In 2016, the UK government launched its National Cyber Security Strategy (NCSS). The five-year plan (2016-2021) was underpinned by £1.9 billion in funding. Its purpose was to make the UK “secure and resilient to cyber threats.”
Has the NCSS achieved its aims?
Let’s look at the successes of the past five years, as well as areas for improvement going forwards.
Objectives of the UK government’s national cyber strategy
The National Cyber Security Strategy was built around three broad objectives. These were to defend, to deter and to develop:
- Defend focused on improving the UK’s ability to respond to incidents. It aimed to increase citizens’ knowledge about cyber threats and cyber resilience by means of the Cyber Assessment Framework (CAF).
- Deter sought to make the UK’s critical infrastructure hard target for cyber criminals.
- Develop focused on innovation. The aim was to build up cyber security talent and expertise to help the UK tackle future threats in the cyber space.
The National Cyber Security Centre
The most successful part of the NCSS has been the setting up of the National Cyber Security Centre (NCSC). The centre helps people manage cyber risk. It assists both public and private sector: SMEs, larger organisations, government departments, and the general public.
Set up in October 2016, the NCSC is a key source of information about cybercrime. Emma W. is Head of Advice and Guidance at the NCSC. Her team ensures website content is clear, consistent and user-centred. She believes accessible advice is key to reducing the impact of cyber threats.
As well as providing advice, the NCSC actively combats cyber crime. It responded to over 700 cyber incidents in 2020, up from 658 in 2019. It also helped almost 1,200 organizations handle cyber attacks in 2020.
Better reporting public services
Another success was the launch of the Suspicious Email Reporting Service (SERS) in April 2020. The service enables the public to forward suspicious emails to a government address. Malicious email addresses and URLs can then be taken down.
In the first four months of operation, the SERS received 2.3 million reports from the public. The NCSC took down 22,000 malicious URLs and 9,300 malicious web links based on the information provided.
Building cyber talent
Various NCSC initiatives aim to encourage diverse talent into cyber security.
CyberFirst, an initiative for students aged 11 to 19, seeks to build the next generation of cyber professionals. It includes student bursaries, free courses, and competitions. The CyberFirst Girls Competition encourages female talent in particular.
The CyberFirst Bursary scheme had 750 students in 2020, with 180 more due to be onboarded. All students who have graduated from the programme entered full-time cyber security roles.
To manage cyber career opportunities going forwards, the government is setting up a UK Cyber Security Council. Launching on 31 March 2021, it will set standards and define clear learning paths for the cyber security sector.
Room for improvement
The ability to measure success is of vital importance. Clearer metrics could better quantify the progress of the NCSS and help identify where more can be done in cyber threats prevention and information security. Better metrics would also make it easier to show value for taxpayers’ money.
As the government builds its next cyber security strategy, it will be worth bearing this in mind. More measurable and achievable targets will ensure that progress continues to be made.
In 2019, the International Telecommunications Union (ITU) ranked the UK as the country most committed to cyber security. The UK government’s cyber security strategy was singled out, followed by the United States.
Other countries have not provided the same level of funding for their own government cyber security strategies. And many lack any national strategy at all. For this reason, the UK’s 2016-2021 NCSS strategy remains world leading.
To maintain its leading position, the UK’s next national cybersecurity strategy has to adapt to our changing circumstances.
We’re more connected than ever before in the cyberspace. Everyone has a role to play in improving cyber security. More collaboration between public and private sector will be beneficial. And looking beyond national borders and homeland security will help move us towards a safer cyber world for all.