Britain's Cyber Security Strategy Focuses On Resilience

Uploaded on 2022-02-01 in TECHNOLOGY--Resilience, GOVERNMENT-National, GOVERNMENT-Defence, FREE TO VIEW

The British government has launched its first Government Cyber Security Strategy, a multi-million pound plan to help better protect vital public services from the growing risk of disruptive and destructive cyber attacks. 

According to the Government statement, Britain’s public services will be strengthened to further protect them from the risk of being shut down by hostile cyber threats. Members of the public will also be able to contribute to the effort, with a new vulnerability reporting service allowing individuals to report weaknesses in digital services.

“Our public services are precious and without them individuals can’t access the support that they rely on... If we want people to continue to access their pensions online, social care support from local government or health services, we need to step up our cyber defences. The cyber threat is clear and growing. But government is acting, investing over £2bn in cyber, retiring legacy IT systems and stepping up our skills and coordination.”said, said Minister Steve Barclay. Minister Barclay also said that Britain is now the third most targeted country in the world in cyberspace from hostile states.

The new strategy will be funded by £37.8 million invested to help local authorities boost their cyber resilience, protecting the essential services and data on which citizens rely on.  “The cyber threat is clear and growing. But government is acting - investing over £2billion in cyber, retiring legacy IT systems and stepping up our skills and coordination.” Barclay added.

The new strategy outlines how central government and the public sector will step up national cyber resilience by better sharing data, expertise and capabilities to allow government to ‘Defend As One’, meaning that government cyber defence is far greater than the sum of its parts.

Of the 777 incidents managed by the National Cyber Security Centre between September 2020 and August 2021, around 40% were aimed at the public sector. 

In 2020, both Redcar & Cleveland and Hackney Councils were hit by ransomware attacks impacting council tax, benefits and housing waiting lists. Gloucester City Council was subjected to damaging cyber attack in 2021. It follows the recent publication of the National Cyber Security Strategy, which called on all parts of society to play their part in reinforcing the UK’s economic strengths in cyberspace, through more diversity in the workforce, levelling up the cyber sector across all UK regions, expanding offensive and defensive cyber capabilities and prioritising cyber security in the workplace, boardrooms and digital supply chains.

Key announcements in the strategy include:

  • Establishing a new Government Cyber Coordination Centre (GCCC), to better coordinate cyber security efforts across the public sector. Building on successful private sector models, such as the Financial Sector Cyber Collaboration Centre, the GCCC will rapidly identify, investigate and coordinate the government’s response to attacks on public sector systems. The centre will be based in the Cabinet Office and will ensure that data is rapidly shared, allowing us to ‘Defend As One’.
  • A new cross-government vulnerability reporting service, which will allow security researchers and members of the public to easily report issues they identify with public sector digital services. This will enable organisations to more quickly fix any issues identified.
  • A new, more detailed assurance regime for the whole of government, which will include robust assessment of departmental plans and vulnerabilities. This will give central government a more detailed picture of government’s cyber health for the first time.
  • £37.8 million invested into local authorities for cyber resilience - protecting the essential services and data on which citizens rely on including housing benefit, voter registration, electoral management, school grants and the provision of social care.
  • An innovative project to reduce government risk through culture change, in partnership with small businesses and academia
  • Stepped up work to understand the growing risk from the supply chains of commercially provided products in government systems, ensuring security is a key part of procurement and working with industry on cyber vulnerabilities.

According to the British Government Chief Security Officer, Vincent Devine,  the new strategy is designed to  ensure that government’s critical functions are significantly hardened to cyber attacks. The strategy is centred around two core pillars:

  • First focussing on building a strong foundation of organisational cyber security resilience.
  • Second aimed at allowing government to ‘defend as one’, harnessing the value of sharing data, expertise and capabilities.

Cyber security expert Dr Süleyman Özarslan, founder of Picus Security commented that we've "seen similar Government announcements before" and that it clearly finds public sector security a challenge. “It’s a positive step good that the UK government recognises the importance of improving the state of cyber security in the public sector... Local authorities are increasingly targeted by cyber criminals and when they are, the impact can be significant for citizens." 

