Lack of implementation plan delays cyber security strategy

The Cabinet Office cancelled the publication of its much-anticipated cyber security strategy earlier this month because it had not finalised an implementation policy, according to one government insider.

Coherent implementation of a cyber security strategy has already been flagged on several occasions, owing to the extremely fragmented nature of the UK's Cyber Defence Infrastructure.

Dr Kevin Tebbit, a former director of the government's spy agency GCHQ (Government Communications Headquarters) and member of a panel at the Cyber Security Forum 2011 in London yesterday, said: "We expected the government's cyber security strategy this month, but it was delayed because while it covers policy and principles, there is no clear implementation plan yet."

Tebbit added that five main principles to be covered by the strategy were likely to be:

• To increase the government's own cyber capabilitles (including offensive capablities);

• To improve the UK's ability to combat cyber crime;

• To recognise that security can't be done by government alone or even primarily as co-operation with the private sector is needed;

• To promote development of the UK cyber industry to provide services to the public and private sectors;

• To raise general public awareness of the nature of the issues, meaning people take care of basic security – but also to develop via academia and enterprises a cyber workforce with the right skills.

A spokesperson for the Cabinet Office told Computing that the strategy would now be launched when parliament reconvenes following the autumn conference season.