BLOG: What about UK Cyber Security leader?

08/03/21

Recently, on February 22, the US Department of Homeland Security announced the steps the Biden Administration would be taking to put cyber security at the forefront of its agenda across President Biden’s Administration.

“Cybersecurity is more important than ever, and we will build on the Department’s excellent work as we transform our whole-of-government approach to tackle the challenge we face as a nation,” said Secretary for Homeland Security Alejandro N. Mayorkas. Announcing funding for new grant programmes enabling critical security investments, Secretary Mayorkas pledged that “[t]his week is just the beginning of a series of actions DHS will pursue nationally and internationally to improve cybersecurity at all levels.”

Importantly, in making the announcements, he several times referred to the need for the US Government to work with private sector organisations in tackling cyber threats. The US operates a public-private partnership for cyber defence similar to that which exists in the UK.

After a period in which cyber security was lower on the US Government’s agenda, President Biden and his Administration have made clear they want to provide a leadership role in the cyber security community, both domestically and internationally.

But the US stepping forward like this points to an obvious question – what role does the UK Government see for itself on these issues?

As we await the publication of the UK Government’s Integrated Review in the next few weeks – and within it, we hope, at least early signs of the UK’s future vision for cyber, recent moves have been encouraging. The announcement of the National Cyber Force, the creation of the UK Cyber Security Council to set standards and define career learning paths for the sector, government funding to improve the cyber resilience of UK organisations’ technology infrastructure and digital devices have all been well received.

But it is hard not to look at the UK landscape and feel we need a counterpart to Secretary Mayorkas and his colleagues in newly created – and focused - cyber security posts in the US that can work across Government to drive forward the cyber agenda. Currently, the National Cyber Security Centre (NCSC) sits under the authority of the Foreign Secretary. The responsibility for promoting growth in the cyber security sector sits with the Department for Digital, Culture, Media & Sport, important aspects of cyber crime and cyber security policy reside in the Home Office, and the drawing up of the next National Cyber Security Strategy is being done in the Cabinet Office.

Despite this disparate approach, the UK has actually had some considerable success in its cyber policy to date, but that risks fading given that the cyber agenda’s early champion – George Osborne – has long left Government.

Osborne announced plans for the creation of the NCSC – one of the success stories of the UK’s cyber response – in November 2015. He chaired the now disbanded Cabinet Committee on Cyber, where he “[saw] the huge collective effort required to keep our country safe from cyber attack; the range of threats we face; and how this will be one of the great challenges of our lifetimes”. And he announced the £1.9bn investment from 2016 – 2021 as a key part of the Spending Review – saying “It is right that we choose to invest in our cyber defences even at a time when we must cut other budgets.”

While complicated machinery of government changes would be a distraction, the Government would do well to appoint a Cyber Champion with the ability to work across government and the clout to pick up where George Osborne left off. A Cyber Champion would be able to get to grips with all of the issues and bring people along with them in their long-term commitment to build on previous success.

And a Cyber Champion who could take a long view to cement the UK as a global cyber leader, and who would be exceptionally well placed to tackle some of the issues that have proved more difficult in the past, including long overdue reforms like making the Computer Misuse Act fit for the 21st century.