UK Government’s push towards a cyber security eco-system in 2022
Fri 21 Jan 2022
On 19 January the UK government announced its plan to tighten cyber security laws for businesses. This announcement from the Dept’ of Culture, Media and Sport (DCMS) follows an alert published by The White House on 11 January, warning businesses of tactics used by Russian state-sponsored hackers.
Under new proposals, the government aims to update the Network and Information Systems Regulations, which came into force in 2018, to improve the security of essential services such as: healthcare, energy, water and transport.
It is expected that more third-party services will be necessary to ensure companies are compliant, which in turn will generate expansion and employment within the UK cyber-security sector. The DCMS cites the SolarWinds and Microsoft Exchange attacks of 2021 as highlighting weaknesses in third-party products and how they can be exploited by ‘cyber-criminals and hostile states.’
Minister of State for Media, Data and Digital Infrastructure, Julia Lopez, said: ‘Cyber-attacks are often made possible because criminals and hostile states cynically exploit vulnerabilities in businesses’ digital supply chains and outsourced IT services that could be fixed or patched.’ Ms Lopez stressed the compulsory nature of compliance: ‘Every UK organisation must take their cyber resilience seriously as we strive to grow, innovate and protect people online (…) it is not an optional extra.’
It is noteworthy that increased vigilance and incident-reporting is introduced as the UK heads towards economic recovery and ‘reset.’ In the 2022 Cyber Security Incentives and Regulation Review published on Wednesday, common barriers to resilience in UK businesses were identified and ranged from ‘organisations not knowing what to do’ to ‘lack of commercial rationale and business drivers that stimulate prioritisation.’
In reviewing the success of UK cyber security since 2016, it was found that the introduction of GDPR significantly increased cyber-security discussions at board-level, alongside a greater spend in systems security. However, two in five companies surveyed last year experienced attacks over a twelve-month period, with a quarter experiencing these weekly.
The findings of 2021’s Cyber Security Breaches Survey form just one influencing factor of the new National Cyber Security Strategy published in December. Perhaps the most significant physical component of the strategy is the National Cyber Force. Located in Samlesbury, Lancashire this new organisation combines the knowledge collateral of partners: The Ministry of Defence, The Defence Science and Technology Lab’ and the Government Communications HQ.
The Samlesbury development signifies a 5 billion investment into the local economy and strategic partnerships with North West companies and Universities. As jurisdiction for the NCF sits with the Secretary of State for Foreign, Commonwealth and Development Affairs and the Secretary of State for Defence, it also signals a strengthening relationship between cyber and foreign policy.
Cyber-Security isn’t the only advance towards tech’ leadership made by the government this week. On the 20 January the ‘Help to Grow’ digital scheme was launched to provide small businesses with discounted software and free advice. Adjacent to these initiatives is the 3 billion pledged in the Autumn budget to bridge a perceived digital skills gap. The Civil Service itself has rolled-out a scheme designed to fast-track entry-level employees in ‘digital, data, tech’ and cyber.’
Of the new strategy, Simon Hepburn, CEO of the National Security Council, (established in 2021) stated: ‘The UK Cyber Security Council is delighted that these proposals recognise our cyber workforce lead role that will help to define and recognise cyber job roles and map them to existing certifications and qualifications.’
The imperatives of the Cyber Security Strategy and the new legislation in reporting breaches heralds an era of intensified vigilance and transparency for the UK. Add to this the directive to feed a talent-pipeline and the government’s ambition for a tech’ ecosystem, that will reinvigorate the economy, becomes a virtual reality.