A new approach for cyber security in the UK

National Cyber Security Centre chief executive, Ciaran Martin, has outlined the UK’s new approach to cyber security at the Billington Cyber Security Summit in Washington DC.

Martin, the first chief executive of the NCSC, set out how the new organisation will adopt a more active posture in defending the UK from the range of cyber threats the UK currently faces, as well as the need for government, industry and law enforcement to work in even closer partnership.

Rather than relying on private sector efforts to contain online attacks against British users and organisations, the government now recognises it must take the lead on information security.

“If we’re to maintain confidence in the digital economy, we’ve got to tackle this end of the problem,” Martin told the Summitt. “I believe there’s a legitimate role for the government in taking a lead… at least temporarily. This is the thinking behind our strategy.”

He said twice as many “national-security-level cyber-incidents” were detected in 2015 compared with the year before, adding up to about 200 per month, while the NAO noted that the 17 largest government departments recorded 8,995 data breaches in 2014-15.

“If we’re going to retain confidence in our increasingly digitised economy, we have to make sure that everyone – our private citizens, our small businesses, our not-for-profits, as well as our largest and most pivotal public and private institutions – can do business in a digital environment that is fundamentally safer than it is now,” added Martin. “And to do that means using technology to automate our defences against these unsophisticated but prolific attacks.

“This really matters for the UK. The Government I work for is charged with helping to protect a highly digitalised economy, which by some measures is the most digitally advanced, and therefore dependent, in the world.”


Damning report

However, a damning NAO report timed to coincide with Martin’s appearance said that overall the coordination of central government’s information security efforts remained confused, even as recent trends toward information sharing tended to increasingly expose sensitive data to attacks.

As of April of this year there were at least 12 separate teams or organisations at the centre of government with overlapping roles in protecting information, the NAO found.

While the NCSC’s formation should “bring together much of government’s cyber expertise” the NAO warned that in its view “wider reforms will be necessary” and currently reporting personal data breaches is “chaotic” with different departments’ mechanisms making it impossible to collect coherent data.

“The Cabinet Office does not currently provide a single set of standards for departments to follow, and does not collate or act upon those weaknesses it identifies,” the NAO stated.

Related reading