
Expanding GCHQ's National Cyber Security Center's research capabilities, including the new applied research hub in Manchester;
Implementing the Product Security and Telecommunications Infrastructure Bill to enforce minimum security standards in all new consumer smart products; and
Investing in public sector cyber security to ensure that key public services remain resilient to evolving threats and can continue to deliver for citizens who need them.
An online training platform - dubbed ‘Cyber Explorers' - has also been launched to teach young people cyber skills in classrooms. And a new adult scheme is being launched in an attempt to improve diversity in the cyber workforce, so that "people from all backgrounds have access to these high skill, high priority jobs".
In addition, a new "Royal Charter" for the UK Cyber Security Council has been approved by the Queen, which aims to help improve cyber careers and bring the cyber workforce into line with other professional occupations like engineering.
Sir Jeremy Fleming, Director GCHQ, said:
The National Cyber Strategy builds on the country's strong foundations in cyber security that GCHQ's work has been part of, particularly through the NCSC. But it goes beyond that. It brings together the full range of cyber activities, from skills to communities, and to the use of offensive cyber capabilities through the newly established National Cyber Force.
It shows how the UK can build capacity across the country to continue to prosper from the opportunities of cyberspace. And, as a leading responsible cyber power, can build alliances with democratic partners around the world to protect a free, open and peaceful cyberspace.