Streamline your cloud experience and maximise your cloud investment with Microsoft Azure-aligned public cloud services.
Host all of your workloads in the most appropriate location while experiencing the simplicity of one cloud from Six Degrees.
Enhance your cyber security and safeguard your organisation with our cyber security strategy and advisory, consultancy, and managed services.
Connect your business through a comprehensive connectivity portfolio delivered via our owned and operated core Next Generation Network (NGN).
Secure your productivity on any device, anywhere, any time.
Streamline your hosting with comprehensive colocation services delivered from three UK data centres.
Gain clarity and control of your 5G estate, ensuring ongoing cost efficiencies are managed on your behalf through our managed service.
Gain confidence in your cloud direction and achieve accelerated time to value through our assured and optimised cloud services.
Master today’s complex threat landscape and protect your business with our intelligence-led security services.
Videos and webinars are a great way to digest the latest technology insights.
Our eBooks and whitepapers provide in-depth insights from our experts.
Our thought leaders publish regular blogs on up-to-the-minute topics.
Learn all about the latest news from Six Degrees as we continue to evolve.
We host regular in-person and virtual events for our clients.
Discover how Six Degrees has driven success for others.
Learn how we enable our clients to achieve more; providing superior secure solutions, powered by our passionate people.
We are proud to partner with many of the world’s leading vendors, enabling you to leverage our continual investment in difference-making technology.
Learn how CNS at Six Degrees delivers intelligence-led security services that protect organisations in today’s hostile landscape.
We are committed to operating in an environmentally and socially conscious way. Learn more about our commitments as a business.
We are proud of our secure cloud credentials. Learn why we’re one of the most highly accredited providers in the UK.
We are a friendly and passionate bunch here. Whether you want to work with us or for us, we think you’ll enjoy the Six Degrees experience.
Home » Blogs » The National Cyber Security Strategy: Looking Beyond 2022
These included the 2009 breach of Google’s corporate servers by Chinese hackers, the 2014 Office of Personnel Management data breach and the Russian-sponsored attacks on the Democratic National Conference (both in the US).
Although Britain had not yet experienced a high-level cyber-attack, it was felt necessary to prepare for such an eventuality, as well as leveraging Britain’s leadership role in information technologies to drive innovative solutions to a growing global threat.
The end product of such concerns was the 2016 National Cyber Security Strategy (NCSS), which aimed to set out a roadmap for ramping up national cyber security over the following five years.
The NCSS is a government-initiated £1.9 billion programme of reinforcement of Britain’s cyber security infrastructure, knowledge base and methodology. During its first phase running from 2016 to 2021, the Strategy had a wide-ranging set of objectives. These included:
It was an ambitious set of objectives, and the NCSS may have suffered by trying to be too many things to too many stakeholders. But it has been the guiding force behind UK cyber security policy since its inception, and is important to understand if you want to plan for future change.
As it draws to a close, the NCSS has achieved some of its objectives, at least in part. In perhaps its most significant move, it established the National Cyber Security Centre, now a fully integrated government department operating on four fronts:
In carrying out these four responsibilities, the NCSC will drive forward the most practical of the NCSS’s aims beyond 2022, as well as becoming an advisory body to the government.
The NCSS also made inroads in addressing the lack of properly qualified and knowledgeable cyber security professionals. Between 2017 and 2019 the cyber security industry experienced remarkable growth, with a 37% increase in employment (from 31,000 individuals to 43,000) as depicted in the NCSS’s 2019 Progress Report. Despite this, however, there remains a cyber security skills gap that organisations of all kinds are struggling to fill.
In 2016 the National Cyber Security Programme included £10 million funding for a Cyber Innovation Fund, £13.5 million for the establishment of a Cyber Innovation Centre, and a Cyber Security Skills Immediate Impact Fund which, as of 2018, was training 170 key individuals.
Regional innovation centres were opened in Cheltenham and London to act as incubators for start-ups in the sector. Further work has been spearheaded to encourage school kids to study cyber security, including the enrolment of over 12,000 students aged 13-18 in a Virtual Cyber School in 2019-20.
These are all good initiatives, and they will pay off over the next decade or more. In the meantime, UK private and public sector organisations will need to find support in other ways — for example, by harnessing the support of managed cyber security specialists that can provide skills on-demand.
In 2019, midway through its lifespan, a damning Public Accounts Committee report revealed that, thus far, the Strategy had only achieved one of its targets (incident management). Although there is a lot to like regarding the NCSS, its broad-reaching objectives have made it difficult to achieve any of them fully. Then, in 2020-21, the largely unforeseeable COVID-19 pandemic accelerated public dependence on IT solutions for work, entertainment, communication, and education, shifting the focus somewhat onto end-user risk management strategies.
