U.K. seeks to build “cyber power” via new national cybersecurity strategy
Image: Kseniia Ilinykh
Andrea Peterson December 15, 2021

U.K. seeks to build “cyber power” via new national cybersecurity strategy

Andrea Peterson

December 15, 2021

U.K. seeks to build “cyber power” via new national cybersecurity strategy

The United Kingdom on Wednesday announced a major update to its national cybersecurity strategy, calling on the country to leverage “cyber power in support of national goals.”

The 130-page plan, which builds on a strategy announced in 2016 that has spanned the last five years, proposes building up domestic knowledge bases and creating resilience in technical supply chains in the face of increasing digital risks to national security—supported by a £2.6 billion ($3.4 billion) investment in cybersecurity.

The plan mentions attacks including the SolarWinds compromise and exploitation of Microsoft Exchange Servers as examples of heightened risks from supply chain vulnerabilities. In recent years, British politicians have grappled with the country’s reliance on foreign infrastructure providers, especially Chinese telecom giant Huawei.

“Our efforts to reduce harm at scale will also include tackling systemic risks from the digital supply chain. Where necessary we will intervene to promote supply chain diversification, as we are doing in telecommunications,” the strategy said.

The strategy defines “cyber power” as “the ability to protect and promote national interests in and through cyberspace.” How countries navigate these issues will help define where the world goes next, with the U.K. ‘s heavily digitized economy positioned to be both “especially exposed” to the risks and potentially able to seize the opportunities enabled by this age, the strategy argues. 

One short-term step in this ”whole-of-society effort” will include the creation of a National Cyber Advisory Board (NCAB) to bring together the public and private sector to tackle issues—similar to the Advisory Committee recently assembled by the Cybersecurity and Infrastructure Security Agency in the United States. 

Five general pillars outlined in the strategy are: 

Strengthening the UK cyber ecosystem

Building a resilient and prosperous digital UK

Taking the lead in the technologies vital to cyber power

Advancing UK global leadership and influence

Detecting, disrupting and deterring adversaries

Pursuing those pillars, the strategy says, will include securing things that exist purely in the virtual world, but also the logical and physical infractures that underpin that world and where it all increasingly interconnects. Practically, that means addressing issues like cryptocurrency and criminal ransomware gangs, as well as protecting 5G networks and the Internet of Things. 

Andrea (they/them) is senior policy correspondent at The Record and a longtime cybersecurity journalist who cut their teeth covering technology policy ThinkProgress (RIP), then The Washington Post from 2013 through 2016, before doing deep dive public records investigations at the Project on Government Oversight and American Oversight. Their work has also been published at Slate, Politico, The Daily Beast, Ars Technica, Protocol, and other outlets. Peterson also produces independent creative projects under their Plain Great Productions brand and can generally be found online as kansasalps.