“Defend as One” is a noble aim, but it’s no good improving knowledge sharing if councils aren’t also in a position to apply intelligence and take swift, defensive actions. The public sector increasingly needs to shift its approach from being reactive to proactive... The UK is highly targeted, and it is important that, as a nation, we defend our ability to support our citizens and the services they rely on. I would question whether £37.8m is enough to help local authorities improve cyber reliance, given their current level of resources and the threats they face. It may prove to be a drop in the ocean, but at the £2B investment overall is a significant sum." according to Dr. Özarslan

Gov.UK:      Navy-Net:      Industrial Cyber:      ITPro:      Picus Security:      Computer Weekly:   

You Might Also Read: 

Britain's New Deals On Digital Trade & Cyber Security:

 

« ‘Honey Trap’ Sites Recruiting Israeli Spies
North Korea's Internet Is Faltering »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Bob's Business

Bob's Business

Bob's Business adopts a fresh approach to information security awareness and compliance training, delivering key information through the use of short animated movies.

CYBERPOL

CYBERPOL

CYBERPOL's mission is to facilitate the widest possible mutual assistance between all cyber crime law enforcement authorities to help mitigate global cyber threats.

National Cyber Security Centre (NCSC) - Netherlands

National Cyber Security Centre (NCSC) - Netherlands

NCSC Netherlands coordinates enhancing the cyber resilience of the Netherlands in the digital domain.

Hitachi Systems Security

Hitachi Systems Security

Hitachi Systems Security provides customized services for monitoring and protecting the most critical and sensitive IT assets in our clients’ infrastructures 24/7.

OneVisage

OneVisage

Our award-winning 3DAuth digital identity platform turns any consumer mobile device into a real-time 3D facial scanner that securely authenticates the user in seconds.

HYPR

HYPR

HYPR Decentralized Authentication minimizes the risk of enterprise data breaches while providing an enhanced user experience for your customers and employees.

mPrest

mPrest

mPrest is a global provider of mission-critical monitoring and control solutions for the defense, security, utility and Industrial Internet of Things (IoT) sectors.

Dualog

Dualog

Dualog provides a maritime digital platform which ensures that services work reliably and securely onboard.

Perimeter 81

Perimeter 81

Perimeter 81 is a Zero Trust Network as a Service designed to simplify secure network, cloud and application access for the modern and distributed workforce.

Police Digital Security Centre (PDSC)

Police Digital Security Centre (PDSC)

PDSC is a not-for-profit organisation, owned by the police, that works across the UK in partnership with industry, government, academia and law enforcement.

State Service of Special Communications & Information Protection of Ukraine (SSSCIP)

State Service of Special Communications & Information Protection of Ukraine (SSSCIP)

State Service of Special Communications and Information Protection is the technical security and intelligence service of Ukraine, under the control of the President of Ukraine.

MazeBolt Technologies

MazeBolt Technologies

Israel-based MazeBolt is an innovation leader in cybersecurity, with over two decades of experience in pioneering DDoS protection solutions.

NASK SA

NASK SA

NASK SA is an integrator of telecommunications services. We provide advanced ICT security services, collocation and hosting, data centre services, and build corporate networks.

International Association of Financial Crimes Investigators (IAFCI)

International Association of Financial Crimes Investigators (IAFCI)

International Association of Financial Crimes Investigators provides services and information about financial fraud, fraud investigation and fraud prevention.

Eviden

Eviden

Eviden is an Atos business that brings together its digital, big data and security business lines. It will be a global leader in data-driven, trusted and sustainable digital transformation.

Increase Your Skills (IYS)

Increase Your Skills (IYS)

Armed and ready: raise awareness of cyberattacks in your company with the Full-Service Awareness Platform from IYS – fast and effective. We help you develop a robust, sustainable security strategy.