The National Cyber Security Programme (NCSP) needs more work if the UK is to protect itself from cyber attacks, according to a report published today by policy examining body the Intelligence Security Committee (ISC).
The NCSP was announced as part of the Strategic Defence and Security Review in October 2010, with the government committing £650m to cyber security over a four-year period.
In its annual report, which was laid before parliament today by the Prime Minister, the committee said that although there had been progress in improving cyber security since the NCSP was established, it had still not met recommendations that the committee had set out in its 2010-2011 report.
The report did praise the government's efforts to raise the profile and awareness of cyber security, citing its London Conference on Cyberspace in November 2011 as an example, and to clarify ministerial responsibility and accountability for cyber security.
The government has transferred the responsibility from the Home Office to the Cabinet Office, and while the committee said it believed this made the situation "much clearer than it was previously", it remained concerned as to whether there was still potential for confusion.
In his response to the committee, Foreign Secretary William Hague said: "I don't think there is any confusion. There are a number of ministers with responsibilities in this area, but there needs to be because it does go across government to such an extent. I think the responsibility for cyber security has to be at a central point, so it is right that Francis Maude has the responsibilities that he has.
"That's not inconsistent with my oversight of GCHQ. But I think cyber security needs pulling together across all the departments. We have a very useful ministerial coordinating group on cyber security which I chair, including ministers from the Home Office, DCMS and so on."
One of the main recommendations in the report is that the NCSP should focus more on cyber security education.
[Turn to next page]
By eliminating high entry costs for big data analysis, you can convert more raw data into valuable business insight.
A discussion of the "risk perception gap", its implications and how it can be closed