UK launches new National Cyber Security Strategy with focus on home-grown tech

The Strategy revolves around expanding the UK's cyber industry and making it self-sustaining

Massive advances in technology have made the world more connected than ever, a trend only accelerated by the coronavirus pandemic. But this is probably only the early stages of a global cultural shift, one that makes digital skills and technology integral to future security.

That is the message the UK government shared as it launched its new National Cyber Security Strategy (NCSS), a document aimed at protecting the nation from hostile states and organised crime while promoting the country as a leader in the field.

The government will drive the programme with £2.6 billion of funding over the next three years, allocated in the recent spending review, to carry out both offensive and defensive cyber warfare.

The new Strategy is based on the premise that UK cyber power will be of increasing importance in the digital age, and that sustaining our cyber power requires a comprehensive and integrated strategy touching all parts of society: the classroom and boardroom will be as important as the actions of tech experts and politicians.

Five dimensions of cyber power

The Strategy document outlines five goals to guide activity over the next five years:

• Pillar 1: Strengthening the UK cyber ecosystem by investing in people and skills and deepening the partnership between government, academia and industry
• Pillar 2: Building a resilient and prosperous digital UK, reducing cyber risks so businesses and citizens can operate securely online
• Pillar 3: Taking the lead in the technologies vital to cyber power by building industrial capability and developing frameworks to secure future technologies
• Pillar 4: Advancing UK global leadership and influence through working with government and industry partners
• Pillar 5: Detecting, disrupting and deterring our adversaries to enhance UK security in and through cyberspace

How the government will achieve these aims is set out in the second half of the document. For example, the government describes its goal of the self-sustaining growth of the cyber industry, rather than relying on government intervention by moving from a bespoke, centrally managed approach to a 'more sustainable, systemic and regional approach'.

David Carroll, MD of Nominet Cyber, said, "As the scale and speed of the changes to our digital landscape outpaces the frameworks, laws and institutions that govern the way we live and work, we must be prepared for a strategic competition. Governments around the world will be looking for capabilities at national scale, rather than piecemeal cyber security solutions. Governments will search for solutions and capabilities to protect entire ecosystems and economies. It is this multi-level, whole-of-society approach, with strategic international collaboration, that will allow the UK to harness its ‘cyber power', defend its citizens, and be a responsible global citizen."

Training and growth

Since the last NCSS in 2016, the UK's cyber security sector has grown quickly: 1,400 businesess have created more than 46,700 jobs and generated £8.9 billion in revenue.

To maintain this momentum, the government announced an investment in Plexal's 'Cyber Runway' scheme, helping more than 100 individuals found and develop cyber firms, mostly outside London and the Southeast. More than half of these companies are led by people from BAME backgrounds and 45 per cent by women.

Saj Huq, head of innovation at Plexal, said, "There is a recognition in the Strategy that more needs to be done to help early-stage startups to launch, grow and scale their businesses and bring to market products and services that not only meet the needs of industry, but of society too. Given the impact on early-stage investment during COVID-19, we're supportive of efforts to further grow and sustain the UK's innovation pipeline and growing community of cyber security SMEs and startups."

'Funding for these growth and skills programmes will be reoriented away from large, often London-based initiatives to a regionally delivered model which will mean more jobs and better opportunities for people across the UK,' said the government. Politically, much of the funding will be directed at the former Red Wall of Labour seats taken by the Conservatives in 2019.

A new 'Cyber Explorers' online training platform was also announced to teach cyber skills in the classroom, along with a related scheme for adults to help people retrain - especially those from minorities and other underrepresented groups in the industry.

Investing in security

The strategy document also outlined several plans to keep citizens safe online and bolster law enforcement efforts when it comes to fighting cyber crime:

• Increased funding for law enforcement to more accurately track and target criminals
• Increased investment in the National Cyber Force
• Expanding GCHQ's National Cyber Security Centre research capabilities, including a new research hub in Manchester
• Introducing the Product Security and Telecommunications Infrastructure Bill, to enforce minimum security standards in all new connected products sold in the UK
• Strengthen and expand regulation to ensure providers of digital services like the cloud are following better security standards
• Increased investment in public sector cyber security to ensure resilience against emerging threats.

General Patrick Sanders, chief of strategic command, said: "This strategy builds upon the importance of the cyber domain as outlined in the Integrated Review and sets out a clear vision for how we as a nation will contribute to the UK's cyber future. As we continue to face threats in cyberspace, it is essential that we continue to adapt, innovate, partner and succeed against evolving aggressive activity."