How is Britain’s ₤ 1.3 bn National Cyber Security Strategy going? Nobody really cares any more– even the Cabinet Office, evaluating by its most current progress report.
In a report provided this week the Cabinet Office waffled for several 10s of pages stating just how much work Britain’s various governmental organs had done that slightly fits under the banner of the National Cyber Security Technique.
Yet no place in the report did it explicitly state “we have done what the technique was meant to achieve”. Neither did it say it had actually missed its objectives, or state exactly where ₤ 1.3 bn of public money had actually gone– despite the fact that the five-year strategy ends in a few months.
Penny Mordaunt MP, the Paymaster General (aka Cabinet Office minister Michael Gove’s bag carrier and cyber security minister) said in the report’s foreword: “Our approach to cyber security method post 2021 will reinforce the result of the existing Integrated Evaluation of the UK’s foreign, defence, security and development policy.”
Aside from that, about the only concrete thing the report did state was that the next overarching national infosec strategy would be baked into the long-delayed Integrated Evaluation, which will be the cornerstone of Britain’s foreign policy in years to come. Cyber security having actually been enthusiastically embraced by the more military-minded side of federal government, it seems 2016’s priorities are a long way from what civil servants want to do in the instant future.
While the Cabinet Office progress report contains some information of things attained over the previous year (varying from “released a cyber security toolkit” to releasing expert authorities cyber criminal offense systems), the report does not relate these to any of its “tactical outcomes” beyond merely recreating them as haphazard bullet points.
Industry, however, will be pleased to keep in mind that UK infosec exports were apparently worth ₤ 3.96 bn in 2019, a boost of almost ₤ 2bn on the previous year. This suggests government is beginning to see that an infosec sector that flourishes by itself 2 feet, rather than one that exists simply to serve UK federal government agreements, is a valuable thing.
As the Royal United Provider Institute think tank said in 2015 when it published[PDF] a paper on the future of the method:
Despite online security clawing its method up the federal government’s list of top priorities, it appears that the National Cyber Security Method has been mainly overtaken by occasions. Earlier this month the worst-kept trick in Whitehall, the presence of the National Cyber Force, was exposed to the world, while the Foreign Workplace has gleefully swung from the coat-tails of the EU and the United States Department of Justice as the bodies enforced global sanctions and criminal charges on private Russian hackers
Back in 2016 the UK restored its ₤ 1.9 bn cyber security spending promise, a splurge that gave birth to the National Cyber Security Centre and planted the seeds for Britain’s newly acknowledged National Cyber Force state-sponsored hacking crew.
Three years later on the National Audit Workplace (NAO) huffed that the Cabinet Office wasn’t doing extremely well on the plan, known by then as the National Cyber Security Program— but said that embarrassed civil servants had actually pulled away behind undefined “security factors” to gag the NAO from stating specifically what had failed.
While that might or might not have been a consider the Cabinet Workplace’s report being as uninspiring as it is, it is clear that Britain is on the edge of an essential shift in how both public and private sectors approach the subject of cyber security. ®