The United Kingdom has launched its first ever Government Cyber Security Strategy, to further protect public services people rely on. The U.K. is now the third most targeted country in the world in cyberspace from hostile states.
The new strategy will be backed by £37.8 million invested to help local authorities boost their cyber resilience – protecting the essential services and data on which citizens rely on including housing benefit, voter registration, electoral management, school grants and the provision of social care.
Of the 777 incidents managed by the U.K.’s National Cyber Security Centre between September 2020 and August 2021, around 40% were aimed at the public sector. In 2020, both Redcar & Cleveland and Hackney Councils were hit by ransomware attacks impacting council tax, benefits and housing waiting lists. Gloucester City Council was then the subject of a further cyber attack in 2021.
Members of the public will also be able to contribute to the effort, with a new vulnerability reporting service allowing individuals to report weaknesses in digital services.
The strategy will make core government functions, such as the delivery of essential public services, more resilient than ever before to cyber attack from malicious actors.
It follows the recent publication of the National Cyber Security Strategy, which called on all parts of society to play their part in reinforcing the UK’s economic strengths in cyberspace, through more diversity in the workforce, leveling up the cyber sector across all U.K. regions, expanding offensive and defensive cyber capabilities and prioritizing cyber security in the workplace, boardrooms and digital supply chains.
Key announcements in the strategy include:
- Establishing a new Government Cyber Coordination Centre (GCCC), to better coordinate cyber security efforts across the public sector. Building on successful private sector models, such as the Financial Sector Cyber Collaboration Centre, the GCCC will rapidly identify, investigate and coordinate the government’s response to attacks on public sector systems. The center will be based in the Cabinet Office and will ensure that data is rapidly shared.
- A new cross-government vulnerability reporting service, which will allow security researchers and members of the public to easily report issues they identify with public sector digital services. This will enable organizations to more quickly fix any issues identified.
- A new, more detailed assurance regime for the whole of government, which will include robust assessment of departmental plans and vulnerabilities. This will give central government a more detailed picture of government’s cyber health for the first time.
- £37.8 million invested into local authorities for cyber resilience – protecting the essential services and data on which citizens rely on including housing benefit, voter registration, electoral management, school grants and the provision of social care.
- An innovative project to reduce government risk through culture change, in partnership with small businesses and academia.
- Stepped up work to understand the growing risk from the supply chains of commercially provided products in government systems, ensuring security is a key part of procurement and working with industry on cyber vulnerabilities.
The strategy is centered around two core pillars, the first focussing on building a strong foundation of organizational cyber security resilience; and the second aimed at allowing government to ‘defend as one’, harnessing the value of sharing data, expertise and capabilities.