Rising to the cyber challenge

Dr Henry Pearson the UK’s Cyber Security Ambassador 9 December 2020 Read time: 4 mins

How is the UK responding to the cyber challenges in today’s global landscape? In this guest blog, Dr Henry Pearson, the UK’s Cyber Security Ambassador, talks priorities, plans and progress

The UK is considered one of the world’s leading digital economies and a global leader in cyber security. In particular, our digital economy contributes a higher percentage to the UK’s GDP than in any other G20 country and this is reflected in growing digital connectivity across our society.

There are many benefits of being so digitally connected but these must be balanced by increased risks from cyber threats. In the UK, latest data shows that 46% of businesses, large or small, experienced a cyber-attack or breach in the last year. Of course this isn’t unique to the UK alone but we’re also only counting companies which managed to detect a breach.

Challenges

The cyber threat is evolving fast and becoming technically more complex – the boundaries between state organised attacks and cyber criminals are becoming increasingly blurred. To counter this threat we must be increasingly adaptable. More importantly, international collaboration is ever more crucial in helping us overcome these evolving challenges.

The pandemic has exacerbated cyber security issues, both because of the wider adoption of the technology needed to work from home, as well as a rise in opportunistic cyber criminality and state actors targeting organisations involved in coronavirus vaccine development.

We also expect that in a post-lockdown world there will be ever greater reliance on cyberspace. The level and size of this shift to an online world is still to be assessed. But there are already trends emerging from sectors such as healthcare, which are reporting digital transformations taking just two months to complete, when they had previously been planned to take place over the next 10 years.

The UK way

At the national level we have had the benefit of successive governments that have recognised the critical importance of cyber security, and this has been consistently highlighted in policy statements.

This has allowed us to take a top-down strategic approach, by which I mean that we don’t just have a series of paper strategies but back them up with properly funded five year strategic plans. For example, over the past 10 years we have invested more than £2 billion in transformational cyber security projects.

We’ve also taken a whole of government approach – many departments have had a part to play in delivering aspects of the overall strategy. But within that we needed to have a clear operational and technical lead – a single central body for cyber security at the national level and that came with the establishment of the UK’s National Cyber Security Centre (NCSC).

Its responsibilities have been carefully honed to the UK environment and the reasons for its position within government is now a relatively well understood story. But it’s not a case that one size fits all – the most effective structure depends on how each country is run and to some extent their culture.

At the same time, partnership is needed between government and industry. Government certainly cannot do everything but over the years we have learnt where it must take a lead – such as in our Active Cyber Defence programme. The benefits of the UK’s strategic approach can be seen in how the NCSC has been able to respond to the new threats posed by the pandemic. Over the past eight or nine months much of the activity has been focused around defending the UK from coronavirus threats – including elements such as building NHS resilience, protecting vaccine and medicine research, supporting remote working and tackling cyber-crime, securing the NHS Covid-19 App and supporting essential service providers.

Going global

We all know that cyber threats don’t respect national boundaries. As such, the UK relies on close collaboration with international partners. But not all countries have the same view as us and our allies on how the internet should be governed and this is an ongoing debate which will continue over the next few years.

Another key ask for our international partners is to share knowledge about threats, vulnerabilities and technology development – the depth of sharing depends on the depth of the relationship but we want to share information with as broad a range of countries as possible.

We’ve also worked on a government-to-government basis with our allies, using mechanisms such as Memorandums of Understanding to increase collaboration on cyber security. We also see exporting our cyber security services, systems and products as a key way we can support our friends and allies – recent data on defence and security exports shows that the UK’s cyber security exports jumped to nearly £4 billion in 2019.

We cannot underestimate the global scale of the cyber threats we face. Collaboration then, both here in the UK and with our friends and allies abroad, offers the best and perhaps only way to face down these challenges.

About the author

Dr Henry Pearson is the UK’s Cyber Security Ambassador