To mark the release of the UK’s new National Cyber Strategy, Miriam Howe examines what needs to be done to ensure the security of cyberspace – now and into the future
The UK’s new National Cyber Strategy arrives on the heels of the Integrated Review and at the conclusion of the five year 2016 National Cybersecurity Strategy and associated programme. The new strategy builds on experience and reflects on current context, charting a new course for UK national cyber defence.
Delivering a safe and prosperous digital world – an objective which combines both security and prosperity – requires effective joined-up policymaking. It is a significant step forward, then, to have a stand-alone international pillar. The Foreign Office is now taking a vital leadership role to encourage greater international collaboration with friendly nations reflects the increased prominence in today’s foreign policy agenda.
Other departments, including the Department for International Trade, the Home Office and Department for Culture, Media and Sport, will each own international cyber objectives to support their respective mandates, whether that be prosperity, homeland security or the digital economy. There needs to be a complementary approach to delivering both security and prosperity; these days there is a greater understanding about the value of a successful digital society which combines both.
Ensuring that all these departments work well collectively, while preserving the work of the National Cyber Security Centre (NCSC) and its reputation at the centre, is therefore crucial. And they will need to recognise the role of industry in innovating and influencing technology, and in exports as contributing to more than the national balance of payments, but as a strategic asset for international influence.
Whole of society
There is a strong emphasis on the “whole of society” approach to cyber. This emphasis on cyber as a team sport, depending not just on government but society as a whole, signals a welcome shift in approach.
The creation of the NCSC was a cornerstone of the 2016 strategy. In just five years the NCSC has achieved a strong reputation for cybersecurity leadership. While the NCSC clearly remains at the centre of our national effort, the strategy also acknowledges the need for all parts of government, and the wider public sector, to step up to the plate when it comes to working to address the cyber challenges to the nation.
The strategy sets out clear expectations around the responsibilities of both the citizen and the private sector to invest the necessary effort in protecting themselves against cyber attack, including through the new National Cyber Advisory Board, made up of senior leaders from the private and third sectors to challenge, support and influence the implementation of the new strategy. This is a welcome development as a means of engaging wider society in a collaborative way with government to help address our biggest cyber challenges.
However, it must recognise the complex stakeholder landscape relevant to the national cyber ecosystem. Industry is not one single type of entity. Different sectors have different structures, priorities and cybersecurity challenges.
To address industry engagement, there needs to be a shift towards jointly identifying challenges which impact both enterprise and national priorities, and therefore ensuring the incentive of industry. There also needs to be an extensive ramp up of formalised engagement with different industry stakeholders, appropriate to the cybersecurity challenges which are pertinent to them.
The UK’s digital destiny
The National Cyber Strategy sets out clear intents in two areas in particular: investment in the right R&D and having an influential and productive presence on international standards development organisations.
The strategy acknowledges a need to take more leadership in international standards development. The risk is that countries with a different view of how technology and the internet should be developed and secured prove more effective at influencing such bodies and the technology standards that emerge. Putting this into practice will depend on sensible prioritisation of standards and technologies on which to focus, and close engagement with industry and academic champions with mutual interests.
The strategy also elaborates ambitions around science and technology. Government has a critical role to play in enabling the growth of industries which are fundamental to the nature of the UK economy and private sector.
Funding investment is one aspect of this enablement, but it is much more about understanding the UK economy, its size and its reach, and the tech sector which is needed to deliver it and enable it to prosper. This may be a combination of technologies that need to remain sovereign, and technologies where the UK has a comparative advantage to offer the global market.
Looking ahead, it’s safe to say that this National Cyber Strategy reflects a context of systemic competition. Given the lessons and evolved threat there is a transition to the idea of ‘staying ahead’. It underlines that cyber objectives are broader than the goal of securing the homeland and its digital economy, but are the foundation of prosperity and influence.
While we will wait to see how aspects of these objectives will be operationalised, a National Cyber Strategy that links all these broad strands together sets a strong direction for evolutions in cyberspace over the next few years.
Learn more in our new publication
UK National Cyber Strategy: BAE Systems Response
In this paper we reflect on what has changed over the last five years, what we have learnt in that time about the challenges of cybersecurity and the UK’s response.
We explore how the new strategy aims to implement the UK’s aspirations to be a global cyber power, and be a safer place to live and work online.
About the author
Miriam Howe is a Cyber Security SME at BAE Systems Applied Intelligence
- Responsible cyber power: Examining the implications for government, industry and society.
- Conflict in the grey zone: Preparing ourselves against cyber opponents. When it comes to the cyber arms race, Miriam Howe says that preparation, collaboration and adaptability are critical
- Moving cyber into the diplomatic mainstream. What’s cyber got to do with diplomacy and development? Actually, a huge amount. Miriam Howe sits down with Will Middleton to hear about life as Cyber Director of the UK’s Foreign Office, and why cyber is now firmly entrenched on the frontline of national security
- Exploring a new role for cyber security in UK government transformation. A new study commissioned by BAE Systems Applied Intelligence has revealed that cybersecurity is both a major driver of IT modernisation and a significant barrier to adoption. Lorna Rea explains how the way forward will require a delicate balancing act - to manage cyber risk effectively, without hindering innovation and collaboration
- How the UK can be a responsible cyber power. The concept of a ‘responsible cyber power’ requires clearer definition and a broader, collective effort, says Mary Haigh
- Enabling smarter cyber security at home. The pandemic has revolutionised our working practices but in doing so it’s also opened the door to increased cyber attacks. Sugee Bhanoo examines what can be done
- Why cybersecurity is a team sport. Doug Brown explains why collaboration is the essential ingredient in ensuring resilience is embedded within an organisation