Get in touch

Get in touch

  • This field is for validation purposes and should be left unchanged.

Privacy Notice

X

When you submit an enquiry via our website, we use the personal data you supply to respond to your query, including providing you with any requested information about our products and services. We may also email you several times after your enquiry in order to follow up on your interest and ensure that we have answered your it to your satisfaction. We will do this based on our legitimate interest in providing accurate information prior to a sale. Your enquiry is stored and processed as an email which is hosted by Microsoft within the European Economic Area (EEA). We keep enquiry emails for two years, after which they are securely archived and kept for seven years, when we delete them.

Reveal Menu
Home Blog UK Cyber Security Strategy in a Nutshell – 2016 Update

UK Cyber Security Strategy in a Nutshell - 2016 Update

Yesterday the UK government launched its National Cyber Security Strategy 2016-2021 so we thought we’d give you a quick heads-up on its main points together with the odd comment. This is the UK government’s reaction to the simple fact that the cyber threat is getting worse by the day and something needs to be done about it and quick. It’s also a recognition of the fact that the previous approach of asking UK companies nicely to sort themselves out just hasn’t worked. So there’s an element of “big brother taking over for your own good” in this document.

They’re throwing £1.9 billion at the problem and approaching it from four angles:

  1. DEFEND – try to stop it happening
  2. DETER – hunt down those that do it
  3. DEVELOP – nurture the talent for the future
  4. INTERNATIONAL ACTION – get other countries to help

Here’s what they’re doing in a nutshell:

national-cyber-security-strategy

DEFEND

  • Active Cyber Defence (ACD) involves working with the providers of the infrastructure of the Internet to trap attacks before they get to the end target. It’s not clear from the document exactly how that will be done and there have been some concerns raised previously by privacy campaigners about whether this means a big government firewall that just happens to read everything coming into the UK.
  • Building a more secure Internet – encouraging a “secure by default” approach by suppliers so that security becomes less of a user choice
  • Protecting Government – creation of the National Cyber Security Centre (NCSC) to improve security standards within government systems and a Cyber Security Operations Centre (CSOC) for the Armed Forces
  • Protecting our critical national infrastructure and other priority sectors – working closely with big companies via the NCSC to improve standards and make facilities and knowledge available for testing and education
  • Changing public and business behaviours – starting to play hard ball with companies that don’t get the hint via regulators, insurers, the new EU GDPR and other influencers. Re-emphasis of the existing Cyber Aware and Cyber Essentials schemes
  • Managing incidents and understanding the threat – joined-up approach to incident management via the NCSC and better incident information sharing, working towards the automation of alerts across systems

DETER

  • Cyber’s role in deterrence – the strategy is saying “we’re not going to take this lying down any more so watch out”
  • Reducing cyber crime – emphasis on law enforcement agencies, including the National Cyber Crime Unit (NCCU, part of the National Crime Agency, NCA) hunting down the cyber-bad guys and disrupting their business model so it’s no longer worth their while
  • Countering hostile foreign actors – focus on individual countries’ activities, including naming and shaming where appropriate
  • Preventing terrorism – the technical capability of terrorists is currently felt to be limited but effort needs to be made to keep it so
  • Enhancing sovereign capabilities – offensive cyber – a re-emphasis of the National Offensive Cyber Programme (NOCP), a partnership between GCHQ and the MoD, to further develop capabilities to attack rather than just defend
  • Enhancing sovereign capabilities – Cryptography – an interesting, if short, section that suggests that the UK may be going its own way on encryption, possibly developing methods unique to the UK

DEVELOP

  • Strengthening cyber security skills – addressing the skills gap, including cyber security into curriculums at various levels, achieving Royal Chartered status for the profession by 2020 and a Defence Cyber Academy for the MoD
  • Stimulating growth in the cyber security sector – helping cyber security startups, particularly in academia and setup of two new innovation centres
  • Promoting cyber security science and technology – working more with universities and research establishments to encourage innovation and a Cyber Science and Technology Strategy will be developed soon. Big data analytics, autonomous systems, trustworthy industrial control systems, cyber-physical systems and the Internet of Things, smart cities, automated system verification and the science of cyber security are highlighted as research areas
  • Effective horizon scanning – radar monitoring of what might be coming next, including consideration of cyber security by existing horizon scanning bodies such as the Emerging Technology and Innovation Analysis Cell (ETIAC)

INTERNATIONAL ACTION

The strategy sets out a variety of ways in which the UK will work with other countries to establish responsible behaviour principles, track down and prosecute criminals, help other countries improve their cyber security and equip NATO for cyber warfare.

In Conclusion

Although there are many new initiatives outlined in this strategy, the overwhelming tone is that of doing a lot of the same things as before, but with a greatly renewed sense of urgency. There is a general implication that the stakes have been raised since the last UK government cyber strategy came out in 2011 and that a lot of the advice is still being ignored with disastrous consequences. Whether or not you agree with everything that’s in there, there’s little doubt that it’s sorely needed.

More Cyber Essentials Resources

CertiKit is a provider of document toolkits and has helped more than 4000 organizations worldwide with their compliance.

For more guidance on implementing the Cyber Essentials scheme, we’ve put together a list of our best free resources including sample documents, blogs and downloadable documents.

Free Cyber Essentials Resources

We’ve helped more than 7000 businesses with their compliance

Testimonials

The content is exactly what we needed to get started. We lean heavily on the templates to get most of the key points for each section in place and can focus on those points that are most important to us.

Traxo
USA

View all Testimonials

Cookie Control

CertiKit uses cookies to improve your user experience. Some are essential for our website to work, but for others you have a choice over which ones you’re happy for us to use.

Please set the controls below to enable or disable the types of cookies shown.

Nice to have cookies
What are these?

Advertising Cookies
What are these?

Cookie Policy