UK Government Announces New Cyber Strategy to Protect Public Sector

The UK government has unveiled its first ever cybersecurity strategy, which aims to protect essential public sector services from being shut down by hostile threat actors.

In a speech in London today, Chancellor of the Duchy of Lancaster Steve Barclay announced £37.8m in funding to help local authorities boost their cyber-resilience. This will protect essential services and data, such as housing benefits, voter registration, electoral management, school grants and the provision of social care.

Barclay announced a raft of other initiatives to go alongside this funding commitment. This includes a new Government Cyber Coordination Centre (GCCC) to better coordinate responses to attacks on public sector systems and a cross-government vulnerability reporting service to enable security researchers and the public to easily report issues they identify with public sector digital services. In addition, a more detailed assurance regime will be implemented across central government departments.

The strategy is designed to combat surging cyber-attacks on the UK public sector in recent years. Notable examples include the ransomware attacks on Redcar & Cleveland and Hackney Councils in 2020, causing significant disruption and recovery costs. The government revealed that of the 777 incidents managed by the National Cyber Security Centre (NCSC) between September 2020 and August 2021, around 40% targeted the public sector.

Barclay also stated that Britain is now the third most targeted country in the world in cyberspace from hostile states.

He outlined: “Our public services are precious, and without them, individuals can’t access the support that they rely on.

“If we want people to continue to access their pensions online, social care support from local government or health services, we need to step up our cyber-defenses.

“The cyber-threat is clear and growing. But the government is acting – investing over £2bn in cyber, retiring legacy IT systems and stepping up our skills and coordination.”

Commenting on the announcement, Andrew Kays, CEO at Socura, said: “Following other recent government cyber announcements, the UK security industry will welcome the strategy and the understanding that modern public services are completely reliant on digital technology. The UK is highly targeted, and it is important that, as a nation, we defend our ability to support our citizens and the services they rely on. I would question whether £37.8m is enough to help local authorities improve cyber-resilience, given their current level of resources and the threats they face. It may prove to be a drop in the ocean, but at the £2bn investment overall is a significant sum.”

The initiative follows the publication of the UK government’s national cyber strategy at the end of last year.

In a separate announcement today, the Department for Digital, Culture, Media and Sport (DCMS) launched the International Data Transfer Expert Council, which will provide independent advice to the government on facilitating free and secure cross-border data flow following the UK’s departure from the EU. The council is meeting for the first time today and comprises leading academics and industry figures, including Google, Mastercard and Microsoft.

What’s Hot on Infosecurity Magazine?