The UK Government has launched its new five-year National Cyber Security Strategy stating that it will spend a total of £1.9 billion over the next five years to realise its vision that by 2021 “the UK is secure and resilient to cyber threats, prosperous and secure in the digital world”. This vision is built on three pillars: Defend, Deter and Develop.
The Strategy states that Government will play an expanded role in driving change in cyber security in the UK with a focus on the following four broad areas.
Levers and incentives
The Government “will invest to maximise the potential of a truly innovative UK cyber sector” by supporting start-ups and investing in innovation. The Government will also “make use of all available levers, including the forthcoming General Data Protection Regulation (GDPR), to drive up standards of cyber security across the economy, including, if required, through regulation”.
Expanded intelligence and law enforcement focus on the threat
The intelligence agencies, the Ministry of Defence, the police and the National Crime Agency “will expand their efforts to identify, anticipate and disrupt hostile cyber activities by foreign actors, cyber criminals and terrorists.”
Development and deployment of technology in partnership with industry
The Government will adopt Active Cyber Defence measures, which will include working with Communication Service Providers (CSPs) to block malware attacks “by restricting access to specific domains or web sites that are known sources of malware.” This is known as DNS blocking/filtering and was the subject of some controversy when it was first set out by Ciaran Martin, the head of the National Cyber Security Centre, at a conference in September.
National Cyber Security Centre (NCSC)
The Government has established a single, central body for cyber security at a national level. The NCSC, which is part of GCHQ, will “manage national cyber incidents, provide an authoritative voice and centre of expertise on cyber security, and deliver tailored support and advice to departments, the Devolved Administrations, regulators and businesses.”
The Strategy also states that in order to ensure that its interventions are having a substantive impact on overall national cyber security and resilience, Government “will seek to define, analyse and present data which measures the state of our collective cyber security and our success in meeting our strategic goals.”
For more information, see: the National Cyber Security Strategy 2016 to 2021 and an NCSC explainer of the Active Cyber Defence programme