UK steps up defence with first ever Cyber Security Strategy to protect public services

Posted: 22/03/2022

Given the increasing volume, sophistication and severity of cyberattacks, it is unsurprising that governments are stepping up their defence efforts. Earlier this year, the UK Government launched its first ever Government Cyber Security Strategy, aimed at protecting those public services which are relied upon most in the UK.

It was reported recently that the UK is currently the third most targeted country in the world by cybercriminals. Of these attacks, a significant number have been aimed at the public sector. The National Cyber Security Centre reported that 40% of all incidents it managed between September 2020 and August 2021 were targeting the UK’s public sector.

The Government is backing the scheme by investing £37.8 million to help local authorities boost their cyber resilience. These funds will be made available in order to protect essential services, such as housing benefits, voter registration, electoral management, school grants and the provision of social care. The Government is also investing over £2 billion in cybersecurity defence efforts by retiring legacy IT systems and stepping up the UK’s skills and coordination efforts in this sector.

As part of increased coordination across the public sector, the strategy also establishes a new Government Cyber Coordination Centre (GCCC) based in the Cabinet Office. The GCCC will rapidly identify, investigate, and coordinate the Government’s response to attacks on public sector systems. The new approach forms part of the “Defend As One” campaign.

In addition to these core initiatives and investments, the following have been announced as key parts of the new strategy:

• A new vulnerability reporting service, which allows security researchers and members of the public to easily report issues identified with public sector digital services.
• A new governmental assurance regime, including robust assessments of departmental plans and vulnerabilities, in order to provide a more detailed picture of the government’s cyber health for the first time.
• New projects in partnership with small businesses and academics, aimed at reducing government risk through a change in culture.
• Taking greater steps to understand the growing supply chain risk in government systems and ensuring security is a critical part of procurement moving forward.

Further details of the Cyber Security Strategy can be found here.

Away from the public sector, plans are also afoot for further changes in the UK. New legislation has been proposed to improve the UK’s cyber resilience, which will also have application to the private sector. Details of that consultation can be found here.

The PMC cross-departmental cybersecurity team recently held a webinar on this topic, and if you would like to learn more, a link to the recording can be found here.

This article has been co-written with Shaan Mehra, trainee solicitor.

Return to news headlines