Data and securityCyber SecurityA new approach for cyber security in the UK

A new approach for cyber security in the UK

Less reliance on private sector efforts as government sets out new strategy

National Cyber Security Centre chief executive, Ciaran Martin, has outlined the UK’s new approach to cyber security at the Billington Cyber Security Summit in Washington DC.

Martin, the first chief executive of the NCSC, set out how the new organisation will adopt a more active posture in defending the UK from the range of cyber threats the UK currently faces, as well as the need for government, industry and law enforcement to work in even closer partnership.

Rather than relying on private sector efforts to contain online attacks against British users and organisations, the government now recognises it must take the lead on information security.

“If we’re to maintain confidence in the digital economy, we’ve got to tackle this end of the problem,” Martin told the Summitt. “I believe there’s a legitimate role for the government in taking a lead… at least temporarily. This is the thinking behind our strategy.”

He said twice as many “national-security-level cyber-incidents” were detected in 2015 compared with the year before, adding up to about 200 per month, while the NAO noted that the 17 largest government departments recorded 8,995 data breaches in 2014-15.

“If we’re going to retain confidence in our increasingly digitised economy, we have to make sure that everyone – our private citizens, our small businesses, our not-for-profits, as well as our largest and most pivotal public and private institutions – can do business in a digital environment that is fundamentally safer than it is now,” added Martin. “And to do that means using technology to automate our defences against these unsophisticated but prolific attacks.

“This really matters for the UK. The Government I work for is charged with helping to protect a highly digitalised economy, which by some measures is the most digitally advanced, and therefore dependent, in the world.”

 

Damning report

However, a damning NAO report timed to coincide with Martin’s appearance said that overall the coordination of central government’s information security efforts remained confused, even as recent trends toward information sharing tended to increasingly expose sensitive data to attacks.

As of April of this year there were at least 12 separate teams or organisations at the centre of government with overlapping roles in protecting information, the NAO found.

While the NCSC’s formation should “bring together much of government’s cyber expertise” the NAO warned that in its view “wider reforms will be necessary” and currently reporting personal data breaches is “chaotic” with different departments’ mechanisms making it impossible to collect coherent data.

“The Cabinet Office does not currently provide a single set of standards for departments to follow, and does not collate or act upon those weaknesses it identifies,” the NAO stated.

Related Articles

Government and tech industry hold roundtable on IoT security

Cyber Security Government and tech industry hold roundtable on IoT security

2y Jay Ashar
New Army cyber operations centres for MOD

Cyber Security New Army cyber operations centres for MOD

2y Jay Ashar
Competing priorities biggest roadblock to cybersecurity

Cyber Security Competing priorities biggest roadblock to cybersecurity

2y Jay Ashar
Cybersecurity is a market for lemons

Cyber Security Cybersecurity is a market for lemons

2y Bernard Parsons
Compulsory cyber awareness training for Cardiff council staff

Cyber Security Compulsory cyber awareness training for Cardiff council staff

2y Jay Ashar
UK government to assess the cyber security capability landscape

Cyber Security UK government to assess the cyber security capability landscape

2y Jay Ashar
New capability to help organisations fight cyber threats

Cyber Security New capability to help organisations fight cyber threats

2y Jay Ashar
Room for more cybersecurity over and above GDPR

Cyber Security Room for more cybersecurity over and above GDPR

2y Jay Ashar