The UK government has published its strategic goals in the run up to 2025 – and cybersecurity is at the heart of them.
In what has been billed as the largest security and foreign policy strategy revamp since the Cold War, the UK government has outlined its new defense priorities – with at their heart, the imperative to boost the use of new technologies to safeguard the country.
On March 16th, Prime minister Boris Johnson unveiled the integrated review, which has been in the making for over a year and will be used as a guide for spending decisions in the future. Focusing on foreign policy, defense and security, the review sets goals for the UK to 2025; and underpinning many of the targets is the objective of modernizing the country’s armed forces.
But, where the government seems to be particularly ambitious, is in the space of cybersecurity: the review promises commitment to a new, “full-spectrum” approach to the UK’s cyber capabilities, to better detect, disrupt and deter adversaries.
Technology has created new opportunities for malicious actors to operate in cyberspace, notes the review, through hacking, spreading disinformation, or carrying out organized crime online, to name a few. State and non-state agents are finding new ways to exploit digital weaknesses, increasing the risk of direct and collateral damage to the UK. “Consequently, cyber power will become increasingly important,” reads the document.
The cyber threat coming from foreign states has been brought to the government’s attention many times in the past. Last year, the UK chief of defense intelligence James Hockenhull warned against the rising challenge posed by Russia and China, which he argued are supercharging conventional methods of conflict while also investing heavily into cyber.
At about the same time, a report from a committee of MPs described Russia’s cyberattack capabilities as an “immediate and urgent threat” to the country’s national security, highlighting examples of Russian hackers intruding into the UK’s critical infrastructure and orchestrating phishing attempts against government departments. The new integrated review proposes to draw up a cyber strategy later this year, which is pitched as taking a “whole-of-cyber” approach that looks at a range of capabilities. On top of strengthening the country’s cyber ecosystem and creating a safer online space, the cyber strategy will establish ways for the UK to take the lead in technologies that are vital to cyber power, such as microprocessors, quantum technologies and new forms of data transmission.
“The UK is due to publish a new National Cyber Strategy later in 2021 and some of the cyber and technology issues highlighted in the Integrated Review are a useful precursor,” James Sullivan, head of cyber research at the Royal United Services Institute (RUSI) said. “Building cyber resilience across the whole of society is the best way to make the most of the opportunities that technology offers.”
Notably, the cyber strategy will focus on actively disrupting the activities of adversaries, by imposing costs on them or denying them the ability to harm UK interests – a step up from a purely defensive approach to cyber security.
Central to the UK’s offensive approach will be the formal establishment of the National Cyber Force (NCF), which the prime minister announced will be headquartered in the north of England in an attempt to create a “cyber corridor” across the region. This will see industry and universities in the north of the country working hand-in-hand with government experts to prevent cyberattacks.
Formed only last year, the NCF is a partnership between the Ministry of Defence (MoD) and the Government Communications Headquarter (GCHQ), which draws personnel from both organizations with experts from the Secret Intelligence Service (MI6) and the Defence Science and Technology Laboratory (DSTL). In other words, it brings key players together for the first time with a common task – to conduct targeted offensive cyber operations against terrorists, hostile states and criminal gangs.
As online attacks only increase in scale and number, the UK government is unlikely to loosen its focus on cyber security. The integrated review highlighted that the National Cyber Security Centre (NCSC), which was established in 2016, is already working at pace to help protect businesses and the public from cyberattacks; and that the cybersecurity sector in the UK currently boasts over 1,200 companies and 43,000 skilled jobs.
The Government paper is available for free download here:
MIC Solutions 