Concerns have been raised about the National Cyber Security Strategy Programme and whether its design to deliver is insufficient.
The National Cyber Security Centre (NCSC) has dealt with 1,100 cyber-security incidents since its establishment in October 2016. The report discusses how the threat of cyber-attack is evolving fast and becoming technically more complex “with the boundaries between state-orchestrated attacks and those of cyber criminals increasingly blurred”.
To counter this threat in 2010, the government published two, five-year strategies (National Cyber Security Strategy 2011-2016, and National Cyber Security Strategy 2016–2021). Currently the department is starting to make progress in meeting the strategic outcomes of the current strategy (2016-2021).
However, due to weak evidence that the National Cyber Security Programme is delivering the strategy efficiently enough, it remains “unclear whether the money allocated at the start of the Programme was the right amount, making it more difficult to judge value for money”. As a recommendation, the department should ensure a properly costed business case is produced to ensure any follow on, long-term and coordinated approach to cyber security.
Furthermore another recommendation in the report is that the department should write to the Public Accounts Committee (PAC) by November 2019, setting out what progress it is making in using evidence-based decisions in prioritising cyber security work.
The report also raised concerns about how little has been done to enhance cyber security throughout the economy to better protect consumers, stating that “there is currently no ‘traffic light’ or ‘kitemark’ system to inform consumer choice on how cyber secure the products they buy are, unlike recognised standards in other areas—such as food safety”.
PAC chairwoman Meg Hillier commented:
“With its world-leading digital economy, the UK is more vulnerable than ever before to cyber-attacks. As the likelihood of these attacks continues to grow, the UK needs to protect itself against the risks created by more and more services going online.
“In the interest of national security, the Cabinet Office need to take a long-term approach to protecting against the risk of cyber-attacks: future plans should be based on strong evidence, business cases should be rigorously-costed to ensure value for money, and strategic outcomes and objectives should be clearly defined.”
Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.