UK National Cyber Strategy – Experts Reactions

The UK has unveiled its new National Cyber Strategy that sets out how the nation will solidify its standing as a global cyber power.

Subscribe
Notify of
guest

7 Expert Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Bharat Mistry
Bharat Mistry , Principal Security Strategist
InfoSec Expert
December 16, 2021 1:07 pm

<p>Having a coherent national cyber strategy will be essential if UK wants to be recognised as a Science and Tech Superpower for scientific research, innovation, and leading edge in critical areas such as artificial intelligence. As the UK becomes ever more connected, cyber security will become the cornerstone to providing world class secure digital services and platforms that will transform the UK economy.</p>

Last edited 11 months ago by Bharat Mistry
Jamie Collier
Jamie Collier , Intelligence Analyst
InfoSec Expert
December 16, 2021 1:06 pm

<p>The new National Cyber Strategy is a positive and assertive vision from the UK Government, outlining a strong intention that the UK intends to fully capitalise on its top tier cyber capabilities. This latest strategy adopts a more encompassing view of cyber that extends beyond security to also connect with broader themes of diplomacy, national power, and statecraft. It presents a proactive vision in responding to both state-backed espionage and cyber criminal activity, recognising that public attribution and even cyber sanction regimes have not always been successful in fundamentally altering the actions of attackers. The recently announced National Cyber Force indicates a new appetite to deter state operations more directly by disrupting adversary network infrastructure.</p>
<p>The strategy also sets out a firm approach to countering cybercrime, likely in response to the devastating impact of ransomware in the UK and around the world over the past two years. There is a clear willingness to disrupt the cyber criminal ecosystem and the affiliated tools and services that empower criminal groups. With £2.6 billion earmarked for cyber security over the coming five years, the Government clearly remains highly committed to its central vision to keeping the UK a secure and attractive digital economy. It is encouraging to see that spending plans are largely focused on maintaining existing initiatives, as this highlights that the UK Government has already established many of the foundational elements of its national cyber capability and can now build on this momentum. Putting the groundwork in establishing the National Cyber Security Centre (NCSC) five years ago really paid off for example, as the NCSC is now looked to as an exemplar from international counterparts and is a frequent destination when heads of state visit the UK.</p>

Last edited 11 months ago by Jamie Collier
Daniel Lattimer
Daniel Lattimer , Director Government & Defence
InfoSec Expert
December 16, 2021 1:03 pm

<p>The new National Cyber Strategy is welcome news. It’s especially positive to see investment into securing the public sector, which has fallen victim to numerous potentially devastating supply chain attacks over the last year, showing attackers that it’s a viable route to crippling their operations. Today’s measures are vital both in creating greater visibility, transparency and collaboration across organisations, and also improving trust across the entire software ecosystem. </p>
<p>While ‘all parts of society’ undoubtedly need to play their part in strengthening the UK’s cyber defence,  this effort must be led from the top. The UK government needs to set the agenda for – and adhere to – best cybersecurity practices, while providing direction on how everyone can remain secure, including consumers and businesses alike. Increased budget, new focus areas, and new legislation (such as the Telecommunication Infrastructure Bill) should make this possible, provided closer working relationships are formed within cyber defence from the introduction of the National Cyber Advisory Board and National Laboratory for Operational Technology Security. </p>
<p>Above all, this new strategy and investment contribute to the country’s cyber resilience, and that’s the most important thing for securing the UK’s cyber future.</p>

Last edited 11 months ago by Daniel Lattimer
Tim Wade
Tim Wade , Office of the CTO
InfoSec Expert
December 16, 2021 12:54 pm

<p>It’s brilliant to see the UK government pledging to work more closely with organisations on security. But as further guidance is issued, organisations must keep in mind that government guidelines give you a floor, not a ceiling. Threat actors are innovating faster than most regulators or legislators can issue new edicts, so your security strategy should move at the same pace.</p>
<p>Organisations should also note the government’s plans to ‘detect, disrupt, and deter adversaries’ and take this approach on board themselves. This means adopting a detection and response strategy that looks for the intersections between authorised but suspicious activities, and the sorts of behaviours that an adversary will exhibit as part of an unfolding attack – examining factors like how persistence will be achieved, and what key chokeholds must be crossed to pivot from initial access towards objectives. By assuming you’re compromised and actively searching for signs of an attack, you are in a much stronger position to detect all sorts of attacks in good time and stop them before they become breaches.</p>

Last edited 11 months ago by Tim Wade
Steve Cottrell
Steve Cottrell , EMEA CTO
InfoSec Expert
December 16, 2021 12:42 pm

<p>The UK’s latest strategy makes it clear that increased cyber resilience at a National, CNI (Critical National Infrastructure), and organisational level is critical. There’s also an obvious focus on meaningful cyber security practices, which are aligned to the particular threat actors we may face – finally, the days of generic ineffective tick box compliance are in the rear view mirror.</p>
<p>It’s extremely positive that the government is increasing its focus on threat-intelligence-led security testing, which really drives objective assessment of cyber capabilities and their resilience against attack. It will be fantastic to see the government put AI to good use here in a wide array of applications such as network monitoring, enhancing its ability to detect malicious activity.</p>

Last edited 11 months ago by Steve Cottrell
Information Security Buzz
7
0
Would love your thoughts, please comment.x
()
x