UK National Cyber Strategy – Experts Reactions

The UK has unveiled its new National Cyber Strategy that sets out how the nation will solidify its standing as a global cyber power.

Notify of
7 Expert Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
David Carroll
David Carroll , Managing Director
InfoSec Expert
December 16, 2021 12:35 pm

<p>The new National Cyber Security Strategy 2022 represents a step change in the UK’s approach. As the Minister for the Cabinet Office, Stephen Barclay, pointed out in his address today: we are at an inflexion point. The new strategy builds upon previous strategies, but what’s striking now is its breadth. It is a comprehensive whole-of-Government and whole-of-nation strategy. It places cyber power at the heart of the UK’s foreign policy agenda, and recognises that every part of the strategy depends upon international engagement. It puts a stake in the ground for the UK as a responsible and democratic cyber power on an international stage. There is a lot to unpack, but the implementation programme shows boldness in its ambition, which is to be welcomed. </p>
<p>Our economy is more digitalised than ever, and we are reliant on increasingly diffuse infrastructures to maintain essential services. The drivers of change in cyberspace are many and varied, as the strategy makes clear. This increasingly complex landscape will make it harder for states, businesses and society to understand the risks they face, and how they should protect themselves. Increased dependency on third party suppliers of managed services is creating new risks, as witnessed this week as the world scrambles to deal with the LOG4J vulnerability. As the scale and speed of the changes to our digital landscape outpaces the frameworks, laws and institutions that govern the way we live and work, we must be prepared for a strategic competition. Governments around the world will be looking for capabilities at national scale, rather than piecemeal cyber security solutions. Governments will search for solutions and capabilities to protect entire ecosystems and economies. It is this multi-level, whole-of-society approach, with strategic international collaboration, that will allow the UK to harness its ‘cyber power’, defend its citizens, and be a responsible global citizen.</p>

Last edited 6 months ago by David Carroll
Raj Samani
Raj Samani , Chief Scientist and Fellow
InfoSec Expert
December 16, 2021 12:36 pm

<p>As cyberattacks are putting organisations under more strain than ever before, the announcement of a National Cyber Strategy is a welcome move by the government. After all, both the industry and government must do all they can to keep cyber attackers at bay.  </p>
<p>The threat landscape is moving at an alarming pace, with recent research from McAfee Enterprise finding that more than 4 out of 5 IT professionals in the UK experienced an increase in cyber threats since the onset of COVID-19. The new government strategy will help overcome many obstacles when blended with cyber defences underpinned by an open, flexible architecture that can adapt as needed without the need for bolt-on security. A Zero Trust mindset that can help them maintain control over access to the network and all instances within it is also critical as organisations continue to adapt to a hybrid way of working.   </p>
<p>When working together, the future looks bright. The government\’s new strategy will provide businesses with the support they need to bolster defences. Still, organisations must not get complacent and continue to prioritise their own approach to cyber security.</p>

Last edited 6 months ago by Raj Samani
Steve Cottrell
Steve Cottrell , EMEA CTO
InfoSec Expert
December 16, 2021 12:42 pm

<p>The UK’s latest strategy makes it clear that increased cyber resilience at a National, CNI (Critical National Infrastructure), and organisational level is critical. There’s also an obvious focus on meaningful cyber security practices, which are aligned to the particular threat actors we may face – finally, the days of generic ineffective tick box compliance are in the rear view mirror.</p>
<p>It’s extremely positive that the government is increasing its focus on threat-intelligence-led security testing, which really drives objective assessment of cyber capabilities and their resilience against attack. It will be fantastic to see the government put AI to good use here in a wide array of applications such as network monitoring, enhancing its ability to detect malicious activity.</p>

Last edited 6 months ago by Steve Cottrell
Tim Wade
Tim Wade , Office of the CTO
InfoSec Expert
December 16, 2021 12:54 pm

