UK Government Announces New Cyber Strategy to Protect Public Sector
The UK government has unveiled its first ever cybersecurity strategy, which aims to protect essential public sector services from being shut down by hostile threat actors.
In a speech in London today, Chancellor of the Duchy of Lancaster Steve Barclay announced £37.8m in funding to help local authorities boost their cyber-resilience. This will protect essential services and data, such as housing benefits, voter registration, electoral management, school grants and the provision of social care.
Barclay announced a raft of other initiatives to go alongside this funding commitment. This includes a new Government Cyber Coordination Centre (GCCC) to better coordinate responses to attacks on public sector systems and a cross-government vulnerability reporting service to enable security researchers and the public to easily report issues they identify with public sector digital services. In addition, a more detailed assurance regime will be implemented across central government departments.
The strategy is designed to combat surging cyber-attacks on the UK public sector in recent years. Notable examples include the ransomware attacks on Redcar & Cleveland and Hackney Councils in 2020, causing significant disruption and recovery costs. The government revealed that of the 777 incidents managed by the National Cyber Security Centre (NCSC) between September 2020 and August 2021, around 40% targeted the public sector.
Barclay also stated that Britain is now the third most targeted country in the world in cyberspace from hostile states.
He outlined: “Our public services are precious, and without them, individuals can’t access the support that they rely on.
“If we want people to continue to access their pensions online, social care support from local government or health services, we need to step up our cyber-defenses.
“The cyber-threat is clear and growing. But the government is acting – investing over £2bn in cyber, retiring legacy IT systems and stepping up our skills and coordination.”
Commenting on the announcement, Andrew Kays, CEO at Socura, said: “Following other recent government cyber announcements, the UK security industry will welcome the strategy and the understanding that modern public services are completely reliant on digital technology. The UK is highly targeted, and it is important that, as a nation, we defend our ability to support our citizens and the services they rely on. I would question whether £37.8m is enough to help local authorities improve cyber-resilience, given their current level of resources and the threats they face. It may prove to be a drop in the ocean, but at the £2bn investment overall is a significant sum.”
The initiative follows the publication of the UK government’s national cyber strategy at the end of last year.
In a separate announcement today, the Department for Digital, Culture, Media and Sport (DCMS) launched the International Data Transfer Expert Council, which will provide independent advice to the government on facilitating free and secure cross-border data flow following the UK’s departure from the EU. The council is meeting for the first time today and comprises leading academics and industry figures, including Google, Mastercard and Microsoft.
More Stories
Danger USB! Journalists sent exploding flash drives
If you were sent a USB stick anonymously through the post, would you plug it into your computer? Perhaps you'll...
China-Aligned “Operation Tainted Love” Targets Middle East Telecom Providers
The deployment of custom credential theft malware is the main novelty of the new campaign Read More
SharePoint Phishing Scam Targets 1600 Across US, Europe
Cyber-criminals used the scam to steal the credentials for various email accounts Read More
Europe’s transport sector terrorised by ransomware, data theft, and denial-of-service attacks
A new report from ENISA, the European Union Agency for Cybersecurity, looking at cyberattacks targeting the European transport network over...
Security at the core of Intel’s new vPro platform
Intel has introduced its 13th Generation Core processor line, which the company claims is the first to build threat detection...
New Post-Exploitation Attack Method Found Affecting Okta Passwords
The flaw derives from the way the Okta system records failed login attempts to instances Read More