It proposes a “more integrated, creative and routine” use of powers to fight ransomware and cybercrime targeting UK national security, including by expanding the interagency National Cyber Force. The unit, which brings together military and intelligence personnel under a single command structure, will soon move to a custom-built headquarters in Samlesbury, Lancashire.
The strategy proposes the formation of a new “national cybersecurity advisory council” in government, made up of senior leaders from the private and third sectors; as well as a new “national laboratory for the safety of operational technologies” which will be responsible for testing and providing training on critical industrial technologies. The government will also invest in expanding the research capacity of the National Cyber Security Center (NCSC), which is part of GCHQ, including its new applied research center in Manchester.
The government will seek to develop UK expertise in existing and emerging ‘cyber power’ technologies. It lists 5G, 6G and other emerging forms of data transmission technology as potential priority areas; artificial intelligence (AI), in particular AI cybersecurity applications; blockchain and its applications; semiconductors and microprocessor chips; cryptographic authentication; “Internet of things” and connected technologies; and quantum technologies. The strategy also proposes measures to mitigate cybersecurity risks associated with reliance on global markets, including through minimum security standards for all new consumer connectable products sold in the UK.
The government recognizes that significant progress has been made over the past decade, including the creation of the NCSC and the implementation of laws, such as the Networks and Information Systems Regulation (NIS Regulation). However, due to the growing number of cyber breaches affecting government, businesses, organizations and individuals, all UK businesses and organizations will need to develop a ‘better understanding’ of cyber risks and their responsibilities to manage those risks. as part of the strategy. . The strategy emphasizes the need for companies to grow and work to prevent attacks, incorporating basic protections.
The government intends to work with “market influencers”, including insurers and investors, to encourage good cybersecurity practices and promote the adoption of accreditations and standards. The government also intends to tighten corporate reporting requirements, to give investors and shareholders a better idea of how businesses manage and mitigate significant risks to their business, including cyber risks.
Public sector cybersecurity will also be overhauled, with the government committing to “dramatically strengthen” its critical functions against cyber attacks by 2025. It intends to adopt the NCSC’s Cyber Assessment Assessment Framework. as an insurance framework for all by example ”in its understanding of cyber risk.
The strategy also devotes significant space to improving individual cyber skills, starting in classrooms with a new ‘Cyber Explorers’ online training platform for children. The government will also expand training opportunities, bootcamps and cybersecurity apprenticeships after 16 years. In addition, the UK Cyber Security Council will be granted ‘Royal Charter’ status, aligning cybersecurity professionals with those in other professions such as engineering.