<p>It’s brilliant to see the UK government pledging to work more closely with organisations on security. But as further guidance is issued, organisations must keep in mind that government guidelines give you a floor, not a ceiling. Threat actors are innovating faster than most regulators or legislators can issue new edicts, so your security strategy should move at the same pace.</p>
<p>Organisations should also note the government’s plans to ‘detect, disrupt, and deter adversaries’ and take this approach on board themselves. This means adopting a detection and response strategy that looks for the intersections between authorised but suspicious activities, and the sorts of behaviours that an adversary will exhibit as part of an unfolding attack – examining factors like how persistence will be achieved, and what key chokeholds must be crossed to pivot from initial access towards objectives. By assuming you’re compromised and actively searching for signs of an attack, you are in a much stronger position to detect all sorts of attacks in good time and stop them before they become breaches.</p>

Last edited 6 months ago by Tim Wade
Daniel Lattimer
Daniel Lattimer , Director Government & Defence
InfoSec Expert
December 16, 2021 1:03 pm

<p>The new National Cyber Strategy is welcome news. It’s especially positive to see investment into securing the public sector, which has fallen victim to numerous potentially devastating supply chain attacks over the last year, showing attackers that it’s a viable route to crippling their operations. Today’s measures are vital both in creating greater visibility, transparency and collaboration across organisations, and also improving trust across the entire software ecosystem. </p>
<p>While ‘all parts of society’ undoubtedly need to play their part in strengthening the UK’s cyber defence,  this effort must be led from the top. The UK government needs to set the agenda for – and adhere to – best cybersecurity practices, while providing direction on how everyone can remain secure, including consumers and businesses alike. Increased budget, new focus areas, and new legislation (such as the Telecommunication Infrastructure Bill) should make this possible, provided closer working relationships are formed within cyber defence from the introduction of the National Cyber Advisory Board and National Laboratory for Operational Technology Security. </p>
<p>Above all, this new strategy and investment contribute to the country’s cyber resilience, and that’s the most important thing for securing the UK’s cyber future.</p>

Last edited 6 months ago by Daniel Lattimer
Jamie Collier
Jamie Collier , Intelligence Analyst
InfoSec Expert
December 16, 2021 1:06 pm

<p>The new National Cyber Strategy is a positive and assertive vision from the UK Government, outlining a strong intention that the UK intends to fully capitalise on its top tier cyber capabilities. This latest strategy adopts a more encompassing view of cyber that extends beyond security to also connect with broader themes of diplomacy, national power, and statecraft. It presents a proactive vision in responding to both state-backed espionage and cyber criminal activity, recognising that public attribution and even cyber sanction regimes have not always been successful in fundamentally altering the actions of attackers. The recently announced National Cyber Force indicates a new appetite to deter state operations more directly by disrupting adversary network infrastructure.</p>
<p>The strategy also sets out a firm approach to countering cybercrime, likely in response to the devastating impact of ransomware in the UK and around the world over the past two years. There is a clear willingness to disrupt the cyber criminal ecosystem and the affiliated tools and services that empower criminal groups. With £2.6 billion earmarked for cyber security over the coming five years, the Government clearly remains highly committed to its central vision to keeping the UK a secure and attractive digital economy. It is encouraging to see that spending plans are largely focused on maintaining existing initiatives, as this highlights that the UK Government has already established many of the foundational elements of its national cyber capability and can now build on this momentum. Putting the groundwork in establishing the National Cyber Security Centre (NCSC) five years ago really paid off for example, as the NCSC is now looked to as an exemplar from international counterparts and is a frequent destination when heads of state visit the UK.</p>

Last edited 6 months ago by Jamie Collier
Bharat Mistry
Bharat Mistry , Principal Security Strategist
InfoSec Expert
December 16, 2021 1:07 pm

<p>Having a coherent national cyber strategy will be essential if UK wants to be recognised as a Science and Tech Superpower for scientific research, innovation, and leading edge in critical areas such as artificial intelligence. As the UK becomes ever more connected, cyber security will become the cornerstone to providing world class secure digital services and platforms that will transform the UK economy.</p>

Last edited 6 months ago by Bharat Mistry
Information Security Buzz
Would love your thoughts, please comment.x