The UK has unveiled its new National Cyber Strategy (2021). The document sets out how the nation will solidify its standing as a global cyber power. The document has been produced by the National Cyber Council, which seeks to:
- Provide thought leadership and professional standards.
- Support careers and learning.
- Set out professional ethics.
- Promote cybersecurity as a career opportunity for people of all ages and backgrounds.
Looking at the content with an expert’s eye is David Carroll, MD of Nominet Cyber. Carroll tells Digital Journal why this document is different to what has been produced before, finding: “The new National Cyber Security Strategy 2022 represents a step change in the UK’s approach.”
This is needed due to the fast-changing situation, Carroll says: “As the Minister for the Cabinet Office, Stephen Barclay, pointed out in his address today: we are at an inflexion point. The new strategy builds upon previous strategies, but what’s striking now is its breadth.”
Carroll notes the document’s holistic nature: “It is a comprehensive whole-of-Government and whole-of-nation strategy. It places cyber power at the heart of the UK’s foreign policy agenda and recognises that every part of the strategy depends upon international engagement.”
Governments need to content with a multitude of changes, such as:
- 5G and 6G technology, and other emerging forms of data transmission
- Artificial intelligence.
- Blockchain technology and its applications.
- Semiconductors, microprocessor chips, microprocessor architecture.
- Cryptographic authentication including for identity and access management and high assurance cryptographic products.
- Internet of Things and technologies used in consumer, enterprise, industrial and physical environments such as connected places.
- Quantum technologies, including quantum computing, quantum sensing and post-quantum cryptography.
Adding to the benefits for the UK, Carroll states: “It puts a stake in the ground for the UK as a responsible and democratic cyber power on an international stage. There is a lot to unpack, but the implementation programme shows boldness in its ambition, which is to be welcomed.”
Carroll says that such a response is necessary for the modern world and the fast-changing process of government and business transactions. Carroll indicates: “Our economy is more digitalised than ever, and we are reliant on increasingly diffuse infrastructures to maintain essential services. The drivers of change in cyberspace are many and varied, as the strategy makes clear. This increasingly complex landscape will make it harder for states, businesses and society to understand the risks they face, and how they should protect themselves.”
This brings with it different types of threats, notes Carroll: “Increased dependency on third party suppliers of managed services is creating new risks, as witnessed this week as the world scrambles to deal with the LOG4J vulnerability. As the scale and speed of the changes to our digital landscape outpaces the frameworks, laws and institutions that govern the way we live and work, we must be prepared for a strategic competition. Governments around the world will be looking for capabilities at national scale, rather than piecemeal cyber security solutions.”
This has led to the need for joined up thinking, says Carroll: “Governments will search for solutions and capabilities to protect entire ecosystems and economies. It is this multi-level, whole-of-society approach, with strategic international collaboration, that will allow the UK to harness its ‘cyber power’, defend its citizens, and be a responsible global citizen.”