U.K. seeks to build “cyber power” via new national cybersecurity strategy
The United Kingdom on Wednesday announced a major update to its national cybersecurity strategy, calling on the country to leverage “cyber power in support of national goals.”
The 130-page plan, which builds on a strategy announced in 2016 that has spanned the last five years, proposes building up domestic knowledge bases and creating resilience in technical supply chains in the face of increasing digital risks to national security—supported by a £2.6 billion ($3.4 billion) investment in cybersecurity.
The plan mentions attacks including the SolarWinds compromise and exploitation of Microsoft Exchange Servers as examples of heightened risks from supply chain vulnerabilities. In recent years, British politicians have grappled with the country’s reliance on foreign infrastructure providers, especially Chinese telecom giant Huawei.
“Our efforts to reduce harm at scale will also include tackling systemic risks from the digital supply chain. Where necessary we will intervene to promote supply chain diversification, as we are doing in telecommunications,” the strategy said.
The strategy defines “cyber power” as “the ability to protect and promote national interests in and through cyberspace.” How countries navigate these issues will help define where the world goes next, with the U.K. 's heavily digitized economy positioned to be both “especially exposed” to the risks and potentially able to seize the opportunities enabled by this age, the strategy argues.
One short-term step in this ”whole-of-society effort” will include the creation of a National Cyber Advisory Board (NCAB) to bring together the public and private sector to tackle issues—similar to the Advisory Committee recently assembled by the Cybersecurity and Infrastructure Security Agency in the United States.
Five general pillars outlined in the strategy are:
Strengthening the UK cyber ecosystem
Building a resilient and prosperous digital UK
Taking the lead in the technologies vital to cyber power
Advancing UK global leadership and influence
Detecting, disrupting and deterring adversaries
Pursuing those pillars, the strategy says, will include securing things that exist purely in the virtual world, but also the logical and physical infractures that underpin that world and where it all increasingly interconnects. Practically, that means addressing issues like cryptocurrency and criminal ransomware gangs, as well as protecting 5G networks and the Internet of Things.
Andrea Peterson
(they/them) is a longtime cybersecurity journalist who cut their teeth covering technology policy at ThinkProgress (RIP) and The Washington Post before doing deep-dive public records investigations at the Project on Government Oversight and American Oversight.