The pandemic also underlined the vital importance of cyber security, as it demonstrated our global reliance on information technology and our vulnerability to its being compromised — trends that were already underway. 2017’s WannaCry ransomware attack and the March 2020 breach of the WHO made headline news and provided ample reinforcement of the timely need for a robust national cyber strategy. It seemed that a war was being waged on three fronts — against cybercriminals, cyber-terrorists, and hostile nations.
Over in the US, it became evident in 2020 that potential espionage from global superpowers was perceived to be a significant threat to the US’ cyber sovereignty. The Trump administration’s sanctions on Huawei made it impossible for the Chinese tech provider to use US-manufactured components in their systems. The NCSC analysed the impact this would have on the UK’s national roll-out of the Huawei-powered 5G network. In its report to GCHQ, it concluded that Britain could no longer reliably ensure the cyber security of the network if Huawei was involved.
When the government pulled the plug on UK telecom companies using Huawei 5G technology, the world had a vivid demonstration of the risk of global technology collaboration in an era of geopolitical instability. This decision may have lost the UK some face, it’s true. However, the potential danger of exposing our communication networks to a potentially hostile superpower left the government with no choice. The NCSC’s report made a difficult decision easier to make.
In order to build on the modest successes of the NCSS in the coming decade, what should the priorities be?
In 2019, independent defence and security think-tank RUSI (the Royal United Services Institute) put together a research project to determine the best course for national cyber security beyond 2021. It asked what was more desirable — the likely mainstreaming of cyber security within UK government departments, or the continuation of the NCSC and its arm’s length approach.
Their 2019 briefing paper identified some likely trends:
A key theme overall in the briefing paper is the need for an enhanced role for private sector providers partnering with the public sector and government. As the paper notes “There must be a clear mutual understanding as to where UK government responsibility ends, and private sector accountability begins. This dialogue is at present only in the early stages.”
RUSI does not anticipate there being as big an investment in national cyber programmes in 2021 as there was in 2016, in part due to the debt burden occasioned by the pandemic. It’s not yet clear whether the UK government plans to renew the NCSS, but we should anticipate news soon, and expect at least some of its more vital components to continue.
If the 2020-21 COVID-19 global pandemic has demonstrated anything, it’s how reliant we all are on the technologies we hold in our hands and use in our work, as well as how open even the biggest private sector companies or superpowers are to attack. Cyber-crime alone is predicted to cost the global economy $10.5 trillion by 2025, and remote working has created new cyber security vulnerabilities that need to be taken seriously.
No amount of investment in protecting our public sector from these threats will solve the problem of hackers or foreign agents infiltrating the data held by private sector companies such as Google, Microsoft, or Facebook, not to mention the tens of thousands of business tools we all employ daily, including cloud storage, email services and e-commerce portals.
European and UK GDPR legislation went some way to enforcing a standard for data protection. However, cyber security protocols are a lot more variable, and hidden vulnerabilities are everywhere. How do you assure your clients that their data is safe and that your servers are protected from attack? At Six Degrees, we believe the answer comes down to different ways in which cyber security is approached, and how resources are allocated.
A key lesson for any organisation coming to terms with cyber security threats is that you can never be 100% risk free. It’s important to build a cyber security process that takes this into account and is able to respond flexibly to changing circumstances. We’ve come to call this mindset the Cyber Security Journey.
At Six Degrees we offer managed security services, penetration testing and managed detection and response (MDR). Any organisation that comes to us for consulting services will be advised to think about cyber security as a circular process with stages including:
By moving through this process, you will be able to iteratively assess your vulnerabilities and develop more robust solutions based on in-life feedback and real-world results. Critically, you are able to keep your organisation secure without grinding operations to a halt. Long-term, we believe that integrating cyber security into your culture and taking an iterative approach is critical to match the challenges of the shifting threat landscape.
Get in touch if you want to learn more, or check out our free resource — Planning For the Future of Cyber Security Today.
As the UK continues to phase out 3G…
Whether they admit to it or not, most…
We are proud to announce that Six Degrees…
The Digital Operational Resilience Act (DORA) entered into…
More information on our Privacy and Cookies Policy can be found here: https://www.6dg.co.uk/privacy-cookies/. You can update how we contact you in the future by visiting our Communications Preference Centre here: https://www.6dg.co.uk/preference-centre/.