The UK government has announced the ‘First ever Government Cyber Security Strategy to step up Britain’s defence and resilience‘.
Here the British government states: “Britain’s public services will be strengthened to further protect them from the risk of being shut down by hostile cyber threats.” This declaration earmarked to be supported by £37 million ($50 million) in additional investment for local government.
The strategy is designed to bolster Britain’s public services, to protect them from the risk of being shut down by hostile cyber threats. However, cyber security expert Dr Süleyman Özarslan tells Digital Journal we have “seen similar Government announcements before” and that it clearly finds public sector security a “tough nut to crack.”
Dr Ozarslan is co-founder of Picus Security, a company that specialises in simulating the attacks of cyber-criminal gangs.
Özarslan explains that the news is, on the surface, good: “It’s a positive step good that the UK government recognises the importance of improving the state of cyber security in the public sector.”
This is especially so when it comes to municipal authorities. Here Özarslan assesses: “Local authorities are increasingly targeted by cybercriminals and when they are, the impact can be significant for citizens. Over the last few years, we’ve seen numerous examples of vital services being disrupted, such as an attack on Hackney Council that affected vital services for months.”
However, within the core detail of the announcement is repetition, as Özarslan has dissected from the report: “Whilst improving collaboration and vulnerability disclosure across the sector are important measures, we cannot pretend that we have not seen similar announcements before.”
In particular, no amount of new information will help if the those in receipt of data from the New Cyber Coordination Centre are not in a position to act upon it. This appears the case in the latest report from Johnson’s battered administration.
As Özarslan notes: “’Defend as One’ is a noble aim, but it’s no good improving knowledge sharing if councils aren’t also in a position to apply intelligence and take swift, defensive actions. The public sector increasingly needs to shift its approach from being reactive to proactive.”
It also stands that governments should hold back on suggesting there are easy fixes when the reality is far more complex. As Özarslan concludes: “The truth is, that improving security in the public sector is a tough nut to crack and is only becoming harder as more urban centres become increasing connected and authorities face funding pressures.”