Britain's National Cyber Security Strategy Beyond 2021

Uploaded on 2019-04-09 in GOVERNMENT-National, FREE TO VIEW

With the UK midway through its second National Cyber Security Programme, focus now needs to consider future strategy beyond the conclusion of the current cycle in 2021. 

Clearly much has been achieved in the UK this decade, from the ever-widening network of GCHQ-accredited Academic Centres of Excellence (ACE) across the country, a gradual re-addressment of STEM  (science, technology, engineering and mathematics) subjects in schools, through to the organisational innovation in setting up the National Cyber Security Centre (NCSC). 

The UK has certainly not rested on its laurels in addressing cyber security at the national level. Despite these strides, however, this overwhelmingly domestic focus has left a critical gap that now needs to be addressed: the international arena. 

The global WannaCry attack of 2017 should serve to reveal a reality not to be ignored; that UK resilience, no matter how well constructed, can only offer a reactive ‘band aid’ in a global environment where cybercrime remains rampant and international law is not respected. That environment cannot be allowed to develop without the influence of leading democracies.

To that end, a series of questions should help shape the agenda for an international approach to the next cyber security strategy, chief among them being ‘in what ways can the UK better influence norms and rules in cyberspace?’ While it is excellent to have a developing pipeline of STEM talent to plug the skills gap across cyber security, the professionals of tomorrow will be overrun if the international environment is either lawless or shaped by fundamentally authoritarian norms. 
Serious and concerted political support to efforts like the UN Groups of Government Experts (GGE) is essential to begin rebuilding momentum on dialogue such as the ‘finding the rules of the road’ initiative championed by then Foreign Secretary William Hague at the 2011 Munich Security Conference. 

Alignment with the efforts of NATO to find suitably applicable international law would be another fruitful avenue of not only finding consensus, but working within existing alliance frameworks. 

Consensus should very much be built among allies to strengthen any hand at future UN GGE processes. The platforms to advance the agenda already exist; what is missing is ‘bandwidth’ at the top level of British politics to contribute as needed.

The Missing Dimension in UK Cyber – Our Values
A critical point should be established in the development of cyber security strategy, by refocusing attention on the values that were set out in the 2011–15 strategy. For the UK to meaningfully contribute in shaping norms, it must promote itself both tangibly through the export of technical expertise and products, but also lead the way in establishing a standard for what behaviour a liberal democracy abides by and expects in cyberspace.

Shaping the international agenda for cyberspace should in the next strategy be as much about aligning the rights of citizens based on core values, the balance between privacy and security paramount among them, as it should be centred on technical requirements such as ‘secure by design’ for consumers of new tech products. What rights and values does a liberal democratic society subscribe to in the Information Age? To focus on technology without also focusing on the rights of the citizenry risks ceding the political ground entirely to a competing political position.

The New Great Game – The Threat from Cyber Sovereignty
While it may seem an indulgence to focus on norms and not purely on technology, the reasoning lies not in pure abstraction, but in the recognition that the liberal view is under direct challenge from a competing political belief set, Cyber Sovereignty. 

Championed by Russia and China, this view directly disputes the multi-stakeholder model that has so far been effective in governing cyberspace, calling instead for direct and exclusive management of cyberspace by nation states. This viewpoint poses a direct threat to the type of cyberspace that was not only originally created by liberal states and underpinned by liberal values, but also any future cyberspace. 

Next Steps and Challenges
Two key challenges must be navigated as the next steps in building towards a 2021 cyber security strategy: Brexit; and strategic alignment. In the first instance, Brexit remains the known unknown in the short term, an issue really only because of its uncertainty. 

One certainty that can be established, however, is that cyber security remains important regardless of Brexit, and thinking can afford to progress in an almost agnostic manner. When the last strategy was written the idea of a Brexit referendum was not even a political likelihood, the next one must be prepared without worrying about how Brexit may conclude.

This leaves the core challenge of establishing broad strategic alignment. Any future strategy needs to be assessed against a clear political vision for what the UK wants to achieve globally, based on a foundational value set. Strategy is instrumental in nature, helping to turn political vision into reality; UK political leaders must specify an international political vision against which a cyber security strategy can orient its mission effectively. 

Without this broad vision underwritten by clear values, the next cyber security strategy risks becoming merely a budgetary exercise that fails to shape the international dynamics framing the development of cyber security for decades to come.

RUSI

You Might Also Read:

Britain Aims To Lead In CyberSecurity:

 

« FBI Takes Too Long To Alert Victims
Top Blockchain Challenges For CIOs »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Bulletproof Cyber

Bulletproof Cyber

Bulletproof offer a range of security services, from penetration testing and vulnerability assessments to 24/7 security monitoring, and consultancy.

CybergymIEC

CybergymIEC

CybergymIEC is a global leader in cyber defense solutions and training services.

CRU Data Security Group (CDSG)

CRU Data Security Group (CDSG)

CRU is a pioneer in devices for data mobility, data security, encryption, and digital investigation.

Secure Decisions

Secure Decisions

Secure Decisions focus on research and product development related to national security including information assurance, computer network defense, cyber security education, and application security.

ShieldIOT

ShieldIOT

ShieldIOT delivers a complete AI-powered security solution across any IoT device, application and network.

Red4Sec

Red4Sec

Red4Sec are experts in ethical hacking, audits of web and mobile applications, code audits, cryptocurrency audits, perimeter security and incident response.

US-Africa Cybersecurity Group (USAFCG)

US-Africa Cybersecurity Group (USAFCG)

USAFCG provides cybersecurity consulting services and delivers training programs for capacity building in Africa.

Beyond Identity

Beyond Identity

Beyond Identity employs an elegantly simple concept, the personal certificate authority and self signed certificates, to replace passwords.

ProWriters

ProWriters

As a leading cyber insurance company, ProWriters offers flexible Cyber Liability Insurance coverage designed to cover privacy, data, and network exposures.

ProCheckUp

ProCheckUp

ProCheckUp is a London-based independent provider of cyber security services, including IT Security, Assurance, Compliance and Incident Response.

Ermes

Ermes

Ermes – Intelligent Web Protection provides companies with a solution that effectively secures them against web threats.

Avalor

Avalor

Avalor are on a mission to help security teams make faster, more accurate decisions by making sense of their data. With Avalor you can bring in data from anywhere, normalize it and analyze it.

Logiq Consulting

Logiq Consulting

Logiq Consulting provide a full range of Cyber Security, Information Assurance and System Engineering services.

Safe Data Storage

Safe Data Storage

Safe Data Storage offer a fully managed, professional, secure UK-based online backup service to businesses, education and charities.

Early Game Ventures (EGV)

Early Game Ventures (EGV)

Early Game Ventures invests in startups that jumpstart new industries in the emerging markets of Europe.

iConnect IT Business Solutions DMCC

iConnect IT Business Solutions DMCC

iConnect is a trusted IT Solutions and Technology Services company, proudly serving clients across the Middle East and Africa.