Page 44 - the SyI Quarterly
P. 44
Cyber Updates
Is the UK’s Approach to
Cyber Security Changing? One of the ways this will hopefully manifest itself
is by building a culture of information sharing
between companies. This has been a major
sticking point in recent years, as companies
By Matthew Robertson, producer of the UKsec Summit have been reluctant to hand over information
regarding breaches they have suffered for fear
The early 2010s, although just over a decade away, are starting to feel like a lifetime ago, not least it could damage their reputation or give away
when we consider the technology we rely on everyday. In 2010, Apple had yet to launch the iPad crucial company secrets. But sharing information
and most people in the UK were still using 3G networks. A year later, the UK introduced its Cyber will ultimately be in everyone’s benefit as we all
Security Strategy, face similar threats. Looking to the insurers for
guidance here could prove helpful, as they have a
particularly mature culture of information sharing,
which sought to “promote growth and minimise the economic impact of cyber attacks by working particularly able to quantify the cost of risk.
closely with the private sector.” While this may sound familiar to observers of the UK’s current cyber
security policy, the approach we are now taking is in fact a sharp departure from that of a decade To be sure, moving in this direction will not be
ago. easy, or even pretty. In my own conversations with
the Steering Committee for our upcoming UKsec
The “close work” with the private sector described by the 2011 strategy ultimately amounted to little
more than general guidance. The private sector was largely left to fend for itself, so much so that Summit, one committee member working for a
Robert Hannigan, then head of GCHQ, said only four years later that the government had to act to public body remarked how he has noticed the
reform the market and make it “work better”. The hands-off approach wasn’t working, and he said questioning from state representatives regarding
“we cannot as a country allow this situation to continue”. his organisation’s security status has recently
become deeply invasive. This may be the price we
It took another four years for the government to agree. In June 2019, the Parliamentary Public have to pay for a more resilient future.
Accounts Committee concluded that the Government’s previous plans “[did] not represent
a resilient security strategy.” Its conclusion was alarmingly that the UK remains particularly Looking forward, it’s clear that cyber security has
become much more of a focus for the UK than it
vulnerable to the threat of cyber attacks. Several recommendations were issued as a result, was 10 years ago. More money is being spent, but
including a long-term coordinated approach to cyber security, with a properly costed budget to crucially more of society is being brought onboard
make sure funds for the programme are suitable for the size of the challenge. in the fight against cyber threats. Let’s hope in
another 10 years we’ll be looking back on a period
The criticisms of the old programme and recommendations for the future seem to have been highly of success for the UK’s new cyber strategy.
influential in this year’s National Cyber Strategy, the UK’s plan to protect its interests in cyberspace.
A We’ll be delving into the UK’s cyber journey at this
huge £22 billion budget will be allocated to researching and developing technology to aid cyber year’s UKsec Cyber Security Summit in London on
security (up from the £1.9 billion budget of the old plan). By comparison, last year France announced 22-23 November 2022. If you liked this article, you
it was allocating only €1 billion to French cyber security. might want to check out our conference agenda.
The theme of the event this year is entering a
Perhaps more important than the funding, however, is the different approach of the 2022 strategy. new stage in UK cyber security. As a thank you for
The new programme promotes a “whole of society approach” to cyber security. This suggests that reading, you can use our special discount code
the view of cyber security as only being within the remit of the IT teams in individual companies is ‘SECINSTITUTE’ to get a free ticket to the event.
a thing of the past. It is now the view of the UK Government that society at all levels, from ordinary Register here: https://uk.cyberseries.io/register/
people right up to the boards of major companies, should be aware of and working towards the
country’s security development. The government emphasises that working in partnership is essential
to success.
44
