techUK attended CyberUK this week in Glasgow, the NCSC’s flagship cyber security conference. This blog is part of a series of insights from the two day event.
Minister for the Cabinet Office and Chancellor of the Duchy of Lancaster the Rt Hon David Lidington CBE MP addressed CyberUK delegates in Glasgow. During the speech he highlighted the progress made to date by the UK in fighting cyber attacks as well as a launching a new tool developed by the National Cyber Security Centre (NCSC) called ‘Exercise in a box’.
The Minister began by highlighting how the UK has become a world leader in cyber security, developing a model that is respected and replicated worldwide. He argued that in the first three years of the current National Cyber Security Strategy (NCSS) the UK has put the building blocks in place to strengthen the UK’s cyber security and resilience, particularly in founding the NCSC and through initiatives like Active Cyber Defence and CyberFirst.
He also focused on the progress made in protecting CNI, stating that the UK has robust protections in place. Furthermore, he said that the UK would not countenance potential risks in the most sensitive networks and would work with international partners to develop a joint approach in protecting CNI across all key sectors.
A key focus of the speech was how we could demystify cyber for the average citizen and employee, reiterating that too often within organisations cyber is seen as the responsibility of the IT department and not, as it should be, everyone. Citing high profile attacks like WannaCry and Equifax he stated that the ‘majority of cyber-attacks can be prevented by putting basic cyber security measures in place… but nationally, only about a third of businesses and charities have a board member or trustee with specific, designated responsibility for cyber security’.
Launching ‘Exercise in a box’ the Minister suggested that NCSC would continue to seek new ways to support and protect organisation at all levels, with this initiative focusing on SMEs and local Government. The tool has been developed by NCSC to allow organisations to test their cyber resilience by utilising real-life scenarios based on generic threats the UK faces. This is one part of several new measures recently announced such as the Board Toolkit, which aims to engage board members with their technical experts more effectively.
Finally, the post-2021 landscape was explored with the Minister outlining some of the priorities that would continue after the current strategy ends. These included:
- Reducing the risks from high-volume, low sophistication cyber attacks and ensuing cyber is deigned into broadening networks of connected devices;
- Ensuring agencies and law enforcement have the capabilities in place to counter malign activity and hostile actors;
- Building a sustainable ecosystem, with the companies’ talent and research need for the UK to remain world leaders in Cyber; and
- More effective analysis of Government interventions to date and engaging and learning from criticism more effectively.
Underpinning the above was a suggestion that the UK Government would seek to ‘move towards a more mature partnership in the public, private and third sectors. Leveraging industry and academic expertise more effectively is a welcome ambition and an area which can only benefit UK cyber resilience going forward.
The full speech can be